By providing payment in response to a SANS’ Price Quote in response to this Cyber Security Training Services Agreement (“Agreement”), the Customer (“Customer”) represents it has read, understands, and agrees to the terms and conditions below.
1. DEFINITIONS
1.1. Affiliate means any entity, individual, firm, or corporation, directly or indirectly, through one or more intermediaries, controlling, controlled by, or under common control with Customer.
1.2. Confidential Information means any information that is proprietary or confidential to a Party and either marked as confidential or identified as such to the other Party, including, but not limited to, business or technical data or know-how, customer and prospective customer lists, secrets, ideas, concepts, designs, drawings, flow charts, diagrams, financials, and other intellectual property, in whatever form including, documented information, machine readable or interpreted information transmitted in any form including, in writing, orally, or visually. Any abstracts, summaries or compilations are included in this definition of Confidential Information. For avoidance of doubt, Confidential Information includes details of SANS training courses or exams, pricing, courseware, user information, and the business relationship between the Parties.
1.3. COTS means Commercial Off The Shelf and is used in reference to SANS-provided training and associated educational materials.
1.4. Courseware means SANS' Course Materials and verbal instruction.
1.5. Course Materials means SANS' COTS educational materials including, but not limited to, online, written, and visual materials.
1.6. Customer Investment Total means the agreed upon training investment established in each Price Quote that is paid by Customer to SANS and deposited into a Voucher Account held by SANS and dedicated to Customer.
1.7. Disclosing Party means the Party that discloses its Confidential Information to the Receiving Party under this Agreement.
1.8. GIAC means a Global Information Assurance Certification.
1.9. Modality means the medium or format in which SANS-provided COTS training and/or GIAC exams are offered. This includes, but is not limited to, in-person events, live online events, on-demand online events, etc.
1.10. PO means a purchase order used to facilitate invoicing and/or payment only.
1.11. Price Quote means the document that details the SANS-provided products and services being provided to the Customer by SANS, the price of such products and services, the Customer Investment Total, and the payment terms.
1.12. Receiving Party means the Party that receives Confidential Information of the Disclosing Party under this Agreement.
1.13. Specifications means any characteristics, features, descriptions, criteria, scope, capabilities, standards, and/or requirements for the services delivered by SANS to Customer as described herein and/or an applicable Price Quote.
1.14. User means an individual person who Customer has named as a student.
1.15. Voucher Account means the SANS account where the Voucher Funds are held and where Customer can manage its training budget for individual Users to receive SANS-provided COTS training, GIAC exams or other products and services.
1.16. Voucher Funds means the total funds available to Customer to include Customer Investment Total and any other funds deposited into a Voucher Account.
2. VOUCHER FUNDS
2.1. SANS’ voucher account program (“Voucher Program”) allows Customer and its Affiliates, upon SANS’ receipt of Customer Investment Total, to manage its Voucher Account to purchase products and services from SANS. Voucher Funds in the Voucher Account have cash value and can be used by Customer or its Affiliates to register Users for SANS-provided COTS training and/or GIAC exams or other products and services.
2.2. SANS will ensure that any services provided conform to applicable Specifications. Customer may request changes to a Price Quote by providing written notice to SANS. Any changes to a Price Quote must be mutually agreed to in writing in an amended Price Quote signed by both Parties. SANS will implement the changes and Customer will pay for any additional charges for changes as agreed to in the Price Quote.
2.3. An Affiliate may invest monetary funds in a Voucher Account dedicated to Customer pursuant to this Agreement and on the same terms thereof. Customer is responsible for ensuring that such Affiliate accepts and agrees to the terms of the Agreement by submitting a Price Quote that references this Agreement.
3. UTILIZATION OF VOUCHER ACCOUNT
3.1. All SANS training and GIAC exams procured through the Voucher Account will be based on SANS’ published retail prices at the time of registration and cannot be combined with other discounts or promotional offers other than as provided for within this Agreement or any Price Quote.
3.2. Voucher Funds are valid for 12 months and non-refundable. If Voucher Funds remain in the Voucher Account nearing the conclusion of the initial 12- month period, Customer may contribute an additional investment, prior to expiration, to renew the Voucher Account. The existing Voucher Funds rollover (renew) with the new funds for another 12 months.
3.3. Descriptions of the available courses, to include, the offered Modalities, objectives, and any applicable requirements, are available at https://www.sans.org.
4. VOUCHER ADMINISTRATION TOOL
4.1. Customer shall appoint a staff member to serve as Customer’s Voucher Account administrator (the “Administrator”) for each Voucher Account under a Price Quote, and such Administrator will be given access to the online SANS Voucher Administration Tool. This SANS Voucher Administration Tool allows the Administrator to:
4.1.1. Approve/deny student enrollment;View Voucher Fund usage in real time;Control how and where Voucher Funds are utilized;View Users’ certification status and GIAC exam results; andObtain OnDemand course progress by student per course to determine whether the student is on schedule to complete the course prior to the course expiration
5. COURSEWARE, COURSE MATERIALS AND INTELLECTUAL PROPERTY RIGHTS
5.1. All SANS' Courseware is copyrighted and/or otherwise consists of data, concepts, technology, and intellectual property owned, licensed or proprietary to SANS. Customer obtains no intellectual property rights to the Courseware by virtue of this Agreement. Customer may not distribute Courseware to Customer’s employees who did not attend SANS' COTS training and may not use the Courseware to conduct its own in-house courses. SANS courses cannot be recorded, streamed, or set up for video conferencing by Customer or its Users.
5.2. SANS grants to each individual User enrolled in a SANS-provided COTS training or GIAC exam a worldwide, non-transferable, perpetual, irrevocable, non-exclusive, limited license directly to use such Courseware associated with such COTS training or GIAC exam in connection with the User’s employment by Customer. Neither Customer nor its Users may copy, reproduce, distribute, display, modify or create derivative works based upon all or any portion of the Courseware in any medium, whether printed, electronic, or otherwise, for any purpose, including, but not limited to, for purposes of teaching any computer or electronic security courses to any third party, without the express written consent of the SANS Institute.
5.3. SANS Course Materials are guaranteed to be in good working condition for the duration of the User's attendance in the COTS training or GIAC exam for which the User is registered; provided, SANS is not responsible for any loss, damage, or performance limitation caused in whole or in part by User abuse, mishandling, misuse, negligence, improper storage, servicing or operation, or unauthorized attempts to repair or alter the Course Materials in any way.
6. CONDUCT
Customer’s personnel are expected to behave professionally. The use of obscene or sexually harassing language, and abusive or threatening behavior directed at SANS personnel or other students is not conducive to a learning environment. Improper conduct can result in expulsion from the class.
7. TERM AND TERMINATION
7.1. Term. Unless terminated earlier as described elsewhere herein, this Agreement will become effective as of the Effective Date set forth above and will continue until the termination of all applicable Price Quote (s) (“Term”).
7.2. Termination.
7.2.1. Without Cause. Either Party may terminate this Agreement or any Price Quote, in whole or in part, for any reason upon sixty (60) days prior written notice to the other Party.
7.2.2. For Breach. If either Party materially breaches this Agreement, the other Party may terminate this Agreement upon thirty (30) days prior written notice to the breaching Party of such material breach, provided that the breaching Party has not cured such material breach by the end of the thirty (30) day period.
7.2.3. Immediate. SANS may terminate this Agreement immediately upon any breach by Customer of Sections 5. Additionally, either Party may terminate this Agreement immediately upon written notice to the other Party in the event the other Party: (a) becomes insolvent; (b) makes an assignment for the benefit of creditors; (c) files a voluntary bankruptcy petition; (d) acquiesces to any involuntary bankruptcy petition; (e) is adjudicated bankrupt; or (f) ceases to do business.
7.3. Effect of Termination.
7.3.1. In the event of termination, Customer shall pay SANS for all services performed by SANS up to the date of termination, as well as all fees accrued prior to the date of termination.
7.3.2. For the avoidance of doubt, following termination, Users shall be permitted to keep any Course Materials licensed to them by their attendance at a SANS COTS training or GIAC exam.
7.4. Survivability. Sections 5, 7, 9,10, 11, 12, 14, 15, 18 and 20.7 will survive the termination or expiration of this Agreement.
8. INVOICES AND PAYMENT TERMS
8.1. Except as otherwise set forth in the Price Quote, Customer will be invoiced for one hundred percent (100%) of the Customer Investment Total identified in the Price Quote.
8.2. Customer shall provide payment within 30 days of invoice receipt
8.3. Customer and/or its Affiliates shall be responsible for, and shall timely pay, all sales, use, value added, duties, tariffs or other taxes of any nature whatsoever associated with the purchase of Products or Services under this Agreement.
9. AUDIT
During the Term, SANS will keep true and accurate books and records relating to this procurement (collectively, “Records”). Records will include such information necessary for the Customer to verify the accuracy of the invoicing, billing, and payments in connection with the ordered services delivered hereunder, but not the underlying costs and financial data used in calculating the same. At the Customer’s reasonable request, SANS will provide access to the Records, as necessary, to verify the fees and other amounts charged to the Customer, which shall be accomplished through electronic means.
10. CONFIDENTIALITY
10.1. A Receiving Party may be given Confidential Information from the Disclosing Party in order to perform its obligations under this Agreement. The Receiving Party will protect the confidentiality of the Disclosing Party’s Confidential Information during the Term of this Agreement and indefinitely thereafter by (a) using the same means it uses to protect its own Confidential Information, but in any event, not less than reasonable means, and (b) using the Disclosing Party’s Confidential Information solely in connection with this Agreement. The Receiving Party shall not copy or disclose this Agreement and the Disclosing Party’s Confidential Information except to those employees, officers, directors, subcontractors, agents, or affiliates of the Receiving Party (“Representatives”) who have a need to know such Confidential Information as required in connection with this Agreement; provided, such Representatives are advised of and agree to abide by the confidentiality obligations set forth in this Agreement. Compliance by Representatives with the confidentiality and use obligations in this Agreement will remain the responsibility of Receiving Party, and both Receiving Party and Representatives shall be liable for any breach of this Agreement by Representatives.
10.2. Confidential Information will not include any information or data which:
10.2.1. was rightfully in the Receiving Party or its Representatives’ possession prior to receipt from the Disclosing Party;
10.2.2. becomes rightfully available to the Receiving Party or its Representatives from a source other than the Disclosing Party who is free to lawfully disclose such information to the Receiving Party;
10.2.3. is independently developed by the Receiving Party or its Representatives, without the use of the Disclosing Party's Confidential Information; or
10.2.4. is legally required to be disclosed to a regulatory agency or pursuant to an order of a court of competent jurisdiction, provided that, where permissible, the Disclosing Party be given an opportunity to seek a protective order.
10.3. Applicable only if Customer is a governmental entity: In the event SANS, as the Disclosing Party, identifies its information as Confidential Information, and Receiving Party is a government entity and can demonstrate that SANS’ Confidential Information would otherwise be public information based upon governing law, then prior to public disclosure, the Receiving Party, as a government entity, shall provide SANS written notice demonstrating SANS’ Confidential Information would otherwise be public information based upon governing law.
11. PRIVACY
In accordance with SANS’s Privacy Policy, all information collected from a User related to COTS training or GIAC exams taken from SANS will be kept confidential except as may be disclosed (i) as permitted by applicable law, (ii) as consented to by the User, or (iii) to Customer as the sponsor of User’s training at SANS. Please see SANS’s Privacy Policy for additional information (https://www.sans.org/privacy/).
12. DATA PROTECTION
12.1. In the event that either Party needs to provide any data defined as “Personal Data” under any applicable data protection law (including, but not limited to, the E.U. General Data Protection Regulations (“GDPR”), the U.K. General Data Protection Act, or the California Consumer Privacy Act) with the other Party to perform a Party’s obligations under this Agreement, then the Parties acknowledge and agree that they are each acting as separate and Independent Controllers of such Personal Data shared. A Party shall not share any Personal Data with the other Party unless such Party confirms that it is legally permitted to share such Personal Data.
12.2. Each Party undertakes to comply on their own with applicable Data Protection legislation, including, but not limited, to exercising principles relating to the processing of Personal Data, exercising individual's rights, conducting impact assessments, taking commercially reasonable efforts to prevent and manage data breaches appropriately, maintaining confidentiality, limiting the processing to the services delivered under this Agreement, maintaining the ability to demonstrate compliance with applicable data protection legislation, in particular GDPR, implementing appropriate data retention procedures and adhering to data transfer requirements, and maintaining industry-standard administrative, physical and technical safeguards to protect the security, confidentiality and integrity of such Personal Data.
13. REPRESENTATIONS AND WARRANTIES
13.1. Each Party represents and warrants to the other Party:
13.1.1. it is duly organized and in good standing in the state or jurisdiction in which is it incorporated or organized;
13.1.2. it has full right and power to enter into this Agreement, and the signer of this Agreement has authority to bind such Party it signs on its behalf;
13.1.3. it is not prohibited by any regulatory authority from carrying out its duties and obligations under this Agreement.
13.2. Such representations and warranties shall be continuing throughout the Term of this Agreement.
14. INDEMNIFICATION
14.1. Each party (an “Indemnifying Party”) hereby agrees to indemnify, defend and hold the other party, its affiliates, and its and their officers, directors, employees, and agents (each an “Indemnified Party”) harmless from and against any action, claim, suit, investigation or other proceeding (each, a “Claim”) brought against an Indemnified Party by a third party based on: (a) breach of any applicable law by such Indemnifying Party or (b) gross negligence or willful misconduct by such Indemnifying Party
14.2. Applicable only if Customer is a governmental entity: To the extent established law preempts or limits Customer from providing indemnification to SANS, each Party’s indemnification obligation in this section shall be eliminated or mutually limited pursuant to applicable law to Customer.
15. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY
15.1. Except as specifically provided herein, SANS disclaims any and all representations and warranties, oral or written, expressed, implied, or statutory, including without limitation, any implied warranties of fitness for a particular purpose or of merchantability. In no event shall SANS be liable for any incidental, indirect, consequential, exemplary, special, or punitive damages, whether or not foreseeable, and regardless of whether liability is based on agreement, tort, or otherwise.
15.2. EXCEPT IN THE EVENT OF BREACH OF SECTION 5, IN NO EVENT SHALL EITHER PARTY, ANY OF THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, OR AGENTS, OR ANY OF THEIR AFFILIATE’S LIABILITY IN ANY MANNER ARISING UNDER THIS AGREEMENT EXCEED AN AMOUNT EQUAL TO THE TOTAL PAYMENT RECEIVED BY SANS FOR PRODUCTS OR SERVICES UNDER THIS AGREEMENT DURING THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE DATE WHEN CAUSE OF ACTION ARISES, INCLUDING ATTORNEY FEES.
16. INSURANCE
SANS shall, at its sole expense and throughout the Term, carry and maintain the following insurance coverage: (a) Commercial General Liability, (b) Worker’s Compensation; and (c) Employer’s Liability, in reasonable amounts.
17. COMPLIANCE WITH LAWS
17.1. Each Party will, at its sole expense, obtain all permits and licenses, pay all fees, and comply with all federal, state, and local laws, ordinances, rules, regulations, codes, and orders applicable to it in the performance of this Agreement.
17.2. Each Party shall conduct operations in compliance with applicable laws, rules and regulations in exercising rights and obligations under any part of this Agreement. Laws may include but not be limited to the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act and local anticorruption legislation that may apply. Neither party is listed by any government agency as debarred, suspended, proposed for suspension or debarment or otherwise determined to be ineligible for government procurement programs. In exercising rights and obligations under any part of this Agreement, neither party nor anyone acting on its behalf shall make, offer, promise or authorize payment of anything of value directly or indirectly to any of the following prohibited parties for the purpose of unlawfully influencing their acts or decisions: a) employees, consultants, or representatives of the other Party, b) government officials or employees, c) political party officials or candidates, d) officers or employees of any public international organization, e) immediate family member of such persons (or any other person) for the benefit of such persons.
17.3. Each Party warrants that neither it nor its controlling owners is listed on any (i) sanction programs list maintained by the U.S. Office of Foreign Assets Control within the U.S. Treasury Department (“OFAC”), or (ii) denied party list maintained by the U.S. Bureau of Industry and Security within the U.S. Department of Commerce (“BIS”). Customer agrees it shall not allow Users access to any SANS product, service, or technology provided under this Agreement to any person or entity in a U.S. embargoed country or in violation of a U.S. export control law or regulations. Customer agrees to cooperate with SANS as necessary for SANS to comply with export requirements and recordkeeping required by OFAC, BIS, or other governmental agency.
18. GOVERNING LAW; JURISDICTION; ATTORNEY'S FEES
18.1. This Agreement will be governed by and construed in accordance with the laws of the State of Maryland. Each Party hereby irrevocably consents to exclusive personal jurisdiction and venue in the state and federal courts located in Maryland. Both Parties exclude the application of the Uniform Computer Information Transactions Act (“UCITA”), the United Nations Convention on the International Sale of Goods (“CISG”) and any law of any jurisdiction that would apply UCITA or CISG or terms equivalent to UCITA or CISG to this Agreement. The Parties agree to settle all disputes promptly by negotiation between executives in good faith. Should good faith negotiations fail, any controversy or claim arising out of or relating to this Agreement, or breach thereof, will be exclusively settled by binding arbitration in Montgomery County, Maryland, USA administered by the American Arbitration Association in accordance with its Commercial Arbitration Rules, and judgment on the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof. Either Party may initiate arbitration by written notice if negotiations have failed to resolve the matter within 30 days of initiation. The language of the arbitration will be English.Applicable only if Customer is a governmental entity: Notwithstanding the above, choice of law and forum shall be (i) the state in which the Customer is located if Customer is located in the United States of America, or (ii) the capital city of the country in which the Customer is located if Customer is located outside of the United States of America.
19. NOTICES
All notices or reports required or permitted under this Agreement shall be in writing and shall be delivered by personal delivery, facsimile transmission, a nationally recognized overnight delivery service, by certified or registered mail, return receipt requested, or by electronic mail to be confirmed in writing delivered by one of the methods described herein, and shall be deemed given upon personal delivery, electronic confirmation of electronic mail or facsimile transmission, or signature evidencing receipt of overnight delivery or registered mail, as applicable. Notices and communications between Customer and SANS shall be in English to the following addresses of the Parties or to such other addresses as the Party concerned may subsequently notify in writing to the other Party. Notice hereunder shall be delivered to the Parties’ addresses as follows. If no address is listed for Customer below, notice for Customer is the address for Customer in the opening paragraph of this Agreement with attention to the Legal Department.
If to SANS:
SANS Institute
Attn: Contracts Administration
11200 Rockville Pike, Suite 200
North Bethesda, MD 20852
contractadmin@sans.org
If to Customer:
Attn:
20. MISCELLANEOUS
20.1. Assignment; No Third-Party Beneficiaries. Neither Party may assign this Agreement or its rights or obligations thereunder without the written consent of the other Party, which consent will not be unreasonably withheld, except that a Party may assign upon written notice to a successor by merger, acquisition, or sale of substantially all of such Party’s business or assets. In addition, SANS may assign this Agreement to a subsidiary entity without written consent of Customer. SANS may subcontract all or any part of its obligations under this Agreement but shall remain responsible for the acts and omissions of its subcontractors as though they were acts of SANS itself. Except as specifically provided herein, there are no third-party beneficiaries to this Agreement, and nothing in this Agreement shall benefit or create any right on behalf of any person or entity other than Customer and SANS.
20.2. Waiver. The failure of either Party to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision or a waiver of the right of such Party to thereafter enforce each and every provision of this Agreement.
20.3. Severability. If a particular provision of this Agreement is terminated or held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision of the Agreement will be enforced to the maximum extent legally permissible and the remainder of this Agreement will continue in full force and effect.
20.4. Headings. The headings or titles preceding the text of the sections and subsections of this Agreement are inserted solely for convenience of reference, and shall not constitute a part of this Agreement, nor shall they affect the meaning, construction or effect of this Agreement.
20.5. Independent Contractor. SANS is an independent contractor and not an employee, agent, affiliate, partner or joint venturer with or of Customer.
20.6. Force Majeure. Neither Party shall be liable to the extent that its performance of this Agreement is prevented, or rendered so difficult or expensive as to be commercially impracticable, by reason of an Act of God, labor dispute, unavailability of transportation, goods or services, governmental restrictions or actions, war (declared or undeclared) or other hostilities, pandemic, or by any other event, condition or cause which is not foreseeable on the Effective Date and is beyond the reasonable control of the Party, provided that such Party promptly informs the other Party of such event, and makes diligent efforts to work around the event and resume performance. In the event of non-performance or delay in performance attributable to any such causes, the period allowed for performance of the applicable obligation under this Agreement will be extended for a period equal to the period of the delay.
20.7. Customer PO to Facilitate Payment Only. The Parties agree that any PO submitted by a Customer to SANS is for facilitating invoicing and payment only. Any additional, inconsistent, or different terms included in a Customer PO or other documents (including electronic) submitted to SANS by or on behalf of Customer at any time, whether before or after the Effective Date are hereby expressly rejected by SANS and of no effect. These terms and conditions shall be deemed accepted by Customer without any such additional, inconsistent, or different terms and conditions, except to the extent expressly accepted by SANS in writing and signed by SANS.
20.8. Entire Agreement. This Agreement and all appendices attached hereto (which are specifically incorporated herein by this reference) contain the full and entire agreement between the Parties. It supersedes all prior negotiations, and proposals, written or otherwise, relating to its subject matter. Any modifications, revisions or amendments to this Agreement must be set forth in writing signed by authorized representatives of both Parties.
Counterparts. This Agreement may be executed and delivered (i) in any number of counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument, and/or (ii) by exchange of facsimile or PDF copies, or secure electronic signature and delivery method (e.g., DocuSign), in which case the instruments so executed and delivered shall be binding and effective for all purposes.
EXHIBIT A: Cancellation Policy
1. Substitutions: A User may request another person to substitute their registration at any time prior to the start of the event, or where applicable, prior to accessing the online Course Materials by submitting a substitution request, along with Administrator approval, via e-mail to vouchersupport@sans.org. Processing fees apply. When substituting a User, only the person identified in the e-mail may be substituted for the original person registered. Once the substitution is complete, the original registrant may only attend by paying the full tuition fee.
2. Transfers: A User may request to transfer to other COTS training at any time prior to the start of the originally registered event, or where applicable, prior to accessing the online Course Materials, by submitting a transfer request, along with Administrator approval, via e-mail to vouchersupport@sans.org. The difference in tuition fees, if applicable, and processing fees will apply.
3. Refunds: If a User cannot substitute their registration or transfer to other COTS training, the registered User may submit a refund request via e-mail to vouchersupport@sans.org. If the refund request is submitted by the refund deadline date specific to the event, payments received will be refunded, less a processing fee, in the same manner they were paid. To find the specific deadline dates for a COTS training event, please visit the training event link on the SANS webpage, www.sans.org, and navigate to the cancellations link. No refunds will be given after the stated deadline. If a User has already accessed online Course Material, no refund or substitution will be made.
4. Global Information Assurance Certification (GIAC) Exams. GIAC certification exams are non-transferable and non-refundable after the User receives access to the exam material.