Get the latest & greatest cybersecurity insights straight to your inbox:
Terms of Service for Managed Service Provider
HOME > Terms of Service for Managed Service Provider
These Terms of Service govern Customer’s access and use of the Cybeready platform
Nature of Engagement.
(1) This Agreement sets forth the terms and conditions by which, with a minimum of 1000 managed users will represent and manage, on a non-exclusive basis, solutions provided by CybeReady (the “CybeReady Solution”). The agreement is set for a period of time for the MSP and not specific to the individual companies being onboarded (2) The managed service will be on a company base level and not licensing based. Each MSP customer is fully served as a unique entity. The MSP will have access to the platform for unlimited companies, but the number of employees trained will depend on their subscribed tier. (3) The Subscription is managed by the MSP directly for the MSP’s customers. CybeReady has no direct relationship with the MSP’s customers. (4) The service is based on content customization, analysis and reporting service and technical support. (5) MSP Is eligible to charge the MSP’s customer for additional services regardless of CybeReady price list. (6) This Agreement does not create an exclusive relationship between the parties, except as expressly set forth in this Agreement. MSP’s relationship with CybeReady under this Agreement will be that of an independent contractor. MSP will not have and will not represent that MSP has any authority to bind CybeReady, or to assume or create any obligations or to make any warranties or representations on behalf of CybeReady or in CybeReady’s name, or to enter into any agreements regarding CybeReady Solutions.
Rights and Obligations of MSP.
(a) Responsibilities.
MSP will, unless otherwise requested by CybeReady: (i) advertise, promote and solicit orders for CybeReady Solutions in accordance with the terms and policies of CybeReady as announced and amended from time to time; (ii) use reasonable commercial efforts to participate in the activities set forth in any joint marketing guidelines agreed between the parties; (iii) locate prospective MSP customers for CybeReady Solutions and provide all pertinent information concerning CybeReady Solutions to prospective MSP customers and general information regarding Cyber Security Awareness Training and Phishing Simulations; (iv) jointly build and participate in account planning sessions to identify potential customers and provide periodic updates to CybeReady on a monthly basis, in a form provided by CybeReady and agreed to by MSP (“Reports”); (v) manage and deliver the products and services to MSP customers, all subject to the CybeReady’s polices and standards , and (vi) perform the actions set forth in Exhibit A. CybeReady has the right, in its sole and absolute discretion, to make changes to the CybeReady Solutions and price list, upon 30 days prior written notice to MSP, provided that no such change shall effect any currently registered deal opportunities.
(b) Covenants.
MSP will: (i) conduct business in a manner that reflects favorably at all times on CybeReady Solutions, and the good name, goodwill and reputation of CybeReady and CybeReady’s partners and CybeReadys; (ii) make no false or misleading representations or advertisements with regard to CybeReady or CybeReady Solutions; (iii) make no representations, warranties or guarantees to MSP customers with respect to the CybeReady Solutions that are inconsistent with the literature distributed by CybeReady and CybeReady’s partners and CybeReadys, and (iv) not engage in any deceptive, misleading, illegal or unethical practices.
(c) No Conflict.
MSP will not represent, distribute or develop during the term of this Agreement and for six months thereafter any products or services that are competitive with CybeReady Solutions in the fields of Cyber Security Awareness Training and Phishing Simulations. CybeReady will not, during the term of this Agreement and for twelve months thereafter, directly sell or provide to a MSP customer that was located by MSP products or services that are competitive with CybeReady Solutions. Notwithstanding the foregoing, the MSP shall retain the right to render services by vendors deemed as competitive to CybeReady (the “Competitive Vendors”), provided that the MSP (i) accords precedence and favor to the Subscriptions of CybeReady under this Agreement, and (ii) collaborates with CybeReady upon entering into agreements with a new Competitive Vendors
(d) No Solicitation.
Except as otherwise may be agreed in writing, each party agrees that during the term of this Agreement and for twelve months thereafter, it shall not directly or indirectly solicit or hire as employee or independent contractor, any employee of the other party with whom it comes into contact as a result of providing or receiving referrals hereunder. “Solicit” shall not be deemed to include, among other things, advertising in newspapers or trade publications available to the public.
(e) Representations.
Each party represents and warrants that the execution and delivery of this Agreement and the fulfillment of its terms: (i) will not constitute a default under or conflict with any agreement or other instrument to which he is a party or by which he is bound; and (ii) do not require the consent of any person or entity. MSP represents and warrants that it: (i) has the requisite expertise and resources to perform the Subscriptions to the costumers; (ii) will perform the services in compliance with all applicable laws and regulations; and (iii) will utilize Cybeready’s Solution and platform solely for cyber security awareness training purposes. Any use of the Cybeready’s Solutions and platform for purposes other than cyber security awareness training is strictly prohibited, and (iv) will adhere to Cybeready’s Code of Ethics as described as set forth in Exhibit C, and all platform Cybeready’s policies.
(f) No White Labeling.
he MSP acknowledges that all services shall be provided under the branding of Cybeready Solution and Cybeready’s platform.
Obligations of
CybeReady.
CybeReady will provide MSP with marketing and technical information concerning CybeReady Solutions. CybeReady shall support Provider by this Support Contact Information address: support.cybeready.com. CybeReady shall keep the service level standards along this agreement according to the SLA in Exhibit D.
Billing and Collection.
All CybeReady Solutions for which CybeReady onboard a new MSP customer under this Agreement will be billed by CybeReady directly to the MSP. Payment shall be made free and clear of any deductions, reductions, or withholdings, which shall be borne exclusively by MSP.
Fees.
MSP will subscribe CybeReady Solutions at the pricing rates set forth in Exhibit B, or as otherwise agreed in writing between the parties. MSP will be responsible for any and all costs and expenses that it incurs in connection with its performance under this Agreement. CybeReady shall have a right to audit MSP, at MSP’s facilities, upon at least thirty (30) days prior written notice, to ensure that MSP is in compliance with the terms of this Agreement.
Mutual Confidentiality.
(a) Obligation.
Each party acknowledges that, in the course of performing its obligations under this Agreement, it may obtain information of a confidential and proprietary nature, including information relating to CybeReady Solutions (“Confidential Information”). Such Confidential Information includes, without limitation, trade secrets, know-how, methods, processes, tools, inventions, customer and financial information, product knowledge, customers’ data, sales, marketing plans, identity of potential customers and the terms of this Agreement. Each party will use Confidential Information only in connection with fulfilling its obligations under this Agreement, and will not disclose Confidential Information, except to its employees and consultants who have a need to know or have access to Confidential Information in order to carry out the purposes of this Agreement and have executed nondisclosure agreements not less restrictive than this Section, binding them not to use or disclose Confidential Information except as permitted herein.
(b) Exceptions.
The obligations contained in this Section will not apply to the extent any information: (i) was rightfully in the receiving party’s possession or known to it prior to receipt from the disclosing party; (ii) is or becomes public knowledge without the fault or action of the receiving party; (iii) is received by a party from a third party who received and disclosed the information without violation of any confidentiality restriction; (iv) is independently developed by a party without violation of any confidentiality restriction; or (v) is required to be disclosed by an authority with competent jurisdiction.Each party acknowledges that, in the course of performing its obligations under this Agreement, it may obtain information of a confidential and proprietary nature, including information relating to CybeReady Solutions (“Confidential Information”). Such Confidential Information includes, without limitation, trade secrets, know-how, methods, processes, tools, inventions, customer and financial information, product knowledge, customers’ data, sales, marketing plans, identity of potential customers and the terms of this Agreement. Each party will use Confidential Information only in connection with fulfilling its obligations under this Agreement, and will not disclose Confidential Information, except to its employees and consultants who have a need to know or have access to Confidential Information in order to carry out the purposes of this Agreement and have executed nondisclosure agreements not less restrictive than this Section, binding them not to use or disclose Confidential Information except as permitted herein.
Trademarks.
(a) Use of Trademarks.
During the term of this Agreement, MSP will have the right to use the trade names, trademarks, logos and designations in or associated with CybeReady Solutions (“Marks”) solely in connection with its activities under this Agreement.
(b) Ownership and Use of Trademarks.
MSP acknowledges and agrees that CybeReady owns or has a right to use the Marks and that any and all goodwill derived from the use of the Marks by MSP inures solely to the benefit of CybeReady or CybeReadys’ partners and CybeReadys. If at any time MSP acquires any rights in any Marks, MSP hereby assigns and agrees to assign such rights to CybeReady, or as directed by CybeReady, along with any and all associated goodwill, at no cost to CybeReady. MSP will at no time challenge the validity, ownership or enforceability of any Marks or take any action that would otherwise adversely affect CybeReady’s rights, or the rights of CybeReadys’ partners and CybeReadys, in any Marks, including, without limitation, using, advertising, displaying or applying to register any trademark, trade name, logo or other designation that is similar to or that may be confused with any Marks.
Terms and
Termination.
Terms and Termination.
(a) Term.
This Agreement commences as of the Effective Date for an initial term of one year, unless sooner terminated as provided below. The parties may agree to renew this Agreement by mutual consent in writing.
(b) Termination.
This Agreement may be terminated at any time by either party with or without cause by written notice given to the other party not less than thirty (30) days prior to the effective date of such termination.
(c) Effect of Termination.
Upon the termination or expiration of this Agreement, MSP will: (i) immediately return to CybeReady all copies of all Confidential Information in its possession or control, accompanied by a certification by an officer of MSP confirming such return; (ii) promptly return to CybeReady all materials provided by CybeReady pursuant to Section 4; (iii) cease all use, advertising and display of all Marks, and (iv) notify the MSP’s customers promptly and on the same date that the Subscription has been terminated. For the avoidance of doubt, the termination of this Agreement applies irrespective of when each MSP customer begins their training.
(d) No Damages for Termination or Expiration.
NEITHER PARTY WILL BE LIABLE TO THE OTHER FOR DAMAGES OF ANY KIND ON ACCOUNT OF THE TERMINATION OR EXPIRATION OF THIS AGREEMENT IN ACCORDANCE WITH THIS SECTION. MSP WAIVES ANY RIGHT IT MAY HAVE TO RECEIVE ANY COMPENSATION OR INDEMNITY ON TERMINATION OR EXPIRATION OF THIS AGREEMENT UNDER THE LAW OF THE AGREEMENT OR OTHERWISE, OTHER THAN AS EXPRESSLY PROVIDED IN THIS AGREEMENT. MSP acknowledges that: (i) MSP has no expectation and has received no assurances that any investment by MSP in the promotion of and solicitation of orders for CybeReady Solutions will be recovered or recouped or that MSP will obtain any anticipated amount of profits by virtue of this Agreement; and (ii) MSP will not have or acquire by virtue of this Agreement or otherwise any vested, proprietary or other right in the promotion of and solicitation of CybeReady Solutions or in any “goodwill” created by its efforts hereunder.
(e) Survival.
The parties’ rights and obligations under Sections 2(c), 2(d), 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, and 17 will survive any termination or expiration of this Agreement.
Limitation of Liability.
IN NO EVENT WILL ANY PARTY BE LIABLE FOR ANY LOST PROFITS OR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES OF ANY KIND, ARISING OUT OF OR RELATING TO THIS AGREEMENT, REGARDLESS OF THE CAUSE OF ACTION (INCLUDING NEGLIGENCE), EVEN IF SUCH PARTY HAS BEEN INFORMED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES. OTHER THAN WITH RESPECT TO INDEMNITY OBLIGATIONS AND BREACH OF CONFIDENTIALITY OBLIGATIONS UNDER THIS AGREEMENT, EACH PARTY’S TOTAL CUMULATIVE LIABILITY TO THE OTHER PARTY FROM ALL CAUSES OF ACTION AND UNDER ALL THEORIES OF LIABILITY WILL BE LIMITED TO AND WILL NOT EXCEED THE AMOUNTS PAID BY MSP TO CYBEREADY PURSUANT TO THIS AGREEMENT DURING THE TWELVE-MONTHS PERIOD PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY.
Governing Law and Jurisdiction.
This Agreement shall be governed by the law of the state of Israel, without reference to conflict of laws principles. Any litigation that arises from this Agreement or any transaction shall be commenced only in a court in Tel Aviv-Jaffa and the parties expressly consent to the jurisdiction and venue of such courts.
Force Majeure.
Neither CybeReady nor MSP will be responsible for any failure to perform due to causes beyond CybeReady’s or MSP’s control, including but not limited to acts of God, war, terrorism, riot, embargoes, acts of civil or military authorities, fire, floods, strikes, or national shortages of transportation, facilities, fuel, energy, labor or materials, provided the affected party notifies the other party promptly of the force majeure event and takes diligent steps to resume performance as soon as possible.
Compliance with Law.
MSP will at all times have all permits and licenses required by any governmental unit or agency and will comply with all applicable international, national, state, regional and local laws and regulations, including export laws, in performing its duties hereunder and in any of its dealings with respect to CybeReady Solutions.
No Employer-Employee Relationship.
In all matters relating to this Agreement, neither MSP nor its employees, consultants, agents are or will act as employees of CybeReady within the meaning or application of any laws or regulations. Both parties agree that this Agreement does not establish a joint venture or partnership. MSP will indemnify and hold harmless CybeReady and its members, officers, directors and agents, from any related liabilities or obligations imposed or attempted to be imposed upon CybeReady with respect to employees, consultants or agents of MSP in the performance of this Agreement.
Disclaimer.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, CYBEREADY DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS REGARDING CYBEREADY SOLUTIONS, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. MSP WILL MAKE NO WARRANTIES OR REPRESENTATIONS IN CYBEREADY’S NAME OR ON CYBEREADY’S BEHALF.
Indemnity.
MSP will defend or settle, indemnify and hold CybeReady and its members, officers, directors and agents harmless from any liability, damages and expenses (including court costs and reasonable attorneys’ fees) arising out of or resulting from any third-party claim based on or otherwise attributable to: (i) MSP’s negligence or willful misconduct; (ii) any misrepresentations or any representations or warranties not authorized by CybeReady made by MSP with respect to CybeReady or the CybeReady Solutions, (iii) MSP’s breach of any term, condition or obligation under this Agreement. CybeReady will defend or settle, indemnify and hold MSP and its members, officers, directors and agents harmless from any liability, damages and expenses (including court costs and reasonable attorneys’ fees) arising out of or resulting from any third-party claim based on or otherwise attributable to an infringement of third party intellectual property rights by CybeReady Solutions.
It is agreed and understood that MSP shall have no obligation to defend or settle, indemnify or hold CybeReady harmless from any liability, damages and expenses (including court costs and reasonable attorneys’ fees) arising out of or resulting from any third-party claim based on or otherwise attributable to a liability claim for defective CybeReady Solutions or intellectual property infringement by CybeReady Solutions.
Compliance.
CybeReady and MSP shall comply with all applicable laws and regulations governing the processing of personal information, as may be amended or enacted from time to time, including the EU General Data Protection Regulation 2016/679 (“GDPR”). CybeReady may serve as a data processor of the MSP customer, but not of MSP. CybeReady confirms that it is ISO 27001 and SOC II Type 2 certified.
General.
force and effect. This Agreement, including its Exhibits, constitutes the entire and exclusive agreement between the parties pertaining to the subject matter hereof, and supersedes any and all written or oral agreements previously existing between the parties with respect to such subject matter. Any modifications of this Agreement must be in writing and signed by both parties hereto. Any notices required or permitted under this Agreement will be in writing (e-mail acceptable) and will be effective upon receipt at the receiving party’s address listed above, or such other address as specified by the party by notice hereunder. This Agreement may be executed in counterparts, including by facsimile or PDF signature, and each of which will be considered an original.
IN WITNESS WHEREOF, the parties hereto have executed this Agreement as of the Effective Date.
Exhibit A – MSP Service Responsibilities
| Tasks | MSP Model Operation |
|---|---|
| Subscription Activation | |
| New account setup | CYBEREADY |
| Fill out the ORG profile | MSP |
| Domain Allowlist | MSP |
| Upload employees – AD integration (initial uploading) | CYBEREADY |
| Upload employees list | CYBEREADY |
| Account activation in the backend | CYBEREADY |
| Programs activation | MSP |
| Internal comms activation | MSP |
| Phishing set-up | MSP |
| Ongoing service | |
| Customizations of Phishing Simulations | MSP |
| Training on 2FA installation | MSP |
| Monitoring of health status on Power BI | CYBEREADY |
| Providing customer reports | MSP |
| Periodic meetings with the customer | MSP |
| Monitoring & Health stats on Dashboard | MSP |
| Ensuring Subscription Renewal | |
| Communication on time | MSP |
| Subscription Termination | |
| Stop / Deactivate running programs | MSP |
| Extract the data reports / PBR | MSP |
| Change account state to suspension or Archive | CYBEREADY |
As part of the services provided under this Agreement, the MSP is authorized to offer each MSP’s customer the following:
| Product | Limitations |
|---|---|
| Phishing Simulations | Unlimited usage |
| Smishing Simulations | Subject to an annual limit on the total number of SMS messages, calculated as four (4) times the number of targets. CybeReady provides smishing simulation campaigns in the countries specified at https://support.cybeready.com/hc/en-us/articles/18159076357916-Countries-Support-in-Smishing-Simulations (the “Supported Countries”). The list of Supported Countries may be updated, modified, or amended from time to time at the CybeReady’s sole discretion, without prior notice. The provision of smishing simulation campaigns in any jurisdiction remains subject to applicable laws, regulations, and CybeReady’s internal policies. CybeReady reserves the right to restrict, suspend, or discontinue such services in any jurisdiction at any time, without liability. |
| CAB | The addition of new bites is restricted to the existing limit per customer, which is capped at three (3) |
| AuditReady | The addition of new modules is restricted to the existing limit per customer. |
Exhibit B – Pricing
MSP shall subscribe CybeReady Solutions at a discount from CybeReady’s price list attached hereto as Exhibit B, as amended by CybeReady from time to time, with a 30 day prior written notice to MSP:
| Total Number of Users | Price | Comments |
|---|---|---|
| 0-1000 | $15,000 | Minimum starting point. Upfront payment |
| Each additional 1000 | $15,000 |
Exhibit C – Code of Ethics
Why do we even have a code of ethics?
Ethics in our product ensure that the learning process is effective and supported by organizational leadership.
Ethics establishes the standard for appropriate behavior within a field. It defines the norms, rules of conduct, and underlying principles that guide a worker’s actions. These principles reflect the values of the field.
Ethics provides guidance for professionals, employees, and leaders on how to act appropriately in all situations, both routine and exceptional.
What are the ethical principles we are committed to on our platform?
Our code of ethics addresses 3 main dimensions:
- Creating trust in the learning program and its content
- The product operates continuously, from an educational concept that guarantees “learning towards mastery”, meaning that it allows each employee the opportunity to continue and succeed over time, depending on the training effort invested in it.
- The product serves as a safe and protected environment for learning. Hence, if there is a “mistake” it is defined as an opportunity for learning and not as a “failure”.
- The attack simulations will avoid the use of sexually offensive content, job offers, and business ethics.
- Effective use for the benefit of adapting the learning process
- The decisions made in the product are for the organization and not focused on the employee as an individual.
- The algorithm is designed to operate in a random, equal and fair manner for all employees in the organization.
- Fair use of learning results within the organization
- The results of the learning program in the product will be presented as a trend and not as a grade, in an organizational, aggregated and not personal way.
- Personal information will be accessible according to the reduction approach – only to those who are necessary and will not be shared publicly.
- Data will not be used inappropriately against employees, whether by punishment or by publicizing (shaming) to increase motivation.
Exhibit D – Service Level Agreement (SLA)
This Service Level Agreement (“SLA”) is for the provisioning of support services required to support and sustain the Platform. Termination of the Agreement will result in termination of this SLA
MSSP Requirements. MSSP responsibilities and/or requirements in support of this SLA include: (a) MSSP’s compliance with the Agreement and the applicable Order From; (b) reasonable availability of MSSP’s admin and/or technical representative(s) when resolving a service-related incident or request; and (c) providing proper notice of non-compliance of the Company with any warranty in accordance with the Agreement and sufficiently detailing the non-compliance in a manner that enables the Company to properly assist with the remediation. The Company will not be responsible for delays caused by MSSP’s failure to respond to requests from the Company. MSSP understands that the Platform will only operate in accordance with the Company’s Documentation, as defined in the Agreement, and it is MSSP’s responsibility to ensure that the Platform will be fit for its purposes and to ensure that the Platform will be supported by MSSP’s technology and business environment. MSSP understands that Platform is non-mission critical to MSSP’s business.
CybeReady shall keep the following service level standards along this agreement:
| Severity | Description |
|---|---|
| P1 | There is a direct and immediate impact on MSSP’s production work. E.g. an attack sent creates an immediate reaction by most of the users and that requires immediate response of the security team |
| P2 | Indirect or low impact on MSSP’s users. E.g. double intensity set for users incorrectly/not intentionally |
| P3 | All others E.g. Incorrect language set for specific user |
Support channels for MSSP:
| Open a ticket via Email | support.cybeready.com |
| Knowledge-base Portal | support.cybeready.com |
| Issue Type | Severity | First Response | Resolution |
|---|---|---|---|
| Problem / Malfunction | p1 | 8 BH | Continuous through business hours to resolution or workaround. E.g., Specific message is removed or service is stopped until message is replaced and approved |
| p2 | NBD | By priority during business hours E.g. double intensity is disabled | |
| P3 | 2 BD | By priority during business hours E.g. Remove message due to MSSP similar internal process (HR Survey) | |
| Request | P1 | NBD | By priority during business hours E.g. Remove message due to MSSP similar internal process (HR Survey) |
| P2 | NBD | By priority during business hours E.g. Change PII setting | |
| P3 | 2 BD | By priority / According to business limitations E.g. Update users list will not be executed during the last 3 days of a campaign |
* All time frames refer to business hours or business days. The platform service is normally delivered / attacks are sent during business hours 9-5.
