Subscription Agreement and Website Terms September 2020
IF YOU ARE ACTING ON BEHALF OF AN ORGANIZATION, PLEASE CONFIRM THAT YOU ARE AUTHORIZED TO AGREE TO THESE TERMS AND CONDITIONS ON BEHALF OF YOUR ORGANIZATION.
PLEASE NOTE THAT THE SUBSCRIPTION PERMITS YOU AND/OR YOUR ORGANIZATION TO USE THE SHARED ASSESSMENTS DOCUMENTS SOLELY FOR YOUR INDIVIDUAL OR THE ORGANIZATION’S INTERNAL PURPOSES AND THEY MAY NOT BE TRANSFERRED OR SOLD TO A THIRD PARTY. CERTAIN OBLIGATIONS OF THE SUBSCRIPTION AGREEMENT WILL BE BINDING ON YOU AND/OR YOUR ORGANIZATION FOR AS LONG AS YOU HAVE, OR THE ORGANIZATION HAS, ACCESS TO OR USES THE SHARED ASSESSMENTS DOCUMENTS.
If you have any questions about the terms of the Subscription Agreement, please contact email@example.com.
The Shared Assessments Program (“SA”), acting through its managing agent and parent company, The Santa Fe Strategy Center LTD, d/b/a The Santa Fe Group (collectively, the “Program”) attaches the following terms and conditions to organizations and individuals (the “Subscriber”) that download, copy and/or use certain documents developed and owned by the Program, which include content formatted in Excel files, and which are designed to address issues related to third party risk assurance, including regulatory compliance and risk management. By downloading such documents you hereby agree that, as a Subscriber, you and any organization you represent will adhere to and be bound by the following terms and conditions (the “Subscription Agreement”). For value and consideration acknowledged and received, the Program and the Subscriber agree as follows:
- Effective Date; Documents Covered by the Subscription Agreement
- This Subscription Agreement is effective on that date that any of the documents covered by this Subscription Agreement are downloaded from the Program’s website (the “Effective Date”).
- This Subscription Agreement covers the following documents (the “Documents”):
- In the case of a Member of Shared Assessments that is in good standing and has paid any applicable dues, all the documents listed on Exhibit A at the end of this Subscription Agreement, together with user manuals and revisions and updates to the said documents that are created from time to time; and
- In the case of an organization that is not a member of Shared Assessments, those documents listed on Exhibit A at the end of this Subscription Agreement that Subscriber selects and pays for online, together with user manuals and revisions and updates to the said documents that are created from time to time.
- Representations and Warranties; Disclaimers
- The Program represents and warrants that it has the right to enter into this Subscription Agreement and to grant the license granted hereunder.
- The Program represents and warrants that it holds all rights, title and interest in and to, including, in some instances, copyright interests, in the material that constitutes the Documents.
- Subscriber represents and warrants that it has the right to enter into this Subscription Agreement and that the individual agreeing to the terms and conditions set forth in this Subscription Agreement is authorized to do so on his/her own behalf or on behalf of the organization he/she represents.
- The Documents have been developed as tools for information security, privacy and business continuity compliance. They are based on general information security and privacy laws, regulations, principles, frameworks, audit programs, seal programs and regulatory guidance from various jurisdictions and do not constitute legal advice or an exhaustive list of questions or procedures covering all the information security or privacy laws in the US, or rest of the world, that may apply to a service provider. The Subscriber should consult counsel on a case-by-case basis to ensure compliance with all applicable information security and privacy laws, regulations, policies and standards.
- THE PROGRAM DOCUMENTS ARE PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED.
- Grant of Limited License
The Program hereby grants to Subscriber a non-exclusive, limited license during the Term to download, access, use and reproduce the Documents for the purpose of assessing Subscriber’s vendors (“Vendors”), or providing documentation of Subscriber’s risk management controls, practices, policies and procedures to customers, clients, consultants, or business partners (collectively “Customers”), subject to the following covenants and conditions:
- No modifications may be made to the Documents without the express written consent of Program; provided, however, that Licensee may subdivide the Documents into provisions that are appropriate for particular Vendors and Customers and distribute copies of the Documents or subdivisions of the Documents (excepting SCAs, as defined in Exhibit A) to Vendors and Customers in connection with their assessments so long as the language and specific provisions of the Documents is not altered. SCAs may be distributed to and used solely to and by Permitted Users, as defined below.
- If Subscriber wishes to make a modification it must notify Program at firstname.lastname@example.org of its reasons for the proposed modification and make the modifications available to for review and approval as additions and/or modifications to the current version of the Documents.
- The limited license will end when this Subscription Agreement is terminated, canceled, or expires.
- Copyright and all other intellectual property or proprietary rights in the Documents, and any modifications to the Documents, shall belong exclusively to Program.
- If the Subscriber wishes to incorporate the Documents into software or another product or service offered for license or sale by Licensee, it must first obtain a separate license from the Program.
- Subscriber will not knowingly remove any copyright notice or trade name or marks of the Program that may appear on the Documents. Subscriber shall comply with applicable conventions regarding copyright and source of material attribution.
- Subscriber shall not reverse engineer, decompile, disassemble, reengineer, or otherwise attempt to discover the source code of any software components of the Documents, except as allowed by applicable law.
- The Documents may be used by any number of employees, agents, and consultants of Subscriber (collectively, “Permitted Users”) and (except for SCAs) distributed to and used by any number of Vendors, but solely for the purpose of assessing such Vendors for the benefit of Subscriber, or providing Customers with documentation of Subscriber’s risk management controls, practices, policies and procedures.
- Subscriber and its Permitted Users may use, copy, process, compile, store, distribute or download, in hard copy or electronically, information that is generated through use of the Documents (“Assessment Information”) without restriction. In no event however may any Vendor or Customer distribute Assessment Information to anyone other than a Subscriber, and Subscriber agrees to enter into agreements with its Vendors and Customers preventing such disclosure or use. Each Vendor and Customer may retain a copy of Assessment Information for its archival purposes and for the use of Subscriber.
- Documents distributed to another individual or entity by the Subscriber for the purpose of any assessment, audit, investigation, or other use for the benefit of Subscriber shall not convey any rights in the Documents whatsoever to that individual or entity, including without limitation, the right to use, reuse, or distribute the Documents to anyone other than the Subscriber from whom they were received. Subscriber and/or its Affiliate (as appropriate) shall convey in writing such limitation to any individual or entity to which it provides a copy of the Documents.
- Intellectual Property
- Except for the limited license granted in this Subscription Agreement, the Program retains all right, title, and interest, including intellectual property rights, in and to the Documents, its trademarks, and any goodwill associated therewith. All goodwill arising from Subscriber’s use of the Documents and the Program’s trademarks, as provided herein, shall inure solely to the benefit of the Program.
- Subscriber agrees to and does hereby assign to the Program all right, title and interest throughout the world in and to any modifications Subscriber makes to the Documents. For the purposes of this Agreement, completion of the Documents for their intended purposes of assessment, audit, and investigation shall not constitute a “modification.”
- The Program will indemnify Subscriber from and against any and all loss, liability, claims and damages incurred by Subscriber, including, without limitation, Subscriber’s reasonable attorneys’ fees, resulting from any third-party claim that is based on a breach of the Program’s Representations and Warranties set forth in Section 2.a. and b above.
- Subscriber will indemnify the Program from and against any and all loss, liability, claims and damages incurred by the Program, including, without limitation, the Program’s reasonable attorneys’ fees, resulting from or relating to any third-party claim relating to a breach of the Subscriber’s Representations and Warranties set forth in Section 2.c. above.
- The party seeking indemnification shall give prompt written notice to the other party of the claim for which indemnification is sought, shall proffer the defense of such claim to the indemnifying party, and shall cooperate fully with the indemnifying party. The indemnifying party may defend or settle the claim in its discretion; provided, however, that no settlement shall impose liability or expense on the indemnified party or require the indemnified party to take any affirmative or negative action without such party’s express, written consent.
- Default: Program’s Rights
In the event that the Subscriber fails to fully perform any of its obligations under this Subscription Agreement including, without limitation, failure to make timely payment of the Licensee Fees, any breach of the terms of the License provided in Section 2 above or any violation of the Program’s intellectual rights in the Documents under Section 3 above (a “Default”), and the Default is not cured within thirty (30) days of the Program providing written notice of the Default to Subscriber, the Program may terminate the license provided herein and, without election of remedies or other waiver, pursue any and all legal or contractual remedies available to it, including without limitation, money damages and/or injunctive relief. Subscriber will provide Program with the ability to confirm Licensee’s compliance with all of the obligations in Section 6 through a reasonable inspection of Licensee’s web site and Licensed Products within 30 days of notification by Program to perform such inspection.
- Default: Subscriber Obligations
In the event of that Program terminates this Agreement and the license provided herein, Subscriber shall:
- Cease all downloading, use, access to and reproduction of the Documents immediately upon the termination of this Agreement.
- Provide program with written verification that the preceding obligation above has been completed within 30 days of termination.
- Subject to the terms herein, Subscriber may retain copies of completed Documents for archival purposes only.
- This Subscription Agreement, including Exhibit A hereto, represents the parties’ entire agreement and supersedes all prior or contemporaneous negotiations, agreements, or understandings respecting its subject matter. Any failure to exercise or enforce any right or provision in this Subscription Agreement does not constitute a waiver of such right or provision. If any part of this Subscription Agreement is determined to be void or unenforceable under applicable law, the parties agree to sever that provision, and to leave the remainder of the Subscription Agreement intact as valid and enforceable. The headings in the Subscription Agreement are intended for convenience of reference and will not affect interpretation of this Subscription Agreement.
- This Subscription Agreement may be amended, supplemented, or otherwise modified only by means of a written instrument signed by both parties.
- This Subscription Agreement may not be assigned by either party, except to an entity that is under common ownership or control with Subscriber, without the other party’s written consent, provided that, the Program may, upon notice to Subscriber, assign this Subscription Agreement to any entity that succeeds to the Program’s rights in the Documents. This Subscription Agreement shall be binding upon the parties’ successors and permitted assigns.
- This Subscription Agreement shall be governed and construed under the laws of the State of New Mexico, as a contract made and to be performed within that State. The exclusive jurisdiction for any dispute hereunder will be the federal or state courts of New Mexico.
- Any notice to the Subscriber will be sent to the Primary Contact and address on files with the Program. Any notice to the Program will be sent to Shared Assessments at 3 Chamisa Drive, North, Suite 2, Santa Fe, NM 87508. All notices shall be sent by express mail or next day express delivery service with signed receipt. Notice shall be deemed effective upon receipt.
- This Subscription Agreement and all claims arising from or related to Subscriber’s use of the Documents will be governed by and construed in accordance with the laws of the State of New Mexico. With respect to any disputes or claims not subject to arbitration (as set forth below), Subscriber agrees to exclusive jurisdiction in the state and federal courts in New Mexico. Notwithstanding any other provision of this Subscription Agreement, the Program may seek injunctive or other equitable relief from any court of competent jurisdiction. Regardless of any statute or law to the contrary, Subscriber must file any claim or action related to use of the Documents within one year after such claim or action accrued. Otherwise, Subscriber will be deemed to have waived the claim or action.
- Notwithstanding the foregoing, the parties agree that (i) if the Subscriber is ever involved in any legal proceedings initiated or involving a third party and related to the Documents, the Subscriber may compel the Program’s intervention in the jurisdiction where the proceedings have been initiated by said third party, and (ii) if the Program is ever involved in any legal proceedings initiated or involving a third party and related to the Subscriber’s use of the Documents, the Program may compel the Subscriber’s intervention in the jurisdiction where the proceedings have been initiated by said third party.
- The Program may elect to resolve any controversy or claim arising out of or relating to this Subscription Agreement by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association. Unless the Program establishes a different location, arbitration hearings will be held in Santa Fe, New Mexico. The arbitrator’s award will be binding and may be entered as a judgment in any court of competent jurisdiction.
- During the term of this Subscription Agreement on reasonable notice and during regular business hours, the Program may at its own expense inspect or have an independent third party inspect and audit the Subscriber’s books, records, or other documents as necessary to verify compliance with the terms and conditions of this Subscription Agreement. If the Subscriber is not in compliance with the terms and conditions of this Subscription Agreement, then the Subscriber shall reimburse the Program for the cost of the audit and the Program’s associated attorneys’ fees, if any, and pay to the Program the amount of any unpaid Subscription Fees, plus interest at the rate of twelve percent (12%) per annum. Such payments shall be in addition to any other damages the Program may have suffered by reason of Subscriber’s default
- Notwithstanding anything to the contrary herein, the following Sections will survive any termination, cancellation or expiration of this Subscription Agreement for any reason:
- Section 2.e;
- Section 3;
- Section 4.
- Section 5;
- Section 6;
- Section 7; and
- This Section 8.
SHARED ASSESSMENTS DOCUMENTS SUBJECT TO SUBSCRIPTION AGREEMENT
- Standardized Information Gathering (SIG) Questionnaire Tools: The SIG employs a holistic set of industry best practices for gathering and assessing 18 critical risk domains and corresponding controls, including information technology, cybersecurity, privacy, resiliency and data security risks. It serves as the “trust” component for outsourcers who wish to obtain succinct, scoped initial assessment information on a service provider’s controls. The SIG can also be used proactively by service providers, to reduce initial assessment duplication and assessment fatigue, by supplying their own SIGs to outsourcers.
- Standardized Control Assessment (SCA) Procedure Tools: The SCA assists risk professionals in performing onsite or virtual assessments of vendors. This is the “verify” component of a third party risk program. The SCA mirrors the 18 critical risk domains from the SIG, and can be scoped to an individual organization’s needs. The SCA package includes the SCA Report Template, which provides a standardized approach to collecting and reporting assessment results.
- GDPR Privacy Tools: The GDPR Tools provides a narrative introduction and a set of components to help meet the requirements imposed on how Controllers (i.e., outsourcers) must appoint and monitor Data Processors (i.e., third parties/vendors). The Privacy Tools can be used as part of a holistic privacy management program that reaches beyond the scope of GDPR, and can be used both to assess service providers and to manage an outsourcer’s privacy data controls. The GDPR Privacy Tools cover both Trust and Verify for Privacy and tracks the inventory of where data is located.
The Shared Assessments Program (“SA”), acting through its managing agent and parent company, The Santa Fe Strategy Center LTD, d/b/a The Santa Fe Group (collectively, the “Program”) attaches the following terms and conditions to organizations and individuals (individually, a “User”) that access and use the Shared Assessments website to gain access to licensed materials or other services or to gain access to the Members Only portions of the website (the “Services”).
- Intellectual Property
The Program holds all rights, title and interest in and to, including, in some instances, copyright interests in and to, the content, information, data, designs, code, and materials associated with the Services (“Content”) that are protected by intellectual property and other laws. The User must comply with all such laws and applicable copyright, trademark or other legal notices or restrictions.
- Registration and Access Controls
The User is responsible for maintaining the confidentiality of its user name and password and it accepts responsibility for all activities, charges, and damages that occurs under its account. If a User has reason to believe that someone is using its account without permission, the User should contact the Program immediately. The Program will not be responsible for any loss or damage resulting from a User’s failure to notify it of unauthorized use. If the Program requests registration information from a User, it must provide the Program with accurate and complete information and must update the information when it changes. A User may not access any age-restricted Services unless he/she are above the required age.
- Third-Party Content
- Fee-Based Services
If a User accepts fee-based products or features, it agrees to the terms and conditions governing all such purchases, including all requirements to pay applicable fees and charges. The Program will notify Users of any changes to fees and charges.
- Acceptable Use
The Services have been designed to present Content in a unique format and appearance. Unless the Program gives a User prior written permission, the User agrees not to access the Services using any interface other than the Program’s. The Program may deny permission to link to the Services for any reason in its sole discretion, and a User must be able to edit or delete promptly links that it creates, upon the Program’s request. Consistent with these Terms, a User may not use the Services to do or assist others to do the following:
- Link to the Services from a site or transmit any material that is inappropriate, profane, vulgar, offensive, false, disparaging, defamatory, obscene, illegal, sexually explicit, racist, that promotes violence, racial hatred, or terrorism, or that the Program deems, in its sole discretion, to be otherwise objectionable;
- Frame the Services, display the Services in connection with an unauthorized logo or mark, or do anything that could falsely suggest a relationship between the Program and any third party or potentially deprive the Program of revenue (including, without limitation, revenue from advertising, branding, or promotional activities);
- Violate any person’s or entity’s legal rights (including, without limitation, intellectual property, privacy, and publicity rights), transmit material that violates or circumvents such rights, or remove or alter intellectual property or other legal notices;
- Knowingly transmit files that contain viruses, spyware, adware, or other harmful code;
- Interfere with others using the Services or otherwise disrupt the Services;
- Transmit, collect, or access personally identifiable information about other users without the consent of those users and the Program;
- Engage in unauthorized spidering, “scraping,” or harvesting Content, contact or other personal information, or use any other unauthorized automated means to compile information;
- Impersonate any person or entity or otherwise misrepresent an affiliation or the origin of materials it transmits; or
- Defeat any access controls, access any portion of the Services that it is not authorized to access (including password-protected areas), link to password-protected areas, attempt to access or use another user’s account or information, or allow anyone else to use its account or access credentials.
- Consequences of Violations: Disclosures for Legal Compliance
- The Program may take any of the following actions in its sole discretion and without notice for violation of these Terms and/or, if applicable, any terms of the Shared Assessment Membership Agreement:
- Restrict or terminate a User’s access to the Services;
- Change or discontinue the Services to the User; and/or
- Deactivate a User’s account and delete all related information and files in its account;
- The Program will not be liable to a User or any third party for taking any of these actions and it will not be limited to the remedies above if a User violate these Terms.
The User will defend, indemnify, and hold harmless the Program and its directors, officers, employees, shareholders, vendors, partners, contractors, agents, licensors or other representatives of each of them and all of their successors and assigns, for all damages, liabilities, and expenses or obligations of any kind (including attorney’s fees and costs), arising out of or in connection with the User’s use or misuse of the Services (including, without limitation use of its account, whether or not authorized by the User, and claims arising from information or materials generated by Shared Assessments members or third parties).
- Disclaimers; Limitation of Liability
- THE PROGRAM DOES NOT WARRANT:
- THAT THE SERVICES, ANY OF THE SERVICES’ FUNCTIONS OR ANY CONTENT OR SOFTWARE CONTAINED THEREIN WILL BE UNINTERRUPTED OR ERROR-FREE;
- THAT DEFECTS WILL BE CORRECTED;
- THAT THE SERVICES OR THE SERVERS HOSTING THEM ARE FREE OF VIRUSES OR OTHER HARMFUL CODE; OR
- THE PROGRAM DOES NOT WARRANT:
- THAT THE SERVICES OR INFORMATION AVAILABLE THROUGH THE SERVICES WILL CONTINUE TO BE AVAILABLE.
- THE PROGRAM DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTIES WITH RESPECT TO THE SERVICES AND CONTENT, INCLUDING, WITHOUT LIMITATION, NONINFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND TITLE. THE SERVICES, INCLUDING, WITHOUT LIMITATION, ALL CONTENT, SOFTWARE, AND FUNCTIONS MADE AVAILABLE ON OR ACCESSED THROUGH OR SENT FROM THE SERVICES, ARE PROVIDED “AS IS,” “AS AVAILABLE,” AND “WITH ALL FAULTS.”
- THE PROGRAM WILL NOT BE LIABLE TO ANY USER OR ANYONE ELSE FOR ANY LOSS OR DAMAGES OF ANY KIND (INCLUDING, WITHOUT LIMITATION, FOR ANY SPECIAL, DIRECT, INDIRECT, INCIDENTAL, EXEMPLARY, ECONOMIC, PUNITIVE, OR CONSEQUENTIAL DAMAGES) IN CONNECTION WITH THE SERVICES OR A USER ‘S SUBMISSIONS, (INCLUDING, WITHOUT LIMITATION, WHETHER CAUSED IN WHOLE OR IN PART BY NEGLIGENCE, GROSS NEGLIGENCE, OR OTHERWISE, BUT EXCLUDING WILLFUL MISCONDUCT).
- A USER’S ACCESS TO AND USE OF THE SERVICES IS AT ITS OWN RISK. IF A USER IS DISSATISFIED WITH THE SERVICES OR ANY OF THE CONTENT, ITS SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE ACCESSING AND USING THE SERVICES.
- THE USER ACKNOWLEDGES AND AGREES THAT IF IT INCURS ANY DAMAGES THAT ARISE OUT OF THE PROGRAM’S ACTS OR OMISSIONS, EVEN IF IRREPARABLE, IT WILL NOT BE ENTITLED TO AN INJUNCTION OR OTHER EQUITABLE RELIEF. THE USER ACKNOWLEDGES THAT IT MAY BE WAIVING RIGHTS WITH RESPECT TO CLAIMS THAT ARE UNKNOWN OR ARE UNSUSPECTED. ACCORDINGLY, THE USER AGREES TO WAIVE THE BENEFIT OF ANY LAW, THAT OTHERWISE MIGHT LIMIT ITS WAIVER OF SUCH CLAIMS.
- Changes; Additional Terms
The Program may occasionally change these Terms, so it encourages Users to review the Terms periodically. If the Program makes a change to the Terms, the User will be presented with the updated Terms at its next log in to the website and given the opportunity to review and accept/reject those new terms. The most current version of the Terms (along with their effective date) will be posted on the website. If a User continues to use the Services after the Terms have been changed, it will be deemed to have agreed to the changes. Additional terms may apply to a User’s use of the Services. The Program will provide these terms to Users or post them on the Services to which they apply and they are incorporated by reference into these Terms. If there is a conflict between these Terms and any additional terms that apply to a particular Service, the additional terms will control.
Special promotions of the Services may also have additional rules and requirements, and Users are responsible for complying with those rules and requirements.
- The Program’s failure to exercise or enforce any right or provision in these Terms will not constitute a waiver of such right or provision. These Terms and all additional terms, conditions, and policies on the Services, constitute the entire agreement between a User and the Program and supersede all prior agreements with respect to the subject matter hereof. If any part of these Terms is determined to be invalid or unenforceable under applicable law, that provision will be removed, and the remainder of the Terms will continue to be valid and enforceable. To the extent that these Terms conflict with the Membership Agreement, these Terms shall control. The headings in these Terms are intended for convenience of reference and will not affect interpretation of these Terms.
- The Program may be required by state or federal law to notify Users of certain events. The User hereby acknowledges and agrees that such notices will be effective upon posting them on the Program’s websites or delivering them to the User via email. The User may update its email address by visiting the Services where it has provided contact information. If a User does not provide the Program with accurate information, it will not be responsible for failure to notify the User.
- These Terms and all claims arising from or related to a User’s use of the Services will be governed by and construed in accordance with the laws of the State of New Mexico. With respect to any disputes or claims not subject to arbitration (as set forth below), the User agrees to exclusive jurisdiction in the state and federal courts in New Mexico. Notwithstanding any other provision of these Terms, the Program may seek injunctive or other equitable relief from any court of competent jurisdiction. Regardless of any statute or law to the contrary, the User must file any claim or action related to use of the Services or these Terms within one year after such claim or action accrued. Otherwise, the User will be deemed to have waived the claim or action.
- The Program may elect to resolve any controversy or claim arising out of or relating to these Terms or the Services by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association. Unless the Program establishes a different location, arbitration hearings will be held in Santa Fe, New Mexico. The arbitrator’s award will be binding and may be entered as a judgment in any court of competent jurisdiction.