- Effective Date; Documents Covered by the License Agreement
- This License Agreement is effective on that date that any of the documents covered by this License Agreement are downloaded from the Program’s website (the “Effective Date”).
- This License Agreement covers the following documents (the “Documents”):
- In the case of a Member of Shared Assessments that is in good standing and has paid any applicable dues, all of the documents listed on Exhibit A at the end of this License Agreement, together with user manuals and revisions and updates to the said documents that are created from time to time; and
- In the case of an organization that is not a member of Shared Assessments, those documents listed on Exhibit A at the end of this License Agreement that Licensee selects and pays for online, together with user manuals and revisions and updates to the said documents that are created from time to time.
- Representations and Warranties; Disclaimers
- The Program represents and warrants that it has the right to enter into this License Agreement and to grant the limited license granted hereunder.
- The Program represents and warrants that it holds all rights, title and interest in and to, including, in some instances, copyright interests, in the material that constitutes the Documents.
- Licensee represents and warrants that it has the right to enter into this License Agreement and that the individual agreeing to the terms and conditions set forth in this License Agreement is authorized to do so on his/her own behalf or on behalf of the organization he/she represents.
- The Documents have been developed as tools for information security, privacy and business continuity compliance. They are based on general information security and privacy laws, regulations, principles, frameworks, audit programs, seal programs and regulatory guidance from various jurisdictions and do not constitute legal advice or an exhaustive list of questions or procedures covering all the information security or privacy laws in the US, or rest of the world, that may apply to a service provider. The Licensee should consult counsel on a case-by-case basis to ensure compliance with all applicable information security and privacy laws, regulations, policies and standards.
- THE PROGRAM DOCUMENTS ARE PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED.
- Grant of Limited License
The Program hereby grants to Licensee, a non-exclusive, limited license to access and use the Documents subject to the following:
- No modifications may be made to the Documents without the express written permission of Program.
- Licensee must notify Program at firstname.lastname@example.org of their reasons for the modifications and make the modifications available to for review and approval as additions and/or modifications to the current version of the Documents.
- Copyright and all other intellectual property or proprietary rights in the Documents, and any modifications to the Documents, shall belong exclusively to Program.
- If the Licensee wishes to incorporate the Documents into software product offered for license or sale, it must first obtain a separate license from the Program.
- Licensee will not knowingly remove any copyright notice or trade name or marks of the Program that may appear on the Documents. Licensee shall comply with applicable conventions regarding copyright and source of material attribution.
- Licensee shall not reverse engineer, decompile, disassemble, reengineer or otherwise attempt to discover the source code of any software components of the Documents, except as allowed by applicable law.
- The Documents are provided solely for the use of the Licensee and its Affiliates (as defined below) and are not for re-sale or distribution to third parties.
- The Documents may be used by any number of employees, agents and consultants of Licensee and/or its Affiliates (collectively, “Permitted Users”) for the benefit of Licensee and/or any Affiliates. Without limiting any other provision of this Agreement, Permitted Users may use, copy, process, compile, store or download, in hard copy or electronically, any amount of information for research on behalf of Licensee and distribute any information used in such research in any format (e.g. hardcopy or electronic), amount and frequency to any employee and/or consultant of any Permitted User.
- Documents distributed to another individual or entity by the Licensee, or its Affiliate, for the purpose of any assessment, audit, investigation, or other use permitted by Licensee, shall not convey any rights in the Documents whatsoever to that individual or entity, including without limitation, the right to use, reuse, or distribute the Documents to anyone other than the Licensee or Affiliate from whom they were received. Licensee and/or its Affiliate (as appropriate) shall convey in writing such limitation to any individual or entity to which it provides a copy of the Documents.
- “Affiliate” as used herein means an entity either directly or indirectly controlled by or under common control of the Licensee or the Program, as the case may be.
- Intellectual Property
- Except for the limited license granted in this License Agreement, the Program retains all rights, title and interest in and to, including, copyright interests, in and to the Documents, its trademarks and any goodwill associated therewith.
- Licensee shall not assert rights in any modifications to the Documents against the Program, its members, sponsors, or any other person or entity who holds a license in the Documents granted by the Program.
- The Program will indemnify Licensee from and against any and all losses incurred by Licensee, including, without limitation, Licensee’s reasonable attorneys’ fees, resulting from any third-party claim that is based on a breach of the Program’s Representations and Warranties set forth in Section 2.a. and b above.
- Licensee will indemnify the Program from and against any and all losses incurred by the Program, including, without limitation, the Program’s reasonable attorneys’ fees, resulting from any third-party claim relating to a breach of the Licensee’s Representations and Warranties set forth in Section 2.c. above.
- The party seeking indemnification shall give prompt written notice to the other party of the claim for which indemnification is sought, shall proffer the defense of such claim to the indemnifying party, and shall cooperate fully with the indemnifying party. The indemnifying party may defend or settle the claim in its discretion; provided, however, that no settlement shall impose liability or expense on the indemnified party or require the indemnified party to take any affirmative or negative action without such party’s express, written consent.
- Default: Program’s Rights
In the event that the Licensee fails to fully perform any of its obligations under this License Agreement including, without limitation, any breach of the terms of the License granted in Section 3 above or any violation of the Program’s intellectual rights in the Documents under Section 4 above (a “Default”), and the Default is not cured within thirty (30) days of the Program providing written notice of the Default to Licensee, the Program may pursue any and all legal or contractual remedies available to it, including without limitation, money damages and/or injunctive relief.
- This License Agreement, including Exhibit A hereto, is the parties’ entire agreement and supersedes all prior or contemporaneous negotiations, agreements or understandings respecting its subject matter.
Any failure to exercise or enforce any right or provision in this License Agreement will not constitute a waiver of such right or provision. If any part of this License Agreement is determined to be invalid or unenforceable under applicable law, that provision will be removed, and the remainder of the License Agreement will continue to be valid and enforceable. To the extent that the terms of this License Agreement conflict with the Membership Agreement, this License Agreement shall control. The headings in the License Agreement are intended for convenience of reference and will not affect interpretation of this License Agreement.
- This License Agreement may be amended, supplemented, or otherwise modified only by means of a written instrument signed by both parties.
- This License Agreement may not be assigned by either party, except to an Affiliate, without the other party’s written consent, provided that, the Program may, upon notice to Licensee, assign this License Agreement to any entity that succeeds to the Program’s rights in the Documents. This License Agreement shall be binding upon the parties’ successors and permitted assigns.
- Any notice to the Licensee will be sent to the Primary Contact and address on files with the Program. Any notice to the Program will be sent to Shared Assessments at 3 Chamisa Drive, North, Suite 2, Santa Fe, NM 87508. All notices shall be sent by express mail or next day express delivery service with signed receipt. Notice shall be deemed effective upon receipt.
- This License Agreement and all claims arising from or related to Licensee’s use of the Documents will be governed by and construed in accordance with the laws of the State of New Mexico. With respect to any disputes or claims not subject to arbitration (as set forth below), Licensee agrees to exclusive jurisdiction in the state and federal courts in New Mexico. Notwithstanding any other provision of this License Agreement, the Program may seek injunctive or other equitable relief from any court of competent jurisdiction. Regardless of any statute or law to the contrary, Licensee must file any claim or action related to use of the Documents within one year after such claim or action accrued. Otherwise, Licensee will be deemed to have waived the claim or action.
- Notwithstanding the foregoing, the parties agree that (i) if the Licensee is ever involved in any legal proceedings initiated or involving a third party and related to the Documents, the Licensee may compel the Program’s intervention in the jurisdiction where the proceedings have been initiated by said third party, and (ii) if the Program is ever involved in any legal proceedings initiated or involving a third party and related to the Licensee’s use of the Documents, the Program may compel the Licensee’s intervention in the jurisdiction where the proceedings have been initiated by said third party.
- The Program may elect to resolve any controversy or claim arising out of or relating to this License Agreement by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association. Unless the Program establishes a different location, arbitration hearings will be held in Santa Fe, New Mexico. The arbitrator’s award will be binding and may be entered as a judgment in any court of competent jurisdiction.
- This License Agreement has no fixed term and the rights and obligations of the parties will continue in effect so long as the Licensee retains possession or access to the Documents. Notwithstanding anything to the contrary herein, the following Sections will survive any attempt by the Licensee to terminate or cancel this License Agreement for any reason:
- Section 2.e;
- Section 3;
- Section 4.
- Section 5;
- Section 6; and
- This Section 7.
EXHIBIT A SHARED ASSESSMENTS DOCUMENTS SUBJECT TO LICENSE AGREEMENT=
- 2017 SHARED ASSESSMENTS AGREED UPON PROCEDURES (2017 AUP)
- 2017 SHARED ASSESSMENTS AGREED UPON PROCEDURES REPORT TEMPLATE (2017 AUP Report Template)
- 2017 SHARED ASSESSMENTS STANDARDIZED INFORMATION GATHERING (SIG) QUESTIONNAIRE (2017 SIG)
- 2017 SHARED ASSESSMENTS SIG MANAGEMENT TOOL (2017 SIG Management Tool)
- 2017 SHARED ASSESSMENTS SIG SCOPING TOOL (2017 SIG Scoping Tool)
- 2017 SHARED ASSESSMENTS STANDARDIZED INFORMATION GATHERING (SIG) QUESTIONNAIRE LITE (2017 SIG Lite)
- 2017 SHARED ASSESSMENTS SIG LITE MANAGEMENT TOOL (2017 SIG Lite Management Tool)
- 2017 SHARED ASSESSMENTS VENDOR RISK MANAGEMENT MATURITY MODEL (2017 VRMMM)
- Intellectual Property
The Program holds all rights, title and interest in and to, including, in some instances, copyright interests in and to, the content, information, data, designs, code, and materials associated with the Services (“Content”) that are protected by intellectual property and other laws. The User must comply with all such laws and applicable copyright, trademark or other legal notices or restrictions.
- Registration and Access Controls
The User is responsible for maintaining the confidentiality of its user name and password and it accepts responsibility for all activities, charges, and damages that occurs under its account. If a User has reason to believe that someone is using its account without permission, the User should contact the Program immediately. The Program will not be responsible for any loss or damage resulting from a User’s failure to notify it of unauthorized use. If the Program requests registration information from a User, it must provide the Program with accurate and complete information and must update the information when it changes. A User may not access any age-restricted Services unless he/she are above the required age.
- Third-Party Content
- Fee-Based Services
If a User accepts fee-based products or features, it agrees to the terms and conditions governing all such purchases, including all requirements to pay applicable fees and charges. The Program will notify Users of any changes to fees and charges.
- Acceptable Use
The Services have been designed to present Content in a unique format and appearance. Unless the Program gives a User prior written permission, the User agrees not to access the Services using any interface other than the Program’s. The Program may deny permission to link to the Services for any reason in its sole discretion, and a User must be able to edit or delete promptly links that it creates, upon the Program’s request. Consistent with these Terms, a User may not use the Services to do or assist others to do the following:
- Link to the Services from a site or transmit any material that is inappropriate, profane, vulgar,
offensive, false, disparaging, defamatory, obscene, illegal, sexually explicit, racist, that promotes violence, racial hatred, or terrorism, or that the Program deems, in its sole discretion, to be otherwise objectionable;
- Frame the Services, display the Services in connection with an unauthorized logo or mark, or do anything that could falsely suggest a relationship between the Program and any third party or potentially deprive the Program of revenue (including, without limitation, revenue from advertising, branding, or promotional activities);
- Violate any person’s or entity’s legal rights (including, without limitation, intellectual property, privacy, and publicity rights), transmit material that violates or circumvents such rights, or remove or alter intellectual property or other legal notices;
- Knowingly transmit files that contain viruses, spyware, adware, or other harmful code;
- Interfere with others using the Services or otherwise disrupt the Services;
- Transmit, collect, or access personally identifiable information about other users without the consent of those users and the Program;
- Engage in unauthorized spidering, “scraping,” or harvesting Content, contact or other personal information, or use any other unauthorized automated means to compile information;
- Impersonate any person or entity or otherwise misrepresent an affiliation or the origin of materials it transmits; or
- Defeat any access controls, access any portion of the Services that it is not authorized to access (including password-protected areas), link to password-protected areas, attempt to access or use another user’s account or information, or allow anyone else to use its account or access credentials.
- Consequences of Violations: Disclosures for Legal Compliance
- The Program may take any of the following actions in its sole discretion and without notice for violation of these Terms and/or, if applicable, any terms of the Shared Assessment Membership Agreement:
- Restrict or terminate a User’s access to the Services;
- Change or discontinue the Services to the User; and/or
- Deactivate a User’s account and delete all related information and files in its account;
- The will not be liable to a User or any third party for taking any of these actions and it will not be limited to the remedies above if a User violate these Terms.
The User will defend, indemnify, and hold harmless the Program and its directors, officers, employees, shareholders, vendors, partners, contractors, agents, licensors or other representatives of each of them and all of their successors and assigns, for all damages, liabilities, and expenses or obligations of any kind (including attorney’s fees and costs), arising out of or in connection with the User’s use or misuse of the Services (including, without limitation use of its account, whether or not authorized by the User, and claims arising from information or materials generated by Shared Assessments members or third parties).
- Disclaimers; Limitation of Liability
- THE PROGRAM DOES NOT WARRANT:
- THAT THE SERVICES, ANY OF THE SERVICES’ FUNCTIONS OR ANY CONTENT OR SOFTWARE CONTAINED THEREIN WILL BE UNINTERRUPTED OR ERROR-FREE;
- THAT DEFECTS WILL BE CORRECTED;
iii. THAT THE SERVICES OR THE SERVERS HOSTING THEM ARE FREE OF VIRUSES OR OTHER HARMFUL CODE; OR
- THAT THE SERVICES OR INFORMATION AVAILABLE THROUGH THE SERVICES WILL CONTINUE TO BE AVAILABLE.
- THE PROGRAM DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTIES WITH RESPECT TO THE SERVICES AND CONTENT, INCLUDING, WITHOUT LIMITATION, NONINFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND TITLE. THE SERVICES, INCLUDING, WITHOUT LIMITATION, ALL CONTENT, SOFTWARE, AND FUNCTIONS MADE AVAILABLE ON OR ACCESSED THROUGH OR SENT FROM THE SERVICES, ARE PROVIDED “AS IS,” “AS AVAILABLE,” AND “WITH ALL FAULTS.”
- THE PROGRAM WILL NOT BE LIABLE TO ANY USER OR ANYONE ELSE FOR ANY LOSS OR DAMAGES OF ANY KIND (INCLUDING, WITHOUT LIMITATION, FOR ANY SPECIAL, DIRECT, INDIRECT, INCIDENTAL, EXEMPLARY, ECONOMIC, PUNITIVE, OR CONSEQUENTIAL DAMAGES) IN CONNECTION WITH THE SERVICES OR A USER ‘S SUBMISSIONS, (INCLUDING, WITHOUT LIMITATION, WHETHER CAUSED IN WHOLE OR IN PART BY NEGLIGENCE, GROSS NEGLIGENCE, OR OTHERWISE, BUT EXCLUDING WILLFUL MISCONDUCT).
- A USER’S ACCESS TO AND USE OF THE SERVICES IS AT ITS OWN RISK. IF A USER ISE DISSATISFIED WITH THE SERVICES OR ANY OF THE CONTENT, ITS SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE ACCESSING AND USING THE SERVICES.
- THE USER ACKNOWLEDGES AND AGREES THAT IF IT INCURS ANY DAMAGES THAT ARISE OUT OF THE PROGRAM’S ACTS OR OMISSIONS, EVEN IF IRREPARABLE, IT WILL NOT BE ENTITLED TO AN INJUNCTION OR OTHER EQUITABLE RELIEF. THE USER ACKNOWLEDGES THAT IT MAY BE WAIVING RIGHTS WITH RESPECT TO CLAIMS THAT ARE UNKNOWN OR ARE UNSUSPECTED. ACCORDINGLY, THE USER AGREES TO WAIVE THE BENEFIT OF ANY LAW, THAT OTHERWISE MIGHT LIMIT ITS WAIVER OF SUCH CLAIMS.
- Changes; Additional Terms
The Program may occasionally change these Terms, so it encourage Users to review the Terms periodically. If the Program makes a change to the Terms, the User will be presented with the updated Terms at its next log in to the website and given the opportunity to review and accept/reject those new terms. The most current version of the Terms (along with their effective date) will be posted on the website. If a User continues to use the Services after the Terms have been changed, it will be deemed to have agreed to the changes. Additional terms may apply to a User’s use of the Services. The Program will provide these terms to Users or post them on the Services to which they apply and they are incorporated by reference into these Terms. If there is a conflict between these Terms and any additional terms that apply to a particular Service, the additional terms will control. Special promotions of the Services may also have additional rules and requirements, and Users are responsible for complying with those rules and requirements.
- The Program’s failure to exercise or enforce any right or provision in these Terms will not constitute a waiver of such right or provision. These Terms and all additional terms, conditions, and policies on the Services, constitute the entire agreement between a User and the Program and supersede all prior agreements with respect to the subject matter hereof. If any part of these Terms is determined to be invalid or unenforceable under applicable law, that provision will be removed, and the remainder of the Terms will continue to be valid and enforceable. To the extent that these Terms conflict with the Membership Agreement, these Terms shall control. The headings in these Terms are intended for convenience of reference and will not affect interpretation of these Terms.
- The Program may be required by state or federal law to notify Users of certain events. The User hereby acknowledges and agrees that such notices will be effective upon posting them on the Program’s websites or delivering them to the User via email. The User may update its email address by visiting the Services where it has provided contact information. If a User does not provide the Program with accurate information, it will not be responsible for failure to notify the User.
- These Terms and all claims arising from or related to a User’s use of the Services will be governed by and construed in accordance with the laws of the State of New Mexico. With respect to any disputes or claims not subject to arbitration (as set forth below), the User agrees to exclusive jurisdiction in the state and federal courts in New Mexico. Notwithstanding any other provision of these Terms, the Program may seek injunctive or other equitable relief from any court of competent Regardless of any statute or law to the contrary, the User must file any claim or action related to use of the Services or these Terms within one year after such claim or action accrued. Otherwise, the User will be deemed to have waived the claim or action.
- The Program may elect to resolve any controversy or claim arising out of or relating to these Terms or the Services by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association. Unless the Program establishes a different location, arbitration hearings will be held in Santa Fe, New Mexico. The arbitrator’s award will be binding and may be entered as a judgment in any court of competent jurisdiction.