Subscription Agreement and Website Terms November 2019
IF YOU ARE ACTING ON BEHALF OF AN ORGANIZATION, PLEASE CONFIRM THAT YOU ARE AUTHORIZED TO AGREE TO THESE TERMS AND CONDITIONS ON BEHALF OF YOUR ORGANIZATION.
PLEASE NOTE THAT THE SUBSCRIPTION PERMITS YOU AND/OR YOUR ORGANIZATION TO USE THE SHARED ASSESSMENTS DOCUMENTS SOLELY FOR YOUR INDIVIDUAL OR THE ORGANIZATION’S INTERNAL PURPOSES AND THEY MAY NOT BE TRANSFERRED OR SOLD TO A THIRD PARTY. CERTAIN OBLIGATIONS OF THE SUBSCRIPTION AGREEMENT WILL BE BINDING ON YOU AND/OR YOUR ORGANIZATION FOR AS LONG AS YOU HAVE, OR THE ORGANIZATION HAS, ACCESS TO OR USES THE SHARED ASSESSMENTS DOCUMENTS.
If you have any questions about the terms of the Subscription Agreement, please contact email@example.com.
The Shared Assessments Program (“SA”), acting through its managing agent and parent company, The Santa Fe Strategy Center LTD, d/b/a The Santa Fe Group (collectively, the “Program”) attaches the following terms and conditions to organizations and individuals (the “Subscriber”) that download, copy and/or use certain documents developed and owned by the Program, which include content formatted in Excel files, and which are designed to address issues related to third party risk assurance, including regulatory compliance and risk management. By downloading such documents you hereby agree that, as a Subscriber, you and any organization you represent will adhere to and be bound by the following terms and conditions (the “Subscription Agreement”). For value and consideration acknowledged and received, the Program and the Subscriber agree as follows:
- Effective Date; Documents Covered by the Subscription Agreement
a. This Subscription Agreement is effective on that date that any of the documents covered by this Subscription Agreement are downloaded from the Program’s website (the “Effective Date”).
b. This Subscription Agreement covers the following documents (the “Documents”):
i. In the case of a Member of Shared Assessments that is in good standing and has paid any applicable dues, all the documents listed on Exhibit A at the end of this Subscription Agreement, together with user manuals and revisions and updates to the said documents that are created from time to time; and
ii. In the case of an organization that is not a member of Shared Assessments, those documents listed on Exhibit A at the end of this Subscription Agreement that Subscriber selects and pays for online, together with user manuals and revisions and updates to the said documents that are created from time to time.
- Representations and Warranties; Disclaimers
a. The Program represents and warrants that it has the right to enter into this Subscription Agreement and to grant the license granted hereunder.
b. The Program represents and warrants that it holds all rights, title and interest in and to, including, in some instances, copyright interests, in the material that constitutes the Documents.
c. Subscriber represents and warrants that it has the right to enter into this Subscription Agreement and that the individual agreeing to the terms and conditions set forth in this Subscription Agreement is authorized to do so on his/her own behalf or on behalf of the organization he/she represents.
d. The Documents have been developed as tools for information security, privacy and business continuity compliance. They are based on general information security and privacy laws, regulations, principles, frameworks, audit programs, seal programs and regulatory guidance from various jurisdictions and do not constitute legal advice or an exhaustive list of questions or procedures covering all the information security or privacy laws in the US, or rest of the world, that may apply to a service provider. The Subscriber should consult counsel on a case-by-case basis to ensure compliance with all applicable information security and privacy laws, regulations, policies and standards.
e. THE PROGRAM DOCUMENTS ARE PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED.
- Grant of Limited License
The Program hereby grants to Subscriber, a non-exclusive, limited license during the Subscription term to access and use the Documents subject to the following:
a. No modifications may be made to the Documents without the express written permission of Program.
b. The limited license will end when this Subscription Agreement is terminated, canceled, or is otherwise aborted.
c. Subscriber must notify Program at firstname.lastname@example.org their reasons for the modifications and make the modifications available to for review and approval as additions and/or modifications to the current version of the Documents.
d. Copyright and all other intellectual property or proprietary rights in the Documents, and any modifications to the Documents, shall belong exclusively to Program.
e. If the Subscriber wishes to incorporate the Documents into software product offered for license or sale, it must first obtain a separate license from the Program.
f. Subscriber will not knowingly remove any copyright notice or trade name or marks of the Program that may appear on the Documents. Subscriber shall comply with applicable conventions regarding copyright and source of material attribution.
g. Subscriber shall not reverse engineer, decompile, disassemble, reengineer or otherwise attempt to discover the source code of any software components of the Documents, except as allowed by applicable law.
h. The Documents are provided solely for the use of the Subscriber and are not for resale or distribution to third parties, notwithstanding any distribution by the Subscriber for the purpose of any assessment, audit, or investigation.
i. The Documents may be used by any number of employees, agents, and consultants of Subscriber (collectively, “Permitted Users”) for the benefit of Subscriber. Without limiting any other provision of this Agreement, Permitted Users may use, copy, process, compile, store or download, in hard copy or electronically, any amount of information for research on behalf of Subscriber and distribute any information used in such research in any format (e.g. hardcopy or electronic), amount and frequency to any employee and/or consultant of any Permitted User.
j. Documents distributed to another individual or entity by the Subscriber for the purpose of any assessment, audit, or investigation, shall not convey any rights in the Documents whatsoever to that individual or entity, including without limitation, the right to use, reuse, or distribute the Documents to anyone other than the Subscriber from whom they were received. Subscriber shall convey in writing such limitation to any individual or entity to which it provides a copy of the Documents.
- Intellectual Property
a. Except for the limited license granted in this Subscription Agreement, the Program retains all rights, title and interest in and to, including, copyright interests, in and to the Documents, its trademarks and any goodwill associated therewith.
b. Subscriber shall not assert rights in any modifications to the Documents against the Program, its members, sponsors, or any other person or entity who holds a license in the Documents granted by the Program.
a. The Program will indemnify Subscriber from and against any and all losses incurred by Subscriber, including, without limitation, Subscriber’s reasonable attorneys’ fees, resulting from any third-party claim that is based on a breach of the Program’s Representations and Warranties set forth in Section 2.a. and b above.
b. Subscriber will indemnify the Program from and against any and all losses incurred by the Program, including, without limitation, the Program’s reasonable attorneys’ fees, resulting from any third-party claim relating to a breach of the Subscriber’s Representations and Warranties set forth in Section 2.c. above.
c. The party seeking indemnification shall give prompt written notice to the other party of the claim for which indemnification is sought, shall proffer the defense of such claim to the indemnifying party, and shall cooperate fully with the indemnifying party. The indemnifying party may defend or settle the claim in its discretion; provided, however, that no settlement shall impose liability or expense on the indemnified party or require the indemnified party to take any affirmative or negative action without such party’s express, written consent.
- Default: Program’s Rights
In the event that the Subscriber fails to fully perform any of its obligations under this Subscription Agreement including, without limitation, any breach of the terms of the License granted in Section 3 above or any violation of the Program’s intellectual rights in the Documents under Section 4 above (a “Default”), and the Default is not cured within thirty (30) days of the Program providing written notice of the Default to Subscriber, the Program may pursue any and all legal or contractual remedies available to it, including without limitation, money damages and/or injunctive relief.
a. This Subscription Agreement, including Exhibit A hereto, is the parties’ entire agreement and supersedes all prior or contemporaneous negotiations, agreements or understandings respecting its subject matter.
b. Any failure to exercise or enforce any right or provision in this Subscription Agreement will not constitute a waiver of such right or provision. If any part of this Subscription Agreement is determined to be invalid or unenforceable under applicable law, that provision will be removed, and the remainder of the Subscription Agreement will continue to be valid and enforceable. To the extent that the terms of this Subscription Agreement conflict with the Membership Agreement, this Subscription Agreement shall control. The headings in the Subscription Agreement are intended for convenience of reference and will not affect interpretation of this Subscription Agreement.
c. This Subscription Agreement may be amended, supplemented, or otherwise modified only by means of a written instrument signed by both parties.
d. This Subscription Agreement may not be assigned by either party without the other party’s written consent, provided that, the Program may, upon notice to Subscriber, assign this Subscription Agreement to any entity that succeeds to the Program’s rights in the Documents. This Subscription Agreement shall be binding upon the parties’ successors and permitted assigns.
e. Any notice to the Subscriber will be sent to the Primary Contact and address on files with the Program. Any notice to the Program will be sent to Shared Assessments at 3 Chamisa Drive, North, Suite 2, Santa Fe, NM 87508. All notices shall be sent by express mail or next day express delivery service with signed receipt. Notice shall be deemed effective upon receipt.
f. This Subscription Agreement and all claims arising from or related to Subscriber’s use of the Documents will be governed by and construed in accordance with the laws of the State of New Mexico. With respect to any disputes or claims not subject to arbitration (as set forth below), Subscriber agrees to exclusive jurisdiction in the state and federal courts in New Mexico. Notwithstanding any other provision of this Subscription Agreement, the Program may seek injunctive or other equitable relief from any court of competent jurisdiction. Regardless of any statute or law to the contrary, Subscriber must file any claim or action related to use of the Documents within one year after such claim or action accrued. Otherwise, Subscriber will be deemed to have waived the claim or action.
g. Notwithstanding the foregoing, the parties agree that (i) if the Subscriber is ever involved in any legal proceedings initiated or involving a third party and related to the Documents, the Subscriber may compel the Program’s intervention in the jurisdiction where the proceedings have been initiated by said third party, and (ii) if the Program is ever involved in any legal proceedings initiated or involving a third party and related to the Subscriber’s use of the Documents, the Program may compel the Subscriber’s intervention in the jurisdiction where the proceedings have been initiated by said third party.
h. The Program may elect to resolve any controversy or claim arising out of or relating to this Subscription Agreement by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association. Unless the Program establishes a different location, arbitration hearings will be held in Santa Fe, New Mexico. The arbitrator’s award will be binding and may be entered as a judgment in any court of competent jurisdiction.
I. The rights and obligations of the parties will continue in effect so long as the Subscriber retains possession or access to the Documents. Notwithstanding anything to the contrary herein, the following Sections will survive any attempt by the Subscriber to terminate or cancel this Subscription Agreement for any reason:
i. Section 2.e;
ii. Section 3;
iii. Section 4.
iv. Section 5;
v. Section 6; and
vi. This Section 7.
SHARED ASSESSMENTS DOCUMENTS SUBJECT TO SUBSCRIPTION AGREEMENT
- Standardized Information Gathering (SIG) Questionnaire Tools: The SIG employs a holistic set of industry best practices for gathering and assessing 18 critical risk domains and corresponding controls, including information technology, cybersecurity, privacy, resiliency and data security risks. It serves as the “trust” component for outsourcers who wish to obtain succinct, scoped initial assessment information on a service provider’s controls. The SIG can also be used proactively by service providers, to reduce initial assessment duplication and assessment fatigue, by supplying their own SIGs to outsourcers.
- Standardized Control Assessment (SCA) Procedure Tools: The SCA assists risk professionals in performing onsite or virtual assessments of vendors. This is the “verify” component of a third party risk program. The SCA mirrors the 18 critical risk domains from the SIG, and can be scoped to an individual organization’s needs. The SCA package includes the SCA Report Template, which provides a standardized approach to collecting and reporting assessment results.
- Thrid Party Privacy Tools: The Third Party Privacy Tools provide templates and project management tools for third party privacy assessments. The tools meet the demands of privacy data governance obligations including GDPR and CCPA.
The Shared Assessments Program (“SA”), acting through its managing agent and parent company, The Santa Fe Strategy Center LTD, d/b/a The Santa Fe Group (collectively, the “Program”) attaches the following terms and conditions to organizations and individuals (individually, a “User”) that access and use the Shared Assessments website to gain access to licensed materials or other services or to gain access to the Members Only portions of the website (the “Services”).
- Intellectual Property
The Program holds all rights, title and interest in and to, including, in some instances, copyright interests in and to, the content, information, data, designs, code, and materials associated with the Services (“Content”) that are protected by intellectual property and other laws. The User must comply with all such laws and applicable copyright, trademark or other legal notices or restrictions.
- Registration and Access Controls
The User is responsible for maintaining the confidentiality of its user name and password and it accepts responsibility for all activities, charges, and damages that occurs under its account. If a User has reason to believe that someone is using its account without permission, the User should contact the Program immediately. The Program will not be responsible for any loss or damage resulting from a User’s failure to notify it of unauthorized use. If the Program requests registration information from a User, it must provide the Program with accurate and complete information and must update the information when it changes. A User may not access any age-restricted Services unless he/she are above the required age.
- Third Party Content
- Fee-Based Services
If a User accepts fee-based products or features, it agrees to the terms and conditions governing all such purchases, including all requirements to pay applicable fees and charges. The Program will notify Users of any changes to fees and charges.
- Acceptable Use
The Services have been designed to present Content in a unique format and appearance. Unless the Program gives a User prior written permission, the User agrees not to access the Services using any interface other than the Program’s. The Program may deny permission to link to the Services for any reason in its sole discretion, and a User must be able to edit or delete promptly links that it creates, upon the Program’s request. Consistent with these Terms, a User may not use the Services to do or assist others to do the following:
a. Link to the Services from a site or transmit any material that is inappropriate, profane, vulgar, offensive, false, disparaging, defamatory, obscene, illegal, sexually explicit, racist, that promotes violence, racial hatred, or terrorism, or that the Program deems, in its sole discretion, to be otherwise objectionable;
b. Frame the Services, display the Services in connection with an unauthorized logo or mark, or do anything that could falsely suggest a relationship between the Program and any third party or potentially deprive the Program of revenue (including, without limitation, revenue from advertising, branding, or promotional activities);
c. Violate any person’s or entity’s legal rights (including, without limitation, intellectual property, privacy, and publicity rights), transmit material that violates or circumvents such rights, or remove or alter intellectual property or other legal notices;
d. Knowingly transmit files that contain viruses, spyware, adware, or other harmful code;
e. Interfere with others using the Services or otherwise disrupt the Services;
f. Transmit, collect, or access personally identifiable information about other users without the consent of those users and the Program;
g. Engage in unauthorized spidering, “scraping,” or harvesting Content, contact or other personal information, or use any other unauthorized automated means to compile information;
h. Impersonate any person or entity or otherwise misrepresent an affiliation or the origin of materials it transmits; or
i. Defeat any access controls, access any portion of the Services that it is not authorized to access (including password-protected areas), link to password-protected areas, attempt to access or use another user’s account or information, or allow anyone else to use its account or access credentials.
- Consequences of Violations: Disclosures for Legal Compliance
a. The Program may take any of the following actions in its sole discretion and without notice for violation of these Terms and/or, if applicable, any terms of the Shared Assessment Membership Agreement:
i. Restrict or terminate a User’s access to the Services;
ii. Change or discontinue the Services to the User; and/or
iii. Deactivate a User’s account and delete all related information and files in its account;
c. The Program will not be liable to a User or any third party for taking any of these actions and it will not be limited to the remedies above if a User violate these Terms.
The User will defend, indemnify, and hold harmless the Program and its directors, officers, employees, shareholders, vendors, partners, contractors, agents, licensors or other representatives of each of them and all of their successors and assigns, for all damages, liabilities, and expenses or obligations of any kind (including attorney’s fees and costs), arising out of or in connection with the User’s use or misuse of the Services (including, without limitation use of its account, whether or not authorized by the User, and claims arising from information or materials generated by Shared Assessments members or third parties).
- Disclaimers; Limitation of Liability
a. THE PROGRAM DOES NOT WARRANT:
i. THAT THE SERVICES, ANY OF THE SERVICES’ FUNCTIONS OR ANY CONTENT OR SOFTWARE CONTAINED THEREIN WILL BE UNINTERRUPTED OR ERROR-FREE;
ii. THAT DEFECTS WILL BE CORRECTED;
iii. THAT THE SERVICES OR THE SERVERS HOSTING THEM ARE FREE OF VIRUSES OR OTHER HARMFUL CODE; OR
b. THAT THE SERVICES OR INFORMATION AVAILABLE THROUGH THE SERVICES WILL CONTINUE TO BE AVAILABLE.
c. THE PROGRAM DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTIES WITH RESPECT TO THE SERVICES AND CONTENT, INCLUDING, WITHOUT LIMITATION, NONINFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND TITLE. THE SERVICES, INCLUDING, WITHOUT LIMITATION, ALL CONTENT, SOFTWARE, AND FUNCTIONS MADE AVAILABLE ON OR ACCESSED THROUGH OR SENT FROM THE SERVICES, ARE PROVIDED “AS IS,” “AS AVAILABLE,” AND “WITH ALL FAULTS.”
d. THE PROGRAM WILL NOT BE LIABLE TO ANY USER OR ANYONE ELSE FOR ANY LOSS OR DAMAGES OF ANY KIND (INCLUDING, WITHOUT LIMITATION, FOR ANY SPECIAL, DIRECT, INDIRECT, INCIDENTAL, EXEMPLARY, ECONOMIC, PUNITIVE, OR CONSEQUENTIAL DAMAGES) IN CONNECTION WITH THE SERVICES OR A USER ‘S SUBMISSIONS, (INCLUDING, WITHOUT LIMITATION, WHETHER CAUSED IN WHOLE OR IN PART BY NEGLIGENCE, GROSS NEGLIGENCE, OR OTHERWISE, BUT EXCLUDING WILLFUL MISCONDUCT).
e. A USER’S ACCESS TO AND USE OF THE SERVICES IS AT ITS OWN RISK. IF A USER IS DISSATISFIED WITH THE SERVICES OR ANY OF THE CONTENT, ITS SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE ACCESSING AND USING THE SERVICES.
f. THE USER ACKNOWLEDGES AND AGREES THAT IF IT INCURS ANY DAMAGES THAT ARISE OUT OF THE PROGRAM’S ACTS OR OMISSIONS, EVEN IF IRREPARABLE, IT WILL NOT BE ENTITLED TO AN INJUNCTION OR OTHER EQUITABLE RELIEF. THE USER ACKNOWLEDGES THAT IT MAY BE WAIVING RIGHTS WITH RESPECT TO CLAIMS THAT ARE UNKNOWN OR ARE UNSUSPECTED. ACCORDINGLY, THE USER AGREES TO WAIVE THE BENEFIT OF ANY LAW, THAT OTHERWISE MIGHT LIMIT ITS WAIVER OF SUCH CLAIMS.
- Changes; Additional Terms
The Program may occasionally change these Terms, so it encourages Users to review the Terms periodically. If the Program makes a change to the Terms, the User will be presented with the updated Terms at its next log in to the website and given the opportunity to review and accept/reject those new terms. The most current version of the Terms (along with their effective date) will be posted on the website. If a User continues to use the Services after the Terms have been changed, it will be deemed to have agreed to the changes. Additional terms may apply to a User’s use of the Services. The Program will provide these terms to Users or post them on the Services to which they apply and they are incorporated by reference into these Terms. If there is a conflict between these Terms and any additional terms that apply to a particular Service, the additional terms will control.
Special promotions of the Services may also have additional rules and requirements, and Users are responsible for complying with those rules and requirements.
a. The Program’s failure to exercise or enforce any right or provision in these Terms will not constitute a waiver of such right or provision. These Terms and all additional terms, conditions, and policies on the Services, constitute the entire agreement between a User and the Program and supersede all prior agreements with respect to the subject matter hereof. If any part of these Terms is determined to be invalid or unenforceable under applicable law, that provision will be removed, and the remainder of the Terms will continue to be valid and enforceable. To the extent that these Terms conflict with the Membership Agreement, these Terms shall control. The headings in these Terms are intended for convenience of reference and will not affect interpretation of these Terms.
b. The Program may be required by state or federal law to notify Users of certain events. The User hereby acknowledges and agrees that such notices will be effective upon posting them on the Program’s websites or delivering them to the User via email. The User may update its email address by visiting the Services where it has provided contact information. If a User does not provide the Program with accurate information, it will not be responsible for failure to notify the User.
c. These Terms and all claims arising from or related to a User’s use of the Services will be governed by and construed in accordance with the laws of the State of New Mexico. With respect to any disputes or claims not subject to arbitration (as set forth below), the User agrees to exclusive jurisdiction in the state and federal courts in New Mexico. Notwithstanding any other provision of these Terms, the Program may seek injunctive or other equitable relief from any court of competent Regardless of any statute or law to the contrary, the User must file any claim or action related to use of the Services or these Terms within one year after such claim or action accrued. Otherwise, the User will be deemed to have waived the claim or action.
d. The Program may elect to resolve any controversy or claim arising out of or relating to these Terms or the Services by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association. Unless the Program establishes a different location, arbitration hearings will be held in Santa Fe, New Mexico. The arbitrator’s award will be binding and may be entered as a judgment in any court of competent jurisdiction.