Terms and Conditions

1. Performance of Services

1.1 Provision of services

(a) During the Term, CyberCX agrees to perform the Services as set out in a Proposal, quote or SOW (as relevant) and any acceptance and delivery will only be in accordance with the terms of this Agreement, and no other terms or conditions contained in any other Client document will apply or be incorporated. The Client acknowledges and agrees that the Services may be performed and invoiced by CyberCX or any of its Affiliates.
(b) CyberCX agrees to:
{i} comply with all reasonable directions of the Client and all applicable laws in connection with the performance of its obligations;
{ii} comply with all reasonable health and safety policies of the Client whilst on the Client’s site as provided to CyberCX prior to commencing the work; and
{iii} use reasonable endeavours to have any specific personnel identified in a Proposal, quote or SOW available to perform the Services and provide the Client reasonable notice if it intends to replace or reassign such personnel.
(c) The Client agrees to cooperate with CyberCX in supplying the Services or any Products, including:
{i} providing CyberCX with safe and timely access and authorisation to access and use the Client’s Systems, personnel, facilities, site and utilities as reasonably required;
{ii} providing CyberCX with any requested information relevant to the provision of the Services in a timely and accurate manner;
{iii} ensuring its Systems are backed-up and recoverable prior to and at all times during the performance of the Services; and
{iv} comply with all reasonable requests or directions of CyberCX for the purpose of facilitating the supply of the Services and Products.
(d) The Client acknowledges and agrees that CyberCX will not be liable or in breach of the Agreement if the Services impact the information or operating Systems of the Client.

1.2 Use of subcontractors

(a) CyberCX will be liable for:
{i} the performance of its subcontractors obligations; and
{ii} provision of the Services by its subcontractors.

1.3 Provision of Products

(a) At any time during the Term the Client may request to purchase any Products offered for sale by CyberCX and set out within this Agreement by submitting a purchase order to CyberCX.
(b) The purchase order must explicitly reference this Agreement and set out the type and quantity of the Product/s to be purchased and the desired date for delivery of the Products.
(c) CyberCX will provide the Client written notification of acceptance or rejection of the purchase order, the proposed delivery date along with any variable price changes (including exchange rate, delivery or third party pricing changes) as relevant for the purchase of the Products. Failure by CyberCX to confirm receipt of the purchase order shall not be taken to be an acceptance of that purchase order.
(d) All risk in any Products transfers to the Client upon delivery of the Product to the Client and title passes on payment in full.

1.4 Access and delays

(a) Where CyberCX reasonably requests information or access to any Client premises or systems necessary for the Services at least five (5) Business Days prior to commencement and/or provision of the Services, and that information or access is not available at time of scheduled commencement and/or provision of the Services, CyberCX will be entitled to charge the Client for any resulting delays based on reasonable daily rates until that information or access is provided.
(b) If the Client requests CyberCX to cancel, delay or reschedule the Services with less than three (3) Business Days’ notice before the commencement of the Services, the Client must pay CyberCX its reasonable costs associated with such cancelation, delay or rescheduling. The Client acknowledges that the costs payable under this clause are a genuine pre-estimate of the damages that CyberCX is likely to suffer as a result of the Client’s failure to give CyberCX adequate notice of a cancelation, delay or rescheduling of the start date.

2. Security testing and digital forensics services

To the extent the Services include:

(a) vulnerability testing, phishing and/or penetration testing, the terms of Attachment A apply; and
(b) digital forensics and incident response services, the terms of Attachment B apply.

3. Governance Risk and Compliance

(a) To the extent the Services include governance, risk or compliance services, this clause 3 applies.
(b) The Client shall be solely responsible for ensuring that the specifications relating to the Products and Services, and the use of the Products and Services, satisfies all of the Client’s legal and regulatory obligations and any other Client compliance requirements including, without limitation, compliance by the Client with any statute, regulation, corporate governance matters and internal company policies.
(c) Nothing in the Contract requires CyberCX to ensure, recommend or facilitate the Client’s compliance with any matter referred to in this clause, except to the extent prescribed in the specifications, Proposal, or SOW and the Client acknowledges that it has obtained its own advice on such compliance matters.

4. Term

Unless otherwise terminated in accordance with clause 11, this Agreement
commences on the earlier day of CyberCX providing the Services, the
acceptance of a Client purchase order or as otherwise agreed in writing and
continues for the duration set out in the Proposal, quote or SOW.

5. Invoices and Payments

(a) The Client must pay CyberCX for the provision of the Services and for the supply of any Products, as set out in an invoice issued by CyberCX.
(b) CyberCX will issue invoices as set out in the Proposal, quote or SOW, or otherwise at the end of the month in which the Services are delivered, or at milestones or upon acceptance of a Product order.
(c) The Client must pay all invoices within 30 days of the invoice date by electronic funds transfer to an account as specified by CyberCX in the invoice.
(d) All fees and prices are provided exclusive of all applicable taxes, duties, Value Added Tax (VAT) and government charges. If VAT is payable for any supply made by CyberCX under this Agreement, Client must pay any applicable VAT or government charges with the amounts due.
(e) If CyberCX does not receive payment strictly in accordance with clause 5(c), CyberCX may charge the Client interest and statutory compensation pursuant to the Late Payment of Commercial Debts (Interest) Act 1998.
(f) The Client may not set-off, counterclaim or deduct any amount from an amount owing to CyberCX.
(g) The Client must notify CyberCX in writing of any disputed invoices within 5 Business Days of receipt detailing the amount and the reason for the dispute.

6. Intellectual Property

6.1 Intellectual Property in Deliverables and provision of Services

(a) Subject to clauses 6.2 and 6.3, all intellectual property rights in the Deliverables, the Services and any other material created by CyberCX in delivering the Services remain the property of CyberCX.
(b) Subject to clause 6.3, CyberCX grants the Client a non-exclusive, non-transferable, non-sub licensable, royalty free license to use in the UK the intellectual property rights in the Deliverables (excluding the Third Party Material and the Client Data) and any other material created by CyberCX in delivering the Services for the sole and limited purpose of enjoying the benefit of the Services as set out in the Proposal, quote or SOW.

6.2 Background IP

Each party at all times retains all title and ownership in its own Background IP.

6.3 Third party intellectual property

- (a) In providing the Services, CyberCX may provide the Client with software or Deliverables that are, or include, software or other material which is owned by or is proprietary to a third party (Third Party Material). The Client agrees that:
  {i} its use of Third Party Material will be subject to the third party licensor’s licence agreement (Third Party Licence) between the Client and the third party licensor; and
  {ii} title in any Third Party Material remains at all times with the third party.
- (b) Subject to clause 6.3(a), CyberCX warrants that, to the best of its knowledge and belief, all materials and Deliverables created by CyberCX in delivering the Services, when used by the Client in accordance with this Agreement, will not infringe any intellectual property rights of any third party.

7. Confidentiality

(a) Each party agrees that where it, its Personnel, or its Affiliates, are the recipient of Confidential Information (Recipient) of the other party (Disclosing Party), the Recipient must:{i} subject to clause 7(b), treat all Disclosing Party’s Confidential Information as confidential and not use it except as reasonably necessary for the purposes of this Agreement;
{ii} ensure that the Disclosing Party’s Confidential Information is held in strict confidence and is not disclosed to any third party (subject to any legal requirement on the Recipient to disclose the Disclosing Party’s Confidential Information) without the Disclosing Party’s prior written consent, and then only under conditions of confidentiality approved in writing by the Disclosing Party;
{iii} immediately notify the Disclosing Party in writing if the Recipient suspects that any Disclosing Party’s Confidential Information may have been accessed by any unauthorised party;
{iv} use, at a minimum, the same degree of care with respect to its obligations to protect the confidentiality of the Disclosing Party’s Confidential Information under this Agreement as it employs with respect to its own confidential or proprietary information, but in no event less than reasonable care; and
{v} upon request by the Disclosing Party or termination of this Agreement, promptly deliver to the Disclosing Party all written documents or other physical embodiments containing the Disclosing Party’s Confidential Information then in its custody, control or possession and must deliver within 10 days after such termination or request a written statement to the Disclosing Party certifying to such action.
(b) The restrictions in this clause 7 do not apply to the extent that any Confidential Information is required to be disclosed by any law or regulation, by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of either party on any recognised stock exchange. Nothing in this Agreement is intended to oblige the Recipient to return or destroy any document, data or information incorporated into or annexed to anything which must be retained for compliance purposes, contained in systems, archives or backups which cannot be practicably deleted or information which must be retained as required by Law, any accounting standard or the rules of any stock exchange or for sound corporate governance purposes.
(c) Unless otherwise agreed in writing by the Disclosing Party, the obligations of confidentiality in clause 7(a)(i) do not apply to the extent the Confidential Information:
{i} has been lawfully disclosed to the Recipient by a third party free from obligations of confidentiality; or
{ii}is in the public domain (other than through a breach of this Agreement).
(d) The provisions of this clause 7 shall continue in force indefinitely following the termination of this Agreement.

8. Privacy

(a) Each party shall comply with the Data Protection Laws with respect to the processing of the Client Personal Data.
(b) The Client warrants to CyberCX that the Client has the legal right to disclose all Personal Data that it does in fact disclose to CyberCX under or in connection with this Agreement.
(c) In relation to the Client Personal Data processed under this agreement, Attachment C sets out the subject matter of and duration of the processing, the nature and purpose of the processing, the type of personal data processed and the categories of data subject.
(d) CyberCX shall only process the Client Personal Data on the documented instructions of the Client (including with regard to transfers of the Client Personal Data to a third country under the Data Protection Laws), as set out in this Agreement or any other document agreed by the parties in writing.
(e) The Client authorises CyberCX to make the following transfers of the Client Personal Data:
{i} CyberCX may transfer the Client Personal Data to its third party processors in the jurisdictions identified in the list of CyberCX Sub-Processors in Attachment C and may permit its third party processors to make such transfers, providing that such transfers must be protected by any appropriate safeguards identified therein;
{ii} CyberCX may transfer the Client Personal Data to a country, a territory or sector to the extent that the competent data protection authorities have decided that the country, territory or sector ensures an adequate level of protection for Personal Data;
{iii} CyberCX may transfer the Client Personal Data from the UK to the EEA, and may permit its third party processors to do so, in any period during which EEA states are not treated as third countries under the UK GDPR or during which EEA states benefit from adequacy regulations under the UK GDPR; and
{iv} CyberCX may transfer the Client Personal Data from the EEA to the UK, and may permit its {iv} third party processors to do so, in any period during which the UK is not treated as a third country under the EU GDPR or during which the UK benefits from an adequacy decision under the EU GDPR.
(f) CyberCX shall promptly inform the Client if, in its opinion, any of the Client instructions relating to the processing of the Client Personal Data infringes the Data Protection Laws.
(g) Notwithstanding any other provision of this Agreement, CyberCX may process the Client Personal Data if and to the extent that CyberCX are required to do so by applicable law. In such a case, CyberCX shall inform the Client of the legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
(h) CyberCX shall ensure that persons authorised to process the Client Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
(i) CyberCX and the Client shall each implement appropriate technical and organisational measures to ensure an appropriate level of security for the Client Personal Data. CyberCX will take reasonable precautions within its own control to prevent any unauthorised access to or alteration of the Client Data
(j) CyberCX must not engage any third party to process the Client Personal Data without the Client’s prior specific or general written authorisation. CyberCX is authorised by the Client to engage, as sub-processors with respect to the Client Personal Data, the third parties (with the applicable transfer mechanism identified therein) set out in the list of CyberCX Sub-Processors in Attachment C. Such list may be updated by CyberCX from time to time by notice to the Client. If the Client objects to any such changes before implementation, then CyberCX shall attempt to address the Client objections to the Client’s reasonable satisfaction but if that is not possible then CyberCX may nevertheless engage such third party processor. CyberCX shall ensure that each third party processor is subject to substantially equivalent legal obligations as those imposed on CyberCX by this clause 8.
(k) CyberCX shall, insofar as possible and taking into account the nature of the processing, take appropriate technical and organisational measures to assist the Client with the fulfilment of the Client’s obligation to respond to requests exercising a data subject’s rights under the Data Protection Laws.
(l) CyberCX shall assist the Client in ensuring compliance with the obligations relating to the security of processing of personal data, the notification of personal data breaches to the supervisory authority, the communication of personal data breaches to the data subject, data protection impact assessments and prior consultation in relation to high-risk processing under the Data Protection Laws. CyberCX may charge the Client at its standard time-based charging rates for any work performed by CyberCX at the request of the Client pursuant to this clause 8(l).
(m) CyberCX must notify the Client of any Personal Data breach affecting the Client Personal Data without undue delay and, in any case, not later 72 hours after CyberCX become aware of the breach.
(n) CyberCX shall make available to the Client all information necessary to demonstrate its compliance with its obligations under this clause 8 and the Data Protection Laws. CyberCX may charge the Client at its standard time-based charging rates for any work performed by CyberCX at the Client’s request pursuant to this clause 8(n).
(o) CyberCX shall, at the choice of the Client, delete or return all of the Client Personal Data to the Client after the provision of services relating to the processing, and shall delete existing copies save to the extent that applicable law requires storage of the relevant Personal Data.
(p) CyberCX shall allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client in respect of our compliance of our processing of the Client Personal Data with the Data Protection Laws and this clause 8. CyberCX may charge the Client at our standard time-based charging rates for any work performed by CyberCX at the Client request pursuant to this clause 8(p), providing that no such charges shall be levied where the request to perform the work arises out of any breach by CyberCX of the Agreement or any security breach affecting its systems.
(q) If any changes or prospective changes to the Data Protection Laws result or will result in one or both parties not complying with the Data Protection Laws in relation to processing of Personal Data carried out under this Agreement, then the parties shall use their best endeavours promptly to agree such variations to this Agreement as may be necessary to remedy such non-compliance.

9. Warranties

(a) CyberCX warrants:
{i} it has the power, capacity and authority to enter into and observe its obligations under this Agreement;
{ii} the Services will be provided by exercising the same degree and skill, care and diligence that would be exercised by a professional services provider in the same industry in similar circumstances;
{iii} it and its personnel are appropriately trained and experienced to provide the Services; and
{iv} any Products sold to the Client or supplied in the performance of the Services substantially meet the relevant specifications or descriptions set out in the Proposal, quote or SOW.
(b) Any representation, warranty, condition or undertaking that would be implied in this Agreement by legislation, common law, equity, trade, custom or usage is excluded to the maximum extent permitted by law.
(c) To the fullest extent permitted by law, the liability of CyberCX for a breach of the warranties in clause 9 (a)(ii) to (a)(iv) is limited, at CyberCX’s option, to:
{i} the replacement, resupply or repair of the relevant Products;
{ii} the resupply of the relevant Services; or
{iii} the payment of the cost of having the relevant Services or Products resupplied or repaired.

10. Liability

(a) Subject to any third party restrictions, CyberCX indemnifies the Client for any direct Loss suffered by the Client arising from or related to third party Intellectual Property claims against the Client caused or contributed to by CyberCX, except to the extent caused or contributed to by the Client’s or its Personnel’s acts or omissions and subject to:
{i} the indemnification that CyberCX receives from an owner in relation to any relevant third party intellectual property;
{ii} the Client taking all reasonable steps (and ensuring its employees, agents, officers and contractors take all reasonable steps) to mitigate their loss; and
{iii} the Client (and its employees, agents, officers and contractors where relevant) permitting CyberCX to manage any relevant claim or action in the name of the Client (or any relevant employee, agent, officer or contractor of the Client).
(b) Subject to clause 11(c) and 11(d), CyberCX’s total aggregate liability to the Client in respect of any and all Losses incurred by the Client (whether for breach of contract, in tort (including negligence) or otherwise) arising out of or in connection with the carrying out of the Services or supply of the Products under this Agreement is limited to twice the amount paid by the Client to CyberCX under a Proposal, quote or SOW in the 12 months preceding the event giving rise to the Loss, to a maximum of £200,000.
(c) Nothing in this Agreement shall limit or exclude either party’s liability for:
{i} personal injury or death caused by its negligence or the negligence of its personnel, agents or subcontractors;
{ii} fraud or fraudulent misrepresentation;
{iii} breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession); or any other liability which cannot be limited or excluded by applicable law.
(d) Subject to clause 10(f), nothing in this Agreement shall limit or exclude either party’s liability for its indemnity obligations set out in this Agreement.
(e) To the maximum extent permitted by law, CyberCX is not responsible and excludes all liability for any Loss to the Client’s Systems or any data or information of the Client arising from or in connection with the supply of the Services or the Products by CyberCX.
(f) Subject to clause 10(c), under no circumstances will CyberCX be liable to the Client for any indirect or consequential loss that does not arise naturally (that is, according to the usual course of things) from the event giving rise to the loss or any loss of profits, loss of production, loss of revenue, loss of business, loss of goodwill, damage to reputation, loss of opportunity, loss or corruption of data or wasted overheads.

11. Termination

(a) Either party may terminate the Agreement with immediate effect if the other party is:
{i} in material breach of the Agreement and where the breach is remediable that defaulting party fails to remedy the breach within 14 days of receiving notice of the breach;
{ii} subject to an Insolvency Event; or
{iii} subject to an Event of Force Majeure which continues for a period of more than 90 days.
(b) Upon termination of this Agreement for any reason:
{i} CyberCX will cease providing the Services and Products; and
{ii} the Client must pay to CyberCX all outstanding amounts for Services actually performed or Products ordered by the Client.
(c) Termination of this Agreement does not affect a liability or any obligation of a party arising prior to termination nor affect any damages or other remedies which a party may be entitled under this Agreement.
(d) On expiry or termination of this Agreement:
{i} Clauses 7 (Confidentiality), 8 (Privacy), 9 (Data Security), 10 (Warranties), 11 (Liability), 12(b) (Termination) and 13 (Non-solicitation) continue in full force and effect; and
{ii} all rights, obligations and liabilities a party has accrued before expiry or termination continue.

12. Non-Solicitation

During the Term and for a period of 12 months after completion of the Term, the Client must not, and must procure its Affiliates do not, offer work to, solicit or induce for employment, employ, or contract with, CyberCX’s Personnel who are involved with the provision of the Services, without first obtaining the written consent of CyberCX (which may be withheld by CyberCX at its absolute discretion).

13. Miscellaneous

(a) If any provision of this Agreement is deemed to be unenforceable, invalid or illegal, the interpretation is to be applied to reflect the intention of the parties as far as possible whilst not affecting the validity of the remainder of the Agreement.
(b) Neither party may assign its rights under this Agreement without the other party’s prior written consent, provided however CyberCX can assign its rights under this Agreement to a Related Body Corporate if it wants for so long as it requires to do so.
(c) The Client acknowledges and agrees that (i) some or all of the Services may be provided by CyberCX Pty Ltd and /or its Affiliates.
(d) All notices and consents must be sent by email to the email addresses on the front page of this Agreement.
(e) This Agreement is governed by the laws of England and Wales.
(f) CyberCX will not be liable for any delay or failure to supply the Services or Products if such a delay or failure was due to an Event of Force Majeure.
(g) Any dispute relating to the subject matter of this Agreement shall be submitted to mediation prior to any other dispute resolution process being invoked. The parties will agree a mediator within 21 days of either party giving the other written notice of intention to invoke mediation. If the parties cannot agree on a mediator then the dispute will be referred to the Centre for Effective Disputes Resolution (CEDR). All mediation proceedings will be conducted in accordance with the CEDR Model Mediation Procedure.
(h) No party is authorised to bind another party and nothing in this Agreement is construed as creating a relationship of principal and agent, partners, trustee and beneficiary, or employer and employee.
(i) This Agreement may only be amended or replaced with the written agreement of all parties.
(j) This Agreement constitutes the entire agreement between the parties and supersedes any prior conduct, arrangement, agreement or understanding in relation to its subject matter.
(k) This Agreement can be signed in counterparts. If an electronic signature is used, it shall have the same effect as a handwritten signature.

14. Definition and interpretation

14.1 Definitions

All capitalised terms have either the meanings given to that term in the Contract Details, the definitions in this clause 14.1 or where otherwise set out in the Agreement:

Affiliate means an entity that Controls, is Controlled by, or is under common Control with the relevant entity;

Agreement means these general terms and conditions and as relevant; the Proposal, quote or SOW to which they are attached (including any agreed written variation);

Background IP means a party’s intellectual property rights in any materials developed independently of, or prior to, the provision of the Services and the Deliverables and includes any third party licensed intellectual property;

Business Day means a day that is not a Saturday, Sunday, public holiday or bank holiday in the location where the Services are being provided;

Client means the customer who has requested the Services to be performed by CyberCX.

Client Data means the data owned or supplied by the Client which is accessed by CyberCX (including its Affiliates) or its subcontractors in the course of performing the Services;

Client Personal Data means any Personal Data that is processed by CyberCX on behalf of the Client in relation to this Agreement, but excluding Personal Data with respect to which CyberCX is a data controller as set out in the Privacy Policy.

Confidential Information means all and any information (in any form or media) of a confidential nature that is made available directly or indirectly, and before, on or after the date of this Agreement including financial, client, employee and supplier information, product specifications, policies and procedures, processes, statements, formulae, trade secrets, Client Data, drawings and data which is not in the public domain (except by virtue of a breach of the confidentiality obligations arising under this Agreement);

Control means the legal power to control (directly or indirectly) the management of an entity (and “Controlled” should be construed accordingly);

CyberCX means CyberCX UK Ltd and any of its Affiliates;

Data Protection Laws means the EU GDPR and the UK GDPR and all other applicable laws relating to the processing of Personal Data.

Deliverables means the materials, reports and other deliverables to be provided by CyberCX in performing the Services, as set out in the relevant Proposal, quote or SOW;

Deliverables Date means the date upon which the Deliverables are to be provided to the Client, if any;

Event of Force Majeure means any event or circumstance, or a combination of events or circumstances, which is beyond the reasonable control of a party (but does not excuse any obligation to make payment);

EU GDPR means the General Data Protection Regulation (Regulation (EU) 2016/679) and all other EU laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time.

Insolvency Event means:

(a) bankruptcy proceedings are commenced against the relevant party, or the relevant party is declared bankrupt;
(b) any step is taken to appoint a receiver, a receiver and manager, a trustee in bankruptcy, a liquidator, a provisional liquidator, an administrator or other like person to the relevant party or to the whole or any part of the relevant party’s assets or business;
(c) if the relevant party is in a partnership, the partnership is dissolved or an application is made to dissolve the partnership;
(d) the relevant party is or becomes unable to pay its debts when they are due or either party is or is presumed to be insolvent for the purposes of any provision of the Insolvency Act 1986;

Loss means any loss, cost, liability or damage, including reasonable legal costs;

Personnel means, in relation to a party, its employees, Affiliates, secondees, advisers and contractors;

Personal Data means personal data under any of the Data Protection Laws.

Privacy Policy means the documented policy of CyberCX, as amended from time to time, located at: www.cybercx.com.au/privacy/.

Product means any products or goods supplied pursuant to the Agreement

Proposal means the proposal for Services to be provided to the Client by CyberCX;

Rates means the hourly or daily rates payable by the Client for the provision of Services by CyberCX, as set out in a Proposal, quote or SOW;

Services means the services to be provided to the Client by CyberCX, as set out in a relevant Proposal, quote, or SOW;

Statement of Work or SOW means a document setting out the Services and/or products to be provided to the Client by CyberCX;

Systems includes networks, software, applications, computers, servers, mobile devices, cloud services (including storage, software, platforms and infrastructure as a service), industrial control systems, and any other IT systems or equipment.

Third Party Licence has the meaning given to that term in clause 6.3(a)(i); and

Third Party Material has the meaning given to that term in clause 6.3(a).

UK GDPR means the EU GDPR as transposed into UK law (including by the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) and all other UK laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time.

14.2 Interpretation

In this Agreement, unless the context requires otherwise:

(a) clause and subclause headings are for reference purposes only;
(b) the singular includes the plural and vice versa;
(c) words denoting any gender include all genders;
(d) a reference to a person includes any other entity recognised by law and vice versa;
(e) where a word or phrase is defined, its other grammatical forms have a corresponding meaning;
(f) any reference to a party to this Agreement includes its successors and permitted assigns;
(g) any reference to any agreement or document includes that agreement or document as amended at any time;
(h) the use of the word includes or including is not to be taken as limiting the meaning of the words preceding it;
(i) the expression at any time includes reference to past, present and future time and performing any action from time to time; and
(j) No provision of this Agreement will be construed adversely to a party because that party was responsible for the preparation of this agreement or that provision.
(k) an agreement, representation or warranty by two or more persons binds them jointly and severally and is for the benefit of them jointly and severally.

1. Agreement

a) Together with the Proposal, these Terms and Conditions form part of the Agreement between CyberCX and the Client for the provision of the Services. These Terms and Conditions will apply to any further Services provided by CYBERCX to the Client unless otherwise agreed in writing.

b) The terms of any Proposal will prevail to the extent of any inconsistency with these Terms and Conditions.

c) Defined terms and rules for interpretation are set out in clause 20.

2. Term

CyberCX will provide the Services to the Client in accordance with the Agreement from the Commencement Date until the earlier of the End Date or the termination of the Agreement.

3. Warranties by CyberCX

a) CyberCX warrants that:

it will perform the Services in a competent and prudent manner; and
the Services will be performed in accordance with all applicable laws, rules, regulations, standards.

b) OTHER THAN AS EXPRESSLY PROVIDED IN THE PROPOSAL OR THESE TERMS AND CONDITIONS, TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL OTHER WARRANTIES ARE EXCLUDED.

4. Obligations of Client

The Client will provide CyberCX with access to its computer systems, premises, data and any other information in the manner reasonably required by CyberCX to perform the Services in accordance with the Agreement.

5. Authority

a) The Client authorizes CyberCX Representatives to access and use the Client’s computer systems as reasonably required by CyberCX solely for the provision of the Services,

b) The Client will provide CyberCX with a signed authority in the form set out in the Proposal from such persons as CyberCX reasonably requires, prior to the provision of any Services by CyberCX.

6. Acknowledgments

a) In performing the Services, CyberCX acknowledges that the systems being tested may be live operating systems and CyberCX will use all due care to minimize the impact of any tests which form part of the Services.

The Client acknowledges that:

CyberCX may immediately halt any testing which forms part of the Services, if directed by the Client or if CyberCX suspects that the Client’s information or operating systems are being unduly impacted; and
provided CyberCX has complied with clause 6-a, CyberCX will not be in breach of the Agreement if the Services impact the information or operating systems of the Client, or performance of the Services is halted in accordance with clause 6-b bullet #1.

7. Service Schedules

a) To the extent the Services include:

1. Security Testing Services, the terms in Schedule 1 apply; and
2. Digital Forensic Services, the terms in Schedule 2 apply, and the terms of each schedule will take precedence over all terms.

8. Governance Risk and Compliance

b) To the extent the Services include governance, risk or compliance services, this clause 8

c) The Client must ensure that the specifications relating to the Products and Services, and the use of the Services, satisfies all of the Client’s legal and regulatory obligations and any other Client compliance requirements including, without limitation, compliance by the Client with any Law, corporate governance matters and internal company policies.

d) Except to the extent prescribed in the specifications Proposal, or SOW, nothing in the Agreement requires CyberCX to ensure, recommend or facilitate the Client’s compliance with any matter referred to in this clause 8, and the Client acknowledges that it has obtained its own advice on such compliance matters.

9. Service Fees and Expenses

e) The Client will pay CyberCX the Service Fees in consideration of CyberCX providing the Services to the Client, in accordance with this clause 7. The Service Fee shall be exclusive of taxes, which CyberCX shall add to its invoices at the prevailing rate.

f) The Client will pay any expenses to be incurred by CyberCX in performance of the Services as set out in the Proposal (“Expenses”), provided such Expenses are agreed in advance with the Client.

g) The Client will pay the Service Fees (together with taxes where appropriate) and Expenses (if any) in the manner set out in the Proposal. If no payment terms are specified in the Proposal, the Client will pay the Service Fees and Expenses (or such portion as determined by CyberCX) within 30 Business Days of the end of each month in which the Services are provided.

h) The Client will not be required to pay the Service Fees or Expenses (if any) unless CyberCX has provided a valid tax invoice to the Client for the Services performed.

i) The Client must pay all undisputed amounts payable or owing by it to CyberCX under the Agreement

j) Any variation to the Services or the manner in which the Services are to be performed and provided by CyberCX to the Client may result in additional Service Fees, expressly agreed to in writing, (other than as a result of breach of this Agreement by CyberCX). This includes variations resulting from alterations to the timeframes due to Client unavailability, changes to any scope of work forming part of the Services or a Proposal, CyberCX being required to repeat or perform the same Services, modifications to the Client’s hardware, software or other technical infrastructure and any additional information uncovered in performing the Services or provided by the Client.

10. Non-Performance of Services

a) CyberCX will not be required to remedy any default or otherwise perform or re-perform any Services where the non-performance is caused or contributed to by the Client (including the Client’s employees, agents or contractors) or any failure of the Client’s systems or IT infrastructure during the provision of the Services.

11. Force Majeure

a) CyberCX will not be liable for performance of any of its obligations under the Agreement as a result of an act of God, national emergency, war, prohibitive governmental regulations, labour dispute or any other cause beyond CyberCX’s reasonable control. If such a force majeure event occurs, CyberCX will notify the Client of the occurrence and expected duration of that event.

b) If a force majeure event renders performance of the Agreement impossible for a continuous period of at least fourteen (14) Business Days, either party may by notice to the other, terminate the Agreement.

12. Warranties by Client

The Client warrants that it is (i) validly in existence under all applicable laws, (ii) duly authorized to enter into the Agreement, (iii) has obtained all required consents and approvals to do so and (iv) is not contravening any law, judgment, order or rule of any Government Agency or any agreement by entering into the Agreement.

13. Liability of CyberCX

a) NOTHING IN THIS AGREEMENT SHALL EXCLUDE OR RESTRICT EITHER PARTY’S LIABILITY FOR: (A) DEATH OR PERSONAL INJURY RESULTING FROM THE NEGLIGENCE OF THAT PARTY OR OF ITS EMPLOYEES WHILE ACTING IN THE COURSE OF THEIR EMPLOYMENT, OR (B) FRAUD.

b) SUBJECT TO CLAUSE 11-A, BUT OTHERWISE NOTWITHSTANDING ANY OTHER CLAUSE OF THE AGREEMENT, CYBERCX WILL NOT BE LIABLE FOR ANY CLAIM RELATING TO, ARISING OUT OF OR IN CONNECTION WITH ANYTHING WHICH IS DONE (OR IS NOT DONE) BY THE CLIENT WITHOUT CYBERCX’S PRIOR WRITTEN APPROVAL.

c) SUBJECT TO CLAUSES 11-B, CYBERCX’S MAXIMUM AGGREGATE LIABILITY HOWEVER ARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE OF ITS OBLIGATIONS UNDER THIS AGREEMENT SHALL BE LIMITED TO $1,000,000.

d) CYBERCX WILL NOT BE LIABLE FOR LOSS ARISING FROM OR IN CONNECTION WITH ANY REPRESENTATION (OTHER THAN FRAUDULENT REPRESENTATIONS) AGREEMENTS STATEMENTS OR UNDERTAKINGS MADE PRIOR TO THE DATE OF EXECUTION OF THIS AGREEMENT OTHER THAN THOSE REPRESENTATIONS AGREEMENTS STATEMENTS AND UNDERTAKINGS CONFIRMED BY A DULY AUTHORIZED REPRESENTATIVE OF CYBERCX IN WRITING OR EXPRESSLY INCORPORATED OR REFERRED TO IN THIS AGREEMENT.

14. Termination

a) If either party breaches a term of the Agreement (“Defaulting Party”) and the breach can be remedied, the other party (“Non-Defaulting Party”) may give the Defaulting Party not less than seven (7) days’ notice to remedy that breach. If the breach is not remedied within the period stipulated in the notice, the Non-Defaulting Party may give the Defaulting Party a further notice immediately terminating the Agreement.

b) Either party may terminate the Agreement by notice to the other party immediately upon any of the following events:

if the other party commits a material breach of this Agreement which cannot be remedied;
if the other party ceases to carry on business as a going concern;
if an Insolvency Event occurs in relation to the other party; or
if the other party commits a serious criminal offence.

c) Termination of the Agreement will not affect any rights or obligations of party which arose prior to the date of termination. CyberCX will not be liable to the Client for any Claims by the Client relating to the termination of this Agreement by CyberCX in accordance with this clause 12.

15. Confidentiality

a) Each party owns all of its Confidential Information. During the Agreement and after its termination, each party can use or disclose the other party’s Confidential Information only to (i) perform the Services, (ii) professional advisors on a confidential basis for the purpose of obtaining advice, (iii) if the disclosing party has consented in writing, or (iv) if required by law.

b) Upon termination of the Agreement, the recipient of Confidential Information must at the disclosing party’s discretion, deliver to the disclosing party or destroy all Confidential Information in the recipient’s possession or under its control; and delete all Confidential Information held electronically in any medium in the recipient’s possession or under its control. The recipient may retain one copy of any Confidential Information as required by law, which must be retained for compliance purposes, contained in which cannot be practicably deleted or information which must be retained as required by Law, any accounting standard or the rules of any stock exchange or for sound corporate governance purposes and any information contained in working papers or files prepared by CyberCX in connection with that report.

16. Data Protection

a) The Client warrants that it has the legal right to disclose all Personal Data that it does in fact disclose to CyberCX under or in connection with the Agreement.

b) CyberCX warrants that:

it will act only on instructions from the Client in relation to the processing of any Personal Data performed by CyberCX on behalf of the Client. It will hold the Personal Data in confidence and strictly for use in connection with this Agreement and not use the Personal Data for any other purpose nor to contact individuals other than as strictly necessary to enable the provision of the services; and
it shall comply with the provisions of the Applicable Data Protection Legislation in relation to all Personal Data that is processed by it in the course of performing its obligations under this agreement. In particular, but without limitation CyberCX shall warrant it has in place appropriate security measures (both technical and Organizational) against unlawful or unauthorized processing of Personal Data and against loss or corruption of Personal Data processed by CyberCX on behalf of the Client; and
to the extent permitted by law, it will notify the Client of any actual personal data breach within 48 hours at the address listed in the Agreement; and
it will fully co-operate with the Client in supporting compliance with Applicable Data Protection Legislation, including but not limited to, assisting the Client in providing subject access and allowing data subjects to exercise their rights under Data Protection Legislation and promptly acting on the Sponsor’s requests with respect to the Personal Data, which may include their secure destruction; and
should in fulfilling their obligations under the Agreement or pursuant to other lawful instructions from the Client, Personal Data may be transferred, directly or via an onward transfer, outside the US, CyberCX shall rely on measures such as Standard Contractual Clauses, Privacy Shield or Binding Corporate Rules as allowed by Applicable Data Protection Legislation.

17. Intellectual Property

a) In relation to any report provided by CyberCX to the Client pursuant to the Agreement, CyberCX grants the Client an irrevocable and non-exclusive licence to use the content of that report subject to the terms of the Agreement, provided that CyberCX retains copyright in that report.

b) Subject to clause 15-a, all Intellectual Property and similar rights in any other document, work or other matter developed, created, owned or contributed to by CyberCX belongs to CyberCX and CyberCX owns all rights, title and interest in that Intellectual Property.

c) During the Term and after the End Date the Client will not use any of CyberCX’s Intellectual Property except as expressly permitted by the Agreement nor register or use any name or mark similar to or capable of being confused with CyberCX’s name, business name or trademark.

d) Subject to this clause 15, any Intellectual Property of the Client as at the date of the Agreement will remain the property of the Client.

18. CyberCX Staff

a) While CyberCX is providing any Services to the Client and for a period of 12 months after the End Date, the Client will not make an offer of employment to any employee or contractor of CyberCX. In addition, during that period the Client will also not solicit, induce or entice any employee or contractor of CyberCX to cease to work for CyberCX.

b) Clause 16-a does not prohibit the Client from publishing a bona fide employment opportunity with the Client to the general public or making an offer of employment to a person who has responded to such an advertisement or publication.

19. Dispute Resolution

a) Any dispute or disagreement in relation to or in connection with the Agreement in any matter (“Dispute”) is to be resolved in accordance with the procedure provided in this clause 17. In the event of a Dispute, the party seeking to have it resolved must issue to the other parties a notice setting out all details relevant to the Dispute (“a Dispute Notice”).

b) Within 14 days of receipt of a Dispute Notice, the senior management of the parties to the Dispute shall meet to negotiate resolution of the Dispute. The parties agree that those negotiations must be conducted in good faith.

c) In the event that the Dispute is not resolved in accordance with clause 17-b, within 14 days of receipt of a Dispute Notice, the Parties will attempt to settle it by mediation in accordance with the State of Maryland Alternative Dispute Resolution procedures. Unless otherwise agreed by the parties, the mediator shall be nominated in the State of Maryland To initiate the mediation a party must serve notice in writing (“ADR Notice”) to the other party requesting a mediation. The mediation will start not later than [number] days after the date of the ADR notice. If the Dispute is not resolved by mediation, either party will be entitled to take legal action.

d) Nothing contained in this clause 17 will prevent a party from seeking urgent interlocutory relief.

20. Miscellaneous

a) Unless otherwise specified, the Agreement contains the entire agreement between the parties in respect of the subject matter of the Agreement and supersedes any prior agreement or understanding (if any) between the parties in relation to the subject matter of the Agreement.

b) Any amendment to a term of the Agreement must be made in writing executed by the parties.

c) The Client can only assign its rights and obligations under this Agreement with the prior written consent of CyberCX, unless such assignment is in relation to an internal reorganisation of the Client’s business and where the assignment will be made to another member of the Client’s group. No one other than a party to the Agreement, their successors and permitted assignees shall have any right to enforce any of its terms.

d) If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of the Agreement.

e) The Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation shall be governed by and construed applicable laws and the parties irrevocably agree to submit themselves to the exclusive jurisdiction of the courts in the State of Maryland.

f) The Agreement may be executed in any number of counterparts and all counterparts taken together will constitute one and the same instrument. Satisfactory evidence of execution of this Agreement will include evidence of execution sent by electronic transmission by the relevant party and in such case, the executing party undertakes to produce the original as soon as reasonably practicable thereafter.

g) The Agreement will only come into effect and be binding on the parties when it is duly executed by all of the parties.

h) The parties will pay their own costs in respect of the negotiation, preparation and execution of the Agreement.

i) The parties are independent entities. The parties are not principal and agent, partners, trustee and beneficiary or employer and employee.

21. Notices

a) Any notice to be given by one party to the other must be (i) signed by the party giving the notice or by one of its officers or its duly authorized lawyer or agent and (ii) hand delivered or sent by prepaid post, facsimile or electronic mail to the address, or electronic mail address (as the case may be) set out in the Agreement (or any other address or electronic mail address that a party notifies to the other party from time to time).

b) Notice will be deemed sufficiently given in the case of (i) hand delivery, on the date of delivery (ii) pre-paid post two Business Days after being sent or (iii) electronic mail, on the day of transmission provided that the sender can give evidence of transmission and the intended recipient does not give evidence of non-receipt.

22. Interpretations and Definitions

In the Agreement unless qualified by or inconsistent with the context:

a) A reference to one gender includes the other genders; a reference to a person includes a body corporate or un-incorporate and vice versa; the singular includes the plural and vice versa.

b) A reference to a clause is a reference to a clause of this Agreement. A reference to a Schedule is a reference to a schedule to this Agreement.

c) Where a word or phrase is given a particular meaning, other parts of speech or grammatical forms of that word or phrase have corresponding meanings.

d) Headings are for convenience of reference and will not affect the interpretation.

e) Any schedules form part of the Agreement.

f) The Agreement is written in plain English as far as possible. Its terms are to be interpreted so as to give efficacy to the parties’ agreement. No rule resolving a doubt as to interpretation against the party preparing the Agreement will apply. The specific provisions will not limit the interpretation of general provisions.

g) The Agreement binds the parties’ respective heirs, executors, administrators, legal personal representatives, successors and permitted assigns.

h) “Agreement” means the binding contract formed by acceptance of the Proposal, these Terms and Conditions together with any Schedules and valuable consideration or the provision of the Services.

i) “Applicable Data Protection Legislation” means any applicable law relating to the processing, privacy, and use of Personal Data, as applicable to the parties and/ or the subject matters under the Agreement and as may be amended/replaced from time to time, including:(a) the Data Protection Act 2018, (b) the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), and/or any corresponding or equivalent national laws or regulations;

j) “Business Day” is a day other than a Saturday, Sunday or public holiday.

k) “Claim” means, in relation to any person, any damage, loss, cost, expense or liability incurred by the person or a claim, demand, action, proceeding or judgment made against the person, however arising and whether present or future, fixed or unascertained, actual or contingent.

l) “Client” means the person identified as the Client in the Proposal.

m) “Commencement Date” means the date specified in the Proposal for commencement of performance of the Services by CyberCX. If no such date is specified, the Commencement Date is the date the Proposal is signed by CyberCX and the Client.

n) “Confidential Information” means any information obtained by one party concerning the other party including but not limited to its business activities and that (i) by its nature is confidential, (ii) is designated by the disclosing party as confidential or (iii) the recipient knows or ought to know is confidential; but excludes information that is publicly available, except as a result of a breach of this Agreement or was disclosed to the recipient by a third party who was not under a duty of confidentiality in relation to that disclosure.

o) “CyberCX” means CyberCX USA INC.

p) “CyberCX Representatives” means representatives of CyberCX authorized by CyberCX in writing for the purpose of the Agreement.

q) “Digital Forensic Services” includes:

1. digital forensic investigation;
2. digital forensic analysis;
3. forensic reporting and opinions;
4. threat hunting;
5. cyber threat intelligence and risks assessment;
6. and other activities carried out for, or on behalf of, the Client under a Proposal, Quote or SOW.

r) “End Date” means the date by which the Services must be completed as specified in the Proposal. If no such date is specified, the End Date is the date upon which the Services are completed by CyberCX.

s) “Government Agency” means a government or a governmental, semi-governmental or judicial entity or similar authority, and includes a self-regulatory Organization established under statute or a stock exchange.

t) “Insolvency Event” means any of the following:

the threatened or actual appointment of a voluntary administrator, liquidator, provisional liquidator, receiver, receiver and manager, controller, trustee in bankruptcy, administrator or other person of similar office, including any application to a court for such an appointment;
entry into or proposing an arrangement or compromise for the benefit of creditors;
the levy or enforcement of a writ of execution, order or judgment;
becoming unable to pay debts as and when they fall due for payment;
the taking of possession or control of any asset by a person under an Encumbrance; or

failing to satisfy or to apply to have set aside a statutory demand, a bankruptcy notice or other similar form of statutory notice within the time specified in the demand or notice.

u) “Intellectual Property” means all intellectual property rights including, without limitation:

v) patents, copyright, registered designs, rights in circuit layouts, trademarks, inventions, secret processes, computer code, discoveries and improvements and modifications of any kind;

w) the right to have confidential information kept confidential; and

x) any application or right to apply for registration of any of the rights defined in this clause19.

y) “Notice” means written notice and “notify” means notification in writing.

z) “Personal Data” has the meaning given to it by “Applicable Data Protection Legislation”

aa) “Proposal” means a written proposal, offer or quote offered by CyberCX to the Client in relation to the Services.

bb) “Security Testing Services” means penetration testing, red teaming, intrusion techniques, code reviews, security threats and risks assessment and any other security testing or assessment activities carried out for a Clients under a Proposal, Quote or SOW.

cc) “Services” means any services to be provided by CyberCX to the Client as set out in a Proposal, and any other services agreed by CyberCX and the Client in writing for the purpose of the Agreement.

dd) “Service Fees” means the fees payable to CyberCX by the Client in consideration of CyberCX providing the Services as set out in the Proposal or otherwise agreed in writing between CyberCX and the Client.

ee) “Term” means the term of the Agreement set out in clause 2.

WEBSITE TERMS OF USE

This website (Site) is operated by CyberCX Pty Ltd ABN 90 629 363 328 (we, our or us).

By accessing and/or using our Site, you agree to these terms of use and our Privacy Policy (available on our Site) (Terms). You should review our Privacy Policy and these Terms carefully and immediately cease using our Site if you do not agree to these Terms.

Changes to the Terms

We may change these Terms from time to time by publishing the varied terms on our Site. We recommend you check our Site regularly to ensure you are aware of our current terms.

No unlawful, infringing or offensive activity

You must not post or transmit to or via the Site any information or material or otherwise use the Site for any activity which:

breaches these Terms or any laws or regulations, or has unlawful or fraudulent purpose or effect;
infringes a third party’s rights or privacy, including by sending or procuring the transmission of unsolicited or unauthorised advertising or promotional material (spam); or
is contrary to any relevant standards or codes, including generally accepted community standards.

You must also not permit or enable another person to do any of these things.

No viruses or other interference

You must not transmit to or via the Site any virus or other information or material or otherwise use the Site in a way which attempts to or in fact:

attacks, tampers with, hinders the operation of or makes unauthorised modifications to the Site;
inhibits any other user from using the Site;
defames, harasses, threatens, menaces, offends or harms any person; or
contains obscene, indecent, inflammatory or pornographic material or material that could give rise to civil or criminal proceedings.

Additionally, you must not permit or enable another person to do any of these things.

We may suspend or terminate your access

We may suspend or terminate your access to all or any part of the Site at any time, if in our reasonable opinion you breach these Terms. We may report any breach of these Terms to the relevant law enforcement authorities and/or co-operate with relevant authorities including by disclosing your identity to them.

Ownership of content on the Site

Unless otherwise indicated, we own or licence all rights, title and interest (including intellectual property rights) in our Site and all content on the Site. Your use of our Site and your use of and access to any content on the Site does not grant or transfer to you any rights, title or interest in relation to our Site or its content. We grant you a licence to access and view our Site and its contents in accordance with these Terms. You must not use any part of the materials on our Site for commercial purposes without obtaining a licence to do so from us or any relevant third party licensor of ours. Except as permitted by law, all other use, copying or reproduction of this Site or its contents is prohibited.

To the extent that you submit, post, transmit or otherwise make any material available via the Site, you grant to us, a non-exclusive, irrevocable, perpetual, worldwide, royalty-free, transferable licence to use, reproduce, modify, adapt, publish or communicate to the public your content for the reasonable purposes of our business, and the right to sub-license those rights to others. You also consent to any act or omission that would otherwise infringe any of your rights (including your moral rights) in your content.

You warrant that you have the right to grant the above licence, that our exercise of the licence rights above will not infringe the intellectual property rights of any person, and that the content is not defamatory and does not breach any law.

We may monitor or review your content, but we are not obliged to do so. We may also alter or remove any of your content at any time for any reason, including to ensure the operational integrity of our services, in our sole discretion and without notice.

No warranties or representations

To the maximum extent permitted by law, we make no representations or warranties about the Site or its content, including that it is complete, accurate, reliable, and suitable for any particular purpose, or that access will be secure, uninterrupted, error-free or free from viruses.

Third party sites

Our Site may contain links to websites operated by third parties. Unless expressly stated otherwise, we do not control, endorse or approve, and are not responsible for, the content on those websites, and accept no responsibility for them or for any loss or damage which may arise from your use of them. You should make your own investigations with respect to the suitability of those websites.

Our liability to you

Except as set out under this section, we may be liable to you for breach of contract or negligence under the principles applied by the courts.

We are not liable for any loss or damage to the extent that it is caused by you.

To the maximum extent permitted by law, we exclude any liability to you that may otherwise arise as a result from your use of the Site in connection with any business purpose. This includes for any direct, indirect or consequential loss, damage or expense suffered by you.

If we are not entitled by law to exclude liability arising from breach of a statutory duty or other legislation, then to the extent we are permitted to do so we limit that liability to resupply of the services, information or links and associated services, as the case may be.

Your liability to us

You are liable to us for breach of these Terms or negligence under the principles applied by the courts. You are not liable to us for any loss to the extent that it is caused by us.

No waiver for breaches

Failure by either party to act in relation to a breach of these Terms does not amount to waiver of any rights to act in relation to that breach or any later breach by the other party.

Information collected and cookies

When you visit our Site we may collect certain information, such as browser type, operating system, website visited immediately before coming to our site. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.

We may use cookies on our website. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer. We may use cookies to improve the experience of people using our website, including to personalise content, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. We process information about you in accordance with our Privacy Policy. By using our Site you consent to such processing and you warrant that all data provided by you is accurate and complete.

Governing law

These Terms are governed by the law in force in the State of Victoria, Australia.

For any questions and notices, please contact us at

CyberCX Pty Ltd ABN 90 629 363 328

[email protected]

Last update: June 2020

Schedule 1: SECURITY TESTING TERMS

Application of these Terms

These Security Testing Terms apply if security testing and assurance services are provided by CyberCX.
The Client warrants that it is aware of the nature of the Security Testing Services, in particular that the Security Testing Services may include:

- 1. simulating or performing controlled Cyberattacks on the Client’s Systems;
  2. deliberate attempts to penetrate the security Systems of the Client, which may be provided by a third party;
  3. red teaming (including, but not limited to, deliberately masquerading as a hostile attacker with the intention of detecting vulnerabilities) activities in relation to the Client and its premises and Systems; or
  4. deliberately allowing unauthorized access to the Client’s network or Systems for the purpose of analysing threat vectors and origination; and
  5. acts that may put the Client in breach of its agreements including, but not limited to, third party supplier’s terms of supply.

Acknowledgment and liability

a. The Client accepts that the Security Testing Services:

are sample testing activities only and cannot account for all possible ways a third party could breach the Client’s security measures or Systems;
do not implement any security measures and will not prevent security or data breaches, or Cyber-attacks;
could result in interruptions or degradations to the Client’s Systems and accepts those risks and consequences; and
although carried out by professional CyberCX Personnel and tools from trusted resources, carry an element of risk that can never be fully eliminated, and the Client accepts that there is no guarantee that every vulnerability in its Systems will be identified during the Security Testing Services.

b. In carrying out the Security Testing Services, the Client acknowledges and agrees that CyberCX:

1. as agent of the Client is considered to be party to a communication in the case of intercepting any private communication on the Client’s Systems,
2. is expressly authorized by the Client to perform such Services (and all tests reasonably necessary to perform the Services) on the relevant network resources and IP addresses. The Client represents that, if it does not own such network resources, it has requisite consent and authority to engage CyberCX to provide the Security Testing Services;
3. provides no warranty or guarantee as to the outcome of the Security Testing Services, all testing has limitations, and that such testing cannot guarantee discovery of all weaknesses, noncompliance issues, or vulnerabilities; and
4. may use various proprietary methods and software tools to probe network resources, and to detect actual or potential security flaws and vulnerability, which will not be revealed by CyberCX.

Schedule 2: DIGITAL FORENSIC TERMS

Application of these Terms
1. These Digital Forensic Services Terms apply if digital forensic services are provided by CyberCX.
2. The Client warrants that it is aware of the nature of the Digital Forensic Services and that should CyberCX form a reasonable belief or identify evidence of serious criminal conduct during an engagement, CyberCX may be required to notify law enforcement.
Acknowledgment and liability
1. The Client acknowledges and agrees that the Digital Forensic Services:
  1. are intended only for the Client only and outputs may not be provided to any third party without CyberCX’s prior written consent;
  2. are not intended to provide any specific results, other than to identify factual findings, analysis of evidence, and responses to specific questions related to the provision of our expert opinion;
  3. are not legal advice or legal opinions and no output constitute legal advice;
  4. are provided ‘as-is’; and
  5. are not delivered against any standards or guidelines unless otherwise agreed in writing.
2. In carrying out Digital Forensic Services, the Client agrees that CyberCX:
  1. is expressly authorized by the Client to perform such Services (and all such tasks and tests reasonably contemplated by or reasonably necessary to perform the Services) and the Client does so in compliance with all relevant Laws (including the Privacy Act)
  2. is acting on behalf of the Client, so in the case of intercepting any private communication on the Client’s Systems, CyberCX as agent of the Client is considered to be party to such private communication;
  3. provides no warranty or guarantee as to the outcome of the Digital Forensic Services, or resulting legal proceedings, and (unless required) does not implement any security measures or controls;
  4. will rely on the information provided by the Client as true and correct, and that unless otherwise agreed, will not undertake any review, validation or audit to ascertain the completeness or accuracy of information provided; and
  5. leverages anonymized cyber threat intelligence gained through previous engagements for other clients. Through the course of our work, CyberCX may collect cyber threat intelligence from the Client Systems, focused on the attacker’s tools and methods. Such collection will not include information which may identify the Client Organization, networks, Systems, sensitive information, staff, customers, related parties, or include any Client confidential information.