Atlas Master Subscription Agreement (MSA)

This is an abbreviated MSA for Atlas questionnaires. Our full MSA is available here

Last updated December 10, 2020

THE TERMS OF THIS END USER LICENSE AGREEMENT ("AGREEMENT") GOVERN YOUR USE OF THE SECURITY SCORECARD, INC ATLAS VENDOR QUESTIONNAIRE SERVICES (“ATLAS SERVICES”). BY ACCESSING THE ATLAS TOOL, YOU CONSENT TO BE BOUND BY THESE TERMS. IF YOU AGREE TO THESE TERMS ON BEHALF OF A BUSINESS OR A GOVERNMENT AGENCY, YOU REPRESENT AND WARRANT THAT YOU HAVE AUTHORITY TO BIND THAT BUSINESS TO THIS AGREEMENT, AND YOUR AGREEMENT TO THESE TERMS WILL BE TREATED AS THE AGREEMENT OF THE BUSINESS. IN THAT EVENT, "YOU" AND "YOUR" REFER HEREIN TO THAT BUSINESS. SECURITYSCORECARD PERMITS YOU TO ACCESS AND USE THE ATLAS SERVICES ONLY IN ACCORDANCE WITH THE TERMS OF THIS EULA.

1. LICENSE GRANT. You have been given access for the specific purpose of completing a vendor questionnaire on the ATLAS Platform and do so in accordance with this EULA and grant to SecurityScorecard a non­exclusive, non­transferable right to access, use, display and provide to its customers (to the extent such customer(s) have requested you to submit a completed questionnaire on the ATLAS Platform) the information and content that you submit using the ATLAS Platform questionnaire at. You agree that you shall not (i) use the ATLAS Platform to store or transmit computer viruses, worms, time bombs, Trojan horses and other harmful or malicious code, routines, files, scripts, agents or programs, (ii) use the ATLAS Platforms to store or distribute any information, material or data that is harassing, threatening, infringing, libelous, unlawful, obscene, or which violates the privacy or intellectual property rights of any third party, (iii) access or use the ATLAS Platform for any benchmarking or competitive purposes, including, without limitation, for the purpose of designing and/or developing any competitive services, (iv) sell, resell, rent, lease, offer any time sharing arrangement, service bureau or any service based upon, the ATLAS Platform, (v) interfere with or disrupt the integrity or performance of the ATLAS Platform or third party data contained therein, (vi) attempt to gain unauthorized access to the ATLAS Platform or any associated systems or networks or (vii) modify, make derivative works of, disassemble, decompile or reverse engineer the ATLAS Platform or any component thereof.

2. INTELLECTUAL PROPERTY RIGHTS.

2.1 ATLAS Platforms. As between You and SecurityScorecard, SecurityScorecard retains all right title and interest in and to the ATLAS Platform, including all intellectual property rights therein and thereto, and You acquire no rights with respect to the ATLAS Platform, by implication or otherwise, except for those expressly granted in this EULA.

2.2 Suggestions. You hereby grant to SecurityScorecard a royalty­-free, worldwide, transferable, sublicenseable, irrevocable, perpetual license to use or incorporate into the ATLAS Platform any suggestions, enhancement requests, recommendations or other feedback related to the ATLAS Platform that is provided by You.

3. YOUR OBLIGATIONS

3.1. Obligations. You shall (i) use the ATLAS Platform solely in accordance with this EULA and any applicable laws and be responsible for the compliance of all its users with the foregoing and (ii) notify SecurityScorecard promptly of any unauthorized access to the ATLAS Platform of which You become aware.

3.2. Authority, Compliance. You represent and warrant that (i) You have the ability and authority to enter into and perform its obligations under this EULA and (ii) You will not, and will not allow others, to use the ATLAS Platform in a manner that is (i) restricted in Section 2 above, or (ii) prohibited by law or regulation.

4. WARRANTY AND DISCLAIMER.

4.1. Information Security. SecurityScorecard has taken commercially reasonable steps to protect the information technology systems and safeguard the security of the ATLAS Platform and to collect and protect the information You provide in accordance with its Privacy Policy.

4.2. DISCLAIMER. SECURITYSCORECARD MAKES NO WARRANTY OR REPRESENTATION REGARDING THE ATLAS PLATFORM OR THAT THE ATLAS PLATFORM WILL MEET ANY OF YOUR OR OUR CUSTOMERS’ REQUIREMENTS. EXCEPT FOR THE LIMITED WARRANTIES SET FORTH ABOVE, SECURITYSCORECARD EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SECURITYSCORECARD SHALL NOT BE RESPONSIBLE OR LIABLE FOR THE ACCURACY OR USEFULNESS OF ANY INFORMATION PROVIDED, OR FOR ANY USE OF SUCH INFORMATION BY CUSTOMERS OR OTHERS. Because some states and jurisdictions do not allow limitations on implied warranties, the above limitation may not apply . In that event, such warranties are limited to the minimum warranty scope and period allowed by applicable law.

5. LIMITATION OF LIABILITY. EXCEPT FOR THE INDEMNIFICATION OBLIGATIONS UNDER SECTIONS 6 AND 7, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING, WITHOUT LIMITATION, LOSS OF PROFITS OR GOODWILL, FOR ANY MATTER ARISING OUT OF OR RELATING TO THIS EULA AND/OR AN ORDER FORM AND/OR ITS OR THEIR SUBJECT MATTER, WHETHER SUCH LIABILITY IS ASSERTED ON THE BASIS OF CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; AND EACH PARTY’S TOTAL LIABILITY FOR ANY CAUSE OF ACTION, CLAIM, DAMAGES, FEES, COSTS OR EXPENSES SHALL BE LIMITED TO ANY AMOUNTS PAID BY YOU TO SECURITYSCORECARD FOR THE ATLAS PLATFORM DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE DATE ON WHICH THE CLAIM AT ISSUE ACCRUED. THE LIMITATIONS SET FORTH IN THIS SECTION 5 APPLY TO ALL CAUSES OF ACTION IN THE AGGREGATE. EACH PARTY ACKNOWLEDGES AND AGREES THAT THIS SECTION 5 REPRESENTS A REASONABLE ALLOCATION OF RISK AND THAT, IN THE ABSENCE OF THESE LIMITATIONS OF LIABILITY, THE TERMS OF THIS EULA WOULD BE SUBSTANTIALLY DIFFERENT. Because some states and jurisdictions do not allow limitation of liability in certain instances, portions of the above limitation may not apply to You.

6. YOUR INDEMNIFICATION. You agree to indemnify, defend and hold harmless SecurityScorecard, its directors, officers, shareholders, employees and agents, and their respective successors, assigns, estates and heirs (the “SecurityScorecard Indemnified Parties”) from and against any and all causes of action, losses, liabilities, claims, damages, obligations, fees, costs, expenses (including, without limitation, reasonable legal/attorney’s fees), brought by or owing to any third party and arising from or related to Your (i) gross negligence or willful misconduct, (ii) breach of restrictions in Section 3 of this EULA, and (iii) us of and reliance upon the ATLAS Platform..

7. SECURITYSCORECARD INDEMNIFICATION. SecurityScorecard will defend at its own expense any action brought against You, or Your directors, officers or employees (the “UserIndemnified Parties”) by a third party to the extent that the action is based on a claim, suit or proceeding that the ATLAS Platform infringe such party’s copyright or trademark rights (“Infringement Claim”), and SecurityScorecard will pay those costs and damages (including, but not limited, to legal/attorneys’ fees) finally awarded against User Indemnified Parties by a court of competent jurisdiction in any such action that are specifically attributable to such Infringement Claim, or those costs and damages agreed to in a monetary settlement of such action; provided, however, that You provide SecurityScorecard with prompt notice of the Infringement Claim, sole control of defense and settlement of that Infringement Claim, and reasonable assistance regarding such Infringement Claim at SecurityScorecard’s reasonable expense. Notwithstanding the foregoing, SecurityScorecard will have no obligation under this section or otherwise with respect to an Infringement Claim based upon: (i) any use of the ATLAS Platform not in accordance with this EULA; or (ii) any modification of the ATLAS Platform by any person other than SecurityScorecard or its authorized representatives. This Section 7 states SecurityScorecard’s sole and exclusive liability, and Your sole and exclusive remedy, for Infringement Claims. SecurityScorecard will not be responsible for any amounts arising out of any compromise or settlement made by You without SecurityScorecard’s prior written consent.

8. CONFIDENTIALITY. Each party (“Receiving Party”) may, during the course of its provision or use of the ATLAS Platform hereunder, receive, have access to, and acquire information from discussions with the other party (‘Disclosing Party”) which may not be accessible or known to the general public, such as technical and business information concerning hardware, software, designs, specifications, techniques, processes, procedures, research, development, projects, products or services, business plans or opportunities, business strategies, finances, costs, vendors, penetration test results and other security information; defect and support information and metrics; and first and third party audit reports and attestations or customers and other third party proprietary or confidential information that Disclosing Party treats as confidential (“Confidential Information”). Confidential Information shall not include information or materials that (a) were generally known to the public on the Effective Date; (b) become generally known to the public after the Effective Date, other than as a result of the act or omission of the Receiving Party; (c) were rightfully known to the Receiving Party prior to its receipt thereof from the Disclosing Party; (d) are or were disclosed by the Disclosing Party generally without restriction on disclosure; (e) the Receiving Party lawfully received from a third party without that third party’s breach of agreement or obligation of trust; or (f) are independently developed by the Receiving Party as shown by documents and other competent evidence in the Receiving Party’s possession. The Receiving Party shall not: (i) use any Confidential Information of the Disclosing Party for any purpose outside the scope of this EULA, except with the Disclosing Party's prior written permission, (ii) disclose or make the Disclosing Party’s Confidential Information available to any party, except those of its employees, contractors, and agents that have signed an agreement containing disclosure and use provisions substantially similar to those set forth herein and have a “need to know” in order to carry out the purpose of this EULA. Each party agrees to protect the confidentiality of the Confidential Information of the other party in the same manner that it protects the confidentiality of its own proprietary and confidential information of like kind, but in no event shall either party exercise less than reasonable care in protecting such Confidential Information. If the Receiving Party is compelled by law to disclose Confidential Information of the Disclosing Party, it shall provide the Disclosing Party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance

9. ANONYMOUS AGGREGATED DATA. You agree that SecurityScorecard may aggregate anonymous data generated by You (“Aggregated Anonymous Data”). You agree that SecurityScorecard will have the right to generate Aggregate Anonymous Data which SecurityScorecard may use for any business purpose during or after the term of this EULA.

10. MISCELLANEOUS

10.1. Severability. If any provision, or portion thereof, of this EULA is determined by a court of competent jurisdiction to be invalid, illegal or unenforceable, such determination shall not impair or affect the validity, legality or enforceability of the remaining provisions of the relevant agreement, and each provision, or portion thereof, is hereby declared to be separate, severable and distinct and the Parties shall use their best efforts to agree upon a substitute provision that comports as closely as possible with the intent and effect of the stricken provision, failing which the court shall construe the relevant agreement to as closely as possible achieve the intention of the Parties had the stricken provision remained.

10.2. Survival. The Sections that are intended by their nature to survive termination or expiration shall survive any termination or expiration of this EULA

10.3. Choice of Law; Venue. The EULA shall be governed in all respects by the laws of the State of New York without regard to its conflict of laws principles, and all claims and/or lawsuits in connection with this EULA, an Order Form, and/or any associated agreements must be brought in any state or federal court located in the State of New York, and the Parties hereby irrevocably submit to the jurisdiction and venue of any such court.

10.4. No Third Party Beneficiaries. The Parties do not intend to create any third-party beneficiaries of this EULA, and nothing in this EULA is intended, nor shall anything herein be construed to create any rights, legal or equitable, in any person other than the Parties to this EULA.