This Master Services Agreement (this "Agreement"), effective as of the last date of signature below (the "Effective Date"), is entered into by and between 4Geeks Technologies, Inc, with offices located at 2711 Centerville Road, Wilmington, Delaware 19808 (“4Geeks”) and Client listed in the signature blocks below ("Client").
WHEREAS, 4Geeks has the capability and capacity to provide certain professional, educational, operational and technical services; and
WHEREAS, Client desires to periodically engage 4Geeks to provide the said services on a project basis for Client or Client’s customer (“Customer”) under the terms and conditions hereinafter set out, and 4Geeks is willing to perform such services;
NOW, THEREFORE, in consideration of the mutual covenants and agreements hereinafter set forth and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, 4Geeks and Client (hereinafter, collectively, the "Parties", or each, individually, a "Party") agree as follows:
Services. 4Geeks shall provide to Client or Customer the services (the "Services") and any applicable Customer flow downs set out in one or more statement of work to be issued by Client and accepted by 4Geeks (each, a "Statement of Work") which shall set forth any and all deliverables, information, data, reports, graphics, audio-visual, text, programming, code, analysis and/or other items and materials, tangible or intangible, specified and required to be provided by 4Geeks to Client pursuant to this Agreement or any Statement of Work, (collectively referred to as “Deliverables”).
Statements of Work shall be deemed accepted and incorporated into this Agreement only if signed by the 4Geeks Contract Manager (as defined in Section 2.1.1 below) and Client Contract Manager (as defined in Section 3.1 below), appointed under Section 2.1.1 and Section 3.1, respectively. 4Geeks shall provide the Services (a) in accordance with the terms and subject to the conditions set out in the respective Statement of Work and this Agreement; (b) using personnel of required skill, experience, and qualifications; (c) in a timely, workmanlike, and professional manner; (d) in accordance with the highest professional industry standards in 4Geeks's field; and (e) to the reasonable satisfaction of Client.
Each Statement of Work shall contain at a minimum: (a) a description of the project, estimated time required, Services to be performed and the Deliverables to be delivered to Client; (b) the design, development, functional, and operating parameters, criteria, specifications and other requirements for the performance of the Services and provision of the Deliverables (collectively, “Specifications”); (c) the amount payable by Client in respect to the work performed, including a schedule and method of payment; and (d) the time schedule for performance of the Services and delivery of the Deliverables (“Milestone Schedule”).
In the event of a conflict between this Agreement and any Statement of Work entered into by the parties hereunder, the terms and conditions of this Statement of Work shall control.
Unless otherwise specifically set forth in the Statement of Work involved, 4Geeks shall be solely responsible, at its own cost and expense, for procuring, configuring, operating, supporting and maintaining all resources, facilities, equipment, communications, network infrastructure, devices, programs, operating, applications and other software, documentation, data, information and materials, whether owned, licensed or otherwise available or utilized, in order to effectively, fully and properly perform the Services and provide the Deliverables as required hereunder.
Change Orders. Both Client and 4Geeks recognize that during the course of any Statement of Work, modifications, refinements or other changes may be appropriate or necessary to satisfy Client’s objectives, but which deviate from previously approved Services, Deliverables, and/or Specifications or for which a right to change or make modifications is not otherwise specifically described in this Agreement. 4Geeks agrees that it may not decline any change request that (i) reduces the cost of performance and/or that does not represent a material extension or volume in the Services and/or Deliverables being provided and shall promptly provide any such changes or modifications at no additional cost to Client and/or (ii) does represent a material extension or volume in the Services or Deliverables being provided, provided that the changes are reasonable in scope and a commensurate increase in compensation is mutually agreed to by the parties. Any changes in the scope of the Services or the Deliverables under any Statement of Work shall become effective only when mutually agreed to by the parties and (a) will be fully documented in a written change order, detailing their impact on the Statement of Work, the timing, pricing, performance of the Services, provision of the Deliverables, the corresponding Specifications, and any other terms and conditions and (b) such change order has been executed by duly authorized representative of each of the parties hereto. Such duly executed change order shall be considered an amendment to the applicable Statement of Work and governed in accordance with the terms and conditions of this Agreement.
Notice of Delay. 4Geeks agrees to notify Client in writing promptly of any factor, occurrence or event coming to its attention that may affect 4Geeks’s ability to meet the requirements of any Statement of Work or that is likely to occasion any delay in the Milestone Schedule. 4Geeks acknowledges and agrees that to satisfactorily complete and deliver any Deliverable as and when required under the applicable Statement of Work within thirty (30) days of the applicable scheduled delivery date shall be considered a material breach of the Statement of Work and this Agreement giving rise to Client’s right to terminate the applicable Statement of Work.
Delivery and Acceptance.
4Geeks agrees to perform the Services and develop and deliver the Deliverables described in each Statement of Work in accordance with the Milestone Schedule and requirements specified in this Agreement and the applicable Statement of Work. The Services and each Deliverable shall be subject to Client’s review and acceptance on a continual basis and shall be subject to a verification of acceptability by Client to ensure that each such Deliverable satisfies Client’s requirements, including all technical, aesthetic, look and feel, features, operational and functional characteristics, quality and related requirements in each case as set forth in the Specifications and fully conforms to and/or operates in accordance with the Specifications in all materials respects and any additional acceptance criteria mutually agreed upon by the parties and set forth in the applicable Statement of Work or subsequently mutually agreed upon in writing by the parties (each, an “Acceptance Test”). Whenever a Deliverable is delivered as part of the Services, Client shall commence and complete an Acceptance Test (with such assistance and support as is necessary from 4Geeks personnel) within the time frame specified in the Milestone Schedule on the applicable Statement of Work for such Deliverable or if no time frame is specified therein as soon as reasonably practicable. Client shall notify 4Geeks of its acceptance or rejection of any Deliverable in writing, provided that any failure to provide such notice shall not be deemed to be acceptance. Notwithstanding any interim or discrete Acceptance Test for any individual Deliverable or any component thereof, Client’s final acceptance of all Deliverables to be provided by 4Geeks pursuant to a Statement of Work shall only be deemed to have occurred on the date that Client notifies 4Geeks in writing that each such Deliverable has successfully passed the Acceptance Tests and fully conforms to and/or operates in accordance with the Specifications and all other Client requirements set forth in the applicable Statement of Work, in their entirety, and are fully and properly operational and available for actual commercial non-test, productive use by or on behalf of Client (“Final Acceptance”). On the date all of the Deliverables have received Final Acceptance, Client shall notify 4Geeks of same.
In the event any Deliverable is rejected by Client, Client’s written notice shall include an explanation of the reasons Client deems such Deliverable to be unacceptable and 4Geeks shall, at no additional cost, promptly correct the deficiencies. The Acceptance Test procedures described herein shall be repeated until a Deliverable is accepted by Client. Failure of a Deliverable to pass an Acceptance Test after thirty (30) days from Client’s initial rejection shall be deemed to be a breach of this Agreement and the applicable Statement of Work by 4Geeks giving rise to Client’s right to immediately terminate the applicable Statement of Work effective immediately upon written notice to 4Geeks. Notwithstanding anything to the contrary contained in this Agreement or any Statement of Work, any corrective measures taken by 4Geeks with respect to a rejected Deliverable shall be without further cost to Client. Acceptance of any Deliverable shall not relieve 4Geeks in any way from its warranty and/or indemnification obligations set forth in this Agreement.
Documentation. To the extent applicable, on or before the scheduled completion date for Deliverables specified on a Statement of Work, 4Geeks shall deliver to Client, at no additional charge, a complete and integrated set of documentation, sufficient to enable a professional, reasonably skilled and qualified in the development, support, implementation and operations of each Deliverable to use, develop, operate, implement, support and maintain each such Deliverable and to fully understand the use, development, operations, implementation, support and maintenance thereof. The foregoing may individually and collectively be referred to herein as the “Documentation”. Documentation shall include all work papers, work product, materials, data, information, instructions, Specifications, all flow charts, data file and element descriptions and all user, operator and supervisory reference guides, manuals and other documentation and operating instructions prepared by or otherwise available from 4Geeks or its licensors or as otherwise specified in the applicable Statement of Work. Documentation shall also include all programs and programming, a copy of any applicable control statements, routines, database calls, subroutines or other features and functions required for proper use, operation, development, implementation, support and maintenance of the Deliverables and the Documentation itself. Software program listings shall be fully self-documented in accordance with the highest professional and industry quality standards and with subroutine headings and functional information, as appropriate. Custom programming comments shall be included describing any customized application coding and programming applicable to the Deliverables and any unique or different interaction with the other programs in sufficient detail to simplify ongoing development, support and maintenance requirements.
4Geeks Obligations. 4Geeks shall: Appoint representatives to the following positions after obtaining Client's consent, which consent shall not be unreasonably withheld or delayed:
A primary contact to act as its authorized representative concerning all matters pertaining to this Agreement (the "4Geeks Contract Manager").
A sufficient number of employees to perform the Services set out in each Statement of Work, each of whose names, positions, billing rates, and respective levels of experience and relevant licenses shall be set out in the respective Statement of Work (collectively, with 4Geeks Contract Manager, "Provider Representatives").
At all times enforce discipline and good order among its employees and other permitted personnel assigned to or involved in the Services and shall not employ to perform the Services anyone whose work is unsatisfactory, any unfit person or anyone not skilled in their assigned function. If Client or Customer objects to any 4Geeks employee or other permitted personnel for any reason (including carelessness, technical incompetence, unfitness, lack of skill in their assigned field, violation of rules or instructions governing security of confidential information, or other reasonable cause), then 4Geeks shall, upon notice from Client, remove from the performance of the Services any such person. Client shall have the right to reject any of 4Geeks’s employees or other permitted personnel whose qualifications, in Client’s good faith and reasonable judgment, do not meet the standards established by Client as necessary for the performance of the Services. 4Geeks and its employees and other permitted personnel shall obey and comply with all policies regarding conduct that may be required by Client and are incorporated by reference or attached as an exhibit to this Agreement or a Statement of Work, including without limitation, Customer’s standards of business conduct and electronic communications principals, for example.
Obtain and maintain in effect written agreements with each of its employees and other personnel who participate in any work under any Statement of Work issued hereunder. Such agreements shall contain terms sufficient for 4Geeks to comply with all provisions of this Agreement and to support all grants and assignments of rights and ownership hereunder. Such agreements shall also impose an obligation of confidence on such employees and personnel with respect to any Confidential Information (as defined in Section 7 hereof) of Client. Upon Client’s request, 4Geeks shall provide copies of all such agreements to Client.
Endeavor to honor a request for a specific 4Geeks, subject to staffing or scheduling considerations provided that the individuals named on a Statement of Work as “Key 4Geeks Personnel”, including, without limitation, the 4Geeks Relationship Manager, are of the essence of this Agreement and all such Key Personnel shall remain assigned to provide the Services and Deliverables under each applicable Statement of Work throughout the term of such Statement of Work. Further, Client may remove and request replacement of any of the Key 4Geeks Personnel at any time and from time to time in order to satisfy its objectives, including in the event that Client finds any personnel furnished by 4Geeks unacceptable or said personnel fail to adequately perform his or her duties and responsibilities pursuant to this Agreement. Any such replacement of Key 4Geeks Personnel shall be provided in an expeditious manner so as to minimize the adverse effect on the provision of the Services and Deliverables, and corresponding timing and schedules set forth in the applicable Statement of Work.
Perform the Services under each Statement of Work issued hereunder by full-time employees of 4Geeks and 4Geeks shall not otherwise have the right to subcontract any of the Services without the prior written consent of Client. In the event that Client consents to the use of subcontractors to perform the Services hereunder, each subcontractor must agree in writing to comply with and be bound by the applicable terms and conditions of this Agreement, both for itself and to enable 4Geeks to be and remain in compliance with its obligations hereunder, including those provisions relating to confidentiality, proprietary and intellectual property, and such other terms and conditions as may be reasonably necessary to effectuate this Agreement, and 4Geeks shall be and remain primarily liable for the acts and omissions of each subcontractor and Affiliate (as applicable) and shall remain responsible for the due and proper performance of all 4Geeks obligations under this Agreement.
Use commercially reasonable best efforts to coordinate and cooperate with any and all designated third-party vendors (“Vendors”) appointed by Client or Customer in their sole discretion to efficiently incorporate the services or deliverables provided by such Vendors.
Make no changes in Provider Representatives except either: With the prior consent of Client.
At the request of Client, in which case 4Geeks shall use its best efforts to promptly appoint a replacement.
Upon the resignation, termination, death, or disability of the existing ProviderRepresentative.
Assign only qualified, legally authorized Provider Representatives to provide the Services.
Comply with all applicable laws and regulations in providing the services.
Comply with all material Client and Customer rules, regulations, and policies of which it has been made aware, in its provision of the Services.
Maintain complete and accurate books of account and records covering all of the Services provided and invoices issued under each applicable Statement of Work. Such records shall include payroll records, time sheets, job cards, attendance cards and job summaries. During the term of the Agreement and for a period of three (3) years after the expiration or earlier termination of the Agreement, Client and/or Customer and its duly authorized agents shall have the right, upon prior written notice to 4Geeks, to examine and audit said books of account and records at 4Geeks’s place of business.
Upon, Client’s request, provide Client with written reports (in such form and format and at such times and frequency as Client may reasonably request) that shall include among other things specified by Client: (i) the progress of the work required under each Statement of Work issued hereunder; (ii) any anticipated problems (resolved or unresolved); and (iii) any indication of delay in fixed or tentative schedules. Further, upon Client’s request, 4Geeks shall allow Client access to its premises for the purposes of “walkthroughs” and discussions by Client with personnel of 4Geeks concerning the status and conduct of work being performed under the Statements of Work issued hereunder. During the term of each Statement of Work, 4Geeks and Client shall, upon Client’s request, meet (a) in person at the such location(s) designated by Client or (b) via teleconference, in each instance, as at such times and as determined by Client, to discuss, among other things, the provision of the Services, current progress and activities, resources used since the last meeting, an identification of problems and actions taken to resolve them and any other information reasonably required by Client to effectively monitor and manage the progress of 4Geeks’s work under the applicable Statement(s) of Work.
Not solicit Client employees. 4Geeks understands and acknowledges that Client has expended and continues to expend significant time and expense in recruiting and training its employees and that the loss of employees would cause significant and irreparable harm to Client. 4Geeks agrees and covenants not to directly or indirectly solicit, hire, recruit, attempt to hire or recruit, or induce the termination of employment of any employee of Client during for one (1) year, to run consecutively, beginning on the last day of the termination of this Agreement.
Understand and acknowledge that Client has expended and continues to expend significant time and expense in developing Customer relationships, Customer information and goodwill, and that because of the 4Geeks’s experience with and relationship to Client, he has had access to and learned about much or all of Client’s Customer information. Customer Information includes, but is not limited to, names, phone numbers, addresses, e-mail addresses, order history, order preferences, chain of command, pricing information and other information identifying facts and circumstances specific to the Customer and relevant to sales.
4Geeks understands and acknowledges that loss of this Customer relationship and/or goodwill will cause significant and irreparable harm to Client.
4Geeks agrees and covenants, for twenty-four months, to run consecutively, beginning on the last day of this Agreement, not to directly or indirectly solicit, contact (including but not limited to email, regular mail, express mail, telephone, fax, and instant message), attempt to contact or meet with Client’s current, former or prospective Customers for purposes of offering or accepting goods or services similar to or competitive with those offered by Client.
This restriction shall only apply to each of the following:
Customers or prospective Customers 4Geeks contacted in any way during the twelve months before the last day the Agreement;
Customers about whom the 4Geeks has trade secret or Confidential Information;
Customers who became Customers during the 4Geeks’s Agreement with Client; and
Customers about whom the 4Geeks has information that is not available publicly.
Client Obligations. Client shall:
Designate one of its employees to serve as its primary contact concerning this Agreement and to act as its authorized representative concerning matters pertaining to this Agreement (the "Client Contract Manager"), with such designation to remain in force unless and until a successor Client Contract Manager is appointed, in Client's sole discretion.
Require that Client Contract Manager respond promptly to any reasonable requests from 4Geeks for instructions, information, or approvals required by 4Geeks to provide the Services.
Representations and Warranties.
4Geeks represents, warrants and covenants to Client that (i) 4Geeks has the full power, right and authority to enter into this Agreement and each Statement of Work issued hereunder and (ii) 4Geeks is under no obligation or restriction, nor will it assume any obligation or restriction, that does or would in any way interfere or conflict with, or that does or would present a conflict of interest concerning, the work to be performed by 4Geeks under this Agreement and each Statement of Work issued hereunder.
4Geeks represents, warrants and covenants to Client that: (i) 4Geeks has obtained or shall obtain and maintain all rights, licenses, consents and authorizations necessary to perform its obligations and adhere to the all of the terms and conditions set forth in this Agreement; (ii) the Services, Deliverables and any and all other information, content, products, services and materials provided by or through 4Geeks hereunder (collectively, “Materials”), and Client’s, its affiliates’, Customers’, licensees’ and/or end users’ access to and use thereof, does not and will not violate or infringe upon any copyright, patent, trademark, trade secret or other intellectual property right or any other proprietary, contractual or other right of any third party; and (iii) the use and full exploitation of the Materials does not and will not give rise to any claims against Client or any of its successors, assigns or licensees for any fees or payment of any kind.
4Geeks represents, warrants and covenants to Client that: (i) the Services shall be performed and the Deliverables shall be delivered in a timely, professional, and workmanlike manner in accordance with the highest industry standards; (ii) the Materials shall materially conform to, perform and be provided in accordance with all Specifications, Documentation and/or any other descriptions, requirements and criteria set forth or otherwise referred to in this Agreement and/or the applicable Statement of Work and 4Geeks shall promptly correct and repair, at no cost to Client, any failure, defect, or malfunction that prevents the same from conforming, performing or being provided as required by Client hereunder; (iii) 4Geeks shall perform all work called for under this Agreement and any applicable Statement of Work in accordance with all applicable laws, regulations and ordinances, including but not limited to any applicable anti-corruption laws and (iv) 4Geeks shall comply at all times with Exhibit A – Regulatory Compliance & Exhibit B – Secure and Ethical Coding Practices Exhibit.
4Geeks represents, warrants and covenants to Client that: (i) any and all Materials and/or any software, programming code, technology or computer media furnished to Client or used by 4Geeks in performing the Services pursuant to this Agreement shall (a) scanned before delivery to Client using anti-virus software chosen by Client to detect and protect against any computer viruses, Trojan horse, worm or any other malicious code or undocumented and unauthorized methods for terminating or disrupting the operation of, or gaining access to, such Deliverable, computer systems or other computing resources or data, or other code features which result in or cause, in whole or in part, directly or indirectly, damage, loss or disruption to all or any part of computer systems or other computing resources and (b) not and will not incorporate any termination logic (e.g., disabling code, devices or trap doors) to repossess such Materials or otherwise render such Materials inoperable and (ii) it has taken measures, consistent with best practices in the industry in which 4Geeks operates to combat spam, phishing, malware and virus distribution, and online fraud and abuse.
4Geeks represents, warrants and covenants to Client that, except as expressly set forth with specificity in a Statement of Work, no Publicly Available Software is or will be embodied or incorporated in any Materials (including, without limitation, any 4Geeks Property embodied therein) or used in connection with the development or modification of any Materials (including, without limitation, any 4Geeks Property embodied therein). As used herein, “Publicly Available Software” means all software or other materials distributed as “open source”, “free software”, “copyleft software”, or other similar licensing or distribution terms or software or material that requires as a condition of use, modification or distribution that other software or intellectual property incorporated into, derived from or distributed with such software or material (i) be disclosed or distributed in source code or object code form, or (ii) be licensed or redistributable on prescribed or set terms.
THE FOREGOING WARRANTIES ARE 4Geeks’S ONLY WARRANTIES CONCERNING THE SERVICES AND DELIVERABLES, AND ARE MADE IN LIEU OF ALL OTHER WARRANTIES AND REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE OR OTHERWISE.
Fees and Expenses. Amounts and modes of payment for all the Services to be performed and all the Deliverables to be delivered shall be as set forth below unless expressly stated otherwise in each applicable Statement of Work. The mode of payment for all the Services to be performed and all the Deliverables to be delivered shall either be as set forth below or on a “fixed price” or “time and materials” basis if expressly designated as such under a given Statement of Work.
Except as specifically agreed upon and approved in writing by Client in a Statement of Work, all fees will represent fully loaded costs and expenses and in no event shall Client be obligated to pay 4Geeks any fees, expenses or costs other than the amounts set forth in this Agreement or in the applicable Statement of Work. Without limiting the generality of the foregoing, under no circumstances shall Client be obligated to pay 4Geeks or any third party, nor shall 4Geeks or any third party be entitled to, any royalty or profit participation in connection with Client’s use and/or exploitation of the Services and/or Deliverables.
4Geeks shall submit invoices to Client for payment for Services performed and/or Deliverables delivered at such time or times as payment becomes due under each applicable Statement of Work. Invoices shall be submitted no more frequently than monthly for charges due or accruing in each preceding calendar month. Each invoice shall specifically refer to the Statement of Work to which it pertains and shall set forth the fees specified in the applicable Statement of Work for the Services and/or Deliverables, a description of the Services rendered and/or Deliverables delivered, the dollar amount associated with such Services and/or Deliverables during the applicable period. In respect of any Services rendered on a time and materials basis, all time sheets (which must specify the names, skill levels, hours and hourly rate of the personnel performing the work) must be attached to all invoices and must be approved by an authorized Client representative. Client will pay undisputed amounts specified in an invoice within forty-five (45) days after receipt thereof, provided, however, that, if Client has not accepted all Deliverables provided to Client associated with such invoice, Client shall not be required to make any payment under such invoice unless and until the Deliverables are accepted. Client shall also reimburse 4Geeks for actual and reasonable travel expenses, hotel accommodations and rental car expenses incurred by 4Geeks’s personnel in the course of providing the Services, provided that such expenses are pre-approved in writing by Client VP in each instance and are in accordance with Client’s or Customer’s then current expense reimbursement policies. 4Geeks will provide Client with receipts for all expenses submitted for reimbursement.
As between Client and 4Geeks, 4Geeks agrees to pay all taxes, including sales, use, excise, purchase, goods and/or services, value-added and other taxes levied against, imposed upon or otherwise arising in connection with the provision of the Services and Deliverables, and/or any other goods and/or services or their use as contemplated hereunder, exclusive, however, of taxes based on Client’s income, which taxes shall be paid by Client. If any tax for which 4Geeks is responsible is paid by Client, 4Geeks shall promptly reimburse Client upon proof of payment, including any interest or penalties thereon or Client shall have the right at its option to off-set such amounts from any other payments due to 4Geeks under any Statement of Work.
Intellectual Property. 4Geeks assigns to Client and/or Customer at Client’s designation, 4Geeks's entire right, title, and interest in any invention, technique, process, device, discovery, improvement, or know-how, whether patentable or not, hereafter made or conceived solely or jointly by 4Geeks while working for or on behalf of Client, which relate to, is suggested by, or results from matters set forth in any active Statement of Work and depends on either:
4Geeks's knowledge of Confidential Information (as defined in Section 7) that it obtains from Client or Customer.
The use of Client or Customer equipment, supplies, facilities, information, or materials.
4Geeks shall disclose any such invention, technique, process, device, discovery, improvement, or know-how promptly to Client Contract Manager. 4Geeks shall, upon request of Client, promptly execute a specific assignment of title to Client or Customer at Client’s designation, and do anything else reasonably necessary to enable Client or Customer to secure for itself, patent, trade secret, or any other proprietary rights in the United States or other countries. It shall be conclusively presumed that any patent applications relating to a Statement of Work, related to trade secrets of Client or Customer, or which relate to tasks assigned to 4Geeks by Client, which 4Geeks may file within one year after termination of this Agreement, shall belong to Client and/or Customer, and 4Geeks hereby assigns same to Client and/or Customer at Client’s designation, as having been conceived or reduced to practice during the term of this Agreement.
All writings or works of authorship, including, without limitation, program codes or documentation, produced or authored by 4Geeks in the course of performing services for Client, together with any associated copyrights, are works made for hire and the exclusive property of Client and/or Customer at Client’s designation. To the extent that any writings or works of authorship may not, by operation of law, be works made for hire, this Agreement shall constitute an irrevocable assignment by 4Geeks to Client of the ownership of and all rights of copyright in, such items, and Client shall have the right to obtain and hold in its own name, rights of copyright, copyright registrations, and similar protections which may be available in the works. 4Geeks shall give Client or its designees all assistance reasonably required to perfect such rights.
If for any reason, including incapacity, Client cannot secure 4Geeks's signature on any document needed to apply for, perfect, or otherwise acquire title to the intellectual property rights granted to it under this Section 6, or to enforce such rights, 4Geeks hereby designates Client as 4Geeks's attorney-in-fact and agent, solely and exclusively to act for and on 4Geeks's behalf to execute and file such documents with the same legal force and effect as if executed by 4Geeks and for no other purpose.
Each party acknowledges that it and its employees or permitted agents may, in the course of performing or receiving the Services or satisfying its obligations hereunder, be exposed to or acquire information which is proprietary to or confidential to the other party or its affiliated companies, including, without limitation, information relating to the other party’s business and business and marketing plans, financial affairs and product development efforts, strategy, trade secrets, know-how, technical information, specifications, past, present and future operations, partner, client, trader and supplier identities, and other non-public information, whether tangible, intangible, visual, electronic or otherwise, together with notes, analysis, compilations, projections, and/or other documents prepared by either party, their directors, officers, employees, agents and representatives, based upon, containing or otherwise reflecting such information (the “Confidential Information”). Each party agrees to hold all Confidential Information of the other party in strict confidence and not to disclose such information to third parties, or use such information for any purposes whatsoever other than pursuant to the terms and conditions set forth in this Agreement and to advise each of its employees and agents of their obligations to keep such information confidential. Even when disclosure is permitted, each party agrees to limit access to and disclosure of the Confidential Information to its employees and agents on a “need to know” basis only. Confidential Information shall exclude all information, which (i) is at the time of disclosure, or thereafter becomes, a part of the public domain through no act or omission of the receiving party, its employees or agents; (ii) was in the receiving party’s possession as shown by written records without any obligation of confidentiality prior to the disclosure by the disclosing party and had not been obtained by the receiving party either directly or indirectly from the disclosing party; or (iii) was independently developed by the receiving party without use of the Confidential Information of the other party, as evidenced by contemporaneous written records. If Confidential Information is required to be disclosed pursuant to an order or requirement of a court, administrative agency or governmental body, the receiving party shall promptly notify the disclosing party of the facts thereof to enable the disclosing party to seek a protective order or otherwise prevent or restrict disclosure of such information, and upon request of the disclosing party, shall reasonably cooperate with the disclosing party to obtain such protective order or other appropriate remedy. In the event that no such protective order or other remedy is obtained, or the disclosing party waives compliance (in whole or in part) with the terms and conditions of this Agreement, the receiving party shall disclose only that portion of the Confidential Information that is required to be disclosed and shall use all reasonable efforts, at disclosing party’s reasonable expense, to ensure that all Confidential Information that is disclosed shall be accorded confidential treatment. Receiving party shall promptly advise disclosing party in the event receiving party learns or has reason to believe that any person who has had access to Confidential Information has violated or intends to violate the terms of this Section 7 and the receiving party will at its expense cooperate with the disclosing party in seeking injunctive or other equitable relief against any such person. For purposes of clarity, 4Geeks Property integrated into the Work Product shall not be considered Confidential Information.
Each party acknowledges and agrees that the Confidential Information is of a special and unique character which gives it a peculiar value, and that any breach by the receiving party of its obligations under this Agreement cannot be adequately compensated by damages in an action at law and may cause the disclosing party irreparable harm and injury. Accordingly, the disclosing party shall be entitled to the remedies of injunction, specific performance and other equitable relief to redress any breach or threatened breach of receiving party’s obligations under this Section 7 and neither proof of special damages nor any bond or security shall be necessary to seek such relief. Nothing contained in this Section 7 shall, however, be construed as a waiver by the disclosing party of any other rights or remedies available to the disclosing party, including, without limitation, rights to damages.
Term, Termination, and Survival.
This Agreement shall commence as of the Effective Date and shall continue thereafter until the completion of the Services under all Statements of Work unless sooner terminated under Section 8.3.
Client, in its sole discretion, may terminate this Agreement or any Statement of Work, in whole or in part, at any time without cause, and without liability except for required payment for services rendered, and reimbursement for authorized expenses incurred, before the termination date, by providing at least ten (10) days' prior written notice to 4Geeks.
Either Party may terminate this Agreement, effective upon written notice to the other Party (the "Defaulting Party"), if the Defaulting Party:
Materially breaches this Agreement, and such breach is incapable of cure, or concerning a material breach capable of cure, the Defaulting Party does not cure such breach within thirty (30) days after receipt of written notice of such breach. Becomes insolvent or admits its inability to pay its debts generally as they become due. Becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law, which is not fully stayed within seven (7) business days or is not dismissed or vacated within forty-five (45) days after filing. Is dissolved or liquidated or takes any corporate action for such purpose. Makes a general assignment for the benefit of creditors. Has a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.
Upon expiration or termination of this Agreement for any reason, 4Geeks shall promptly:
Deliver to Client all documents, work product, and other materials, whether or not complete, prepared by or on behalf of 4Geeks in the course of performing the Services for which Client has paid. Return to Client all Client-owned or Customer-owned property, equipment, or materials in its possession or control. Remove any 4Geeks-owned property, equipment, or materials located at Client's or Customer’s locations. Deliver to Client, all documents and tangible materials (and any copies) containing, reflecting, incorporating, or based on Client's or Customer’s Confidential Information. Provide reasonable cooperation and assistance to Client upon Client's written request in transitioning the Services to an alternate 4Geeks. On a pro rata basis, repay all fees and expenses paid in advance for any Services which have not been provided. Permanently erase all of Client's and Customer’s Confidential Information from its computer systems. Certify in writing to Client that it has complied with the requirements of thisSection 8.4.
The rights and obligations of the Parties set out in this Section 2.13, Section 2.14, Section 6, Section 7, Section 8, Section 9, Section 10, Section 11, Section 12, Section 14, Section 16, Section 23, Section 24, and Section 26 and any right or obligation of the Parties in this Agreement which, by its nature, should survive termination or expiration of this Agreement, will survive any such termination or expiration of this Agreement, and with respect to Confidential Information that constitutes a trade secret under applicable law, the rights and obligations set forth in Section 7 hereof will survive such termination or expiration of this Agreement until, if ever, such Confidential Information loses its trade secret protection other than due to an act or omission of the Receiving Party or its Representatives.
It is understood and acknowledged that the Services which 4Geeks will provide to Client or Customer hereunder shall be in the capacity of an independent contractor and not as an employee or agent of Client or Customer. 4Geeks shall control the conditions, time, details, and means by which 4Geeks performs the Services. Client and Customer shall have the right to inspect the work of 4Geeks as it progresses solely for the purpose of determining whether the work is completed according to the applicable Statement of Work.
4Geeks has no authority to commit, act for or on behalf of Client or Customer, or to bind Client or Customer to any obligation or liability.
4Geeks shall not be eligible for and shall not receive any employee benefits from Client or Customer and shall be solely responsible for the payment of all taxes, FICA, federal and state unemployment insurance contributions, state disability premiums, and all similar taxes and fees relating to the fees earned by 4Geeks hereunder.
4Geeks shall indemnify, defend and hold harmless Client and Customer, and their respective officers, directors, employees, and independent contractors from and against any and all damages, penalties, losses, liabilities, judgments, settlements, awards, costs and expenses (including reasonable attorneys’ fees and expenses) arising out of or in connection with any third-party claims, assertions, demands, causes of action, suits, proceedings or other actions, whether at law or in equity (“Claims”) related to or arising out of: (i) any actual or alleged breach of any representation, warranty and covenant set forth in Section 4 above; (ii) any allegation that the Materials (including, without limitation, the 4Geeks Property embodied therein) or the use and/or exploitation thereof infringes, misappropriates or violates any patent, copyright, trademark, trade name, trade secret or other intellectual property right, or any other right of any third party.
Without limiting the generality of 4Geeks’s indemnification obligations pursuant to Section 10.1 above, should Client’s or Customer’s use, exploitation or enjoyment of the Materials (including, without limitation any 4Geeks Property embodied therein), in whole or in part, be restricted, encumbered, enjoined or threatened by reason of actual or alleged infringement of any patent, copyright, trademark, trade name, trade secret or other intellectual property right of any third party, 4Geeks shall promptly, at its sole cost and expense use commercially reasonable best efforts to: (i) procure for Client and Customer the right to continue using the Materials in the same manner as Client and Customer previously used such Materials, or (ii) modify or replace to Client’s and Customer’s satisfaction the infringing portion of the Materials with equally suitable non-infringing materials.
In claiming indemnification hereunder, Client and/or Customer shall promptly provide 4Geeks with written notice of any Claim which Client and/or Customer believes falls within the scope of the foregoing indemnification, provided that the failure of Client and/or Customer to provide prompt written notice of any such Claim shall not relieve 4Geeks from its indemnification obligations hereunder unless 4Geeks is materially prejudiced thereby. Client and Customer may, at its own cost and expense and with counsel of its choice, assist in the defense of such Claim if it so chooses, provided that 4Geeks shall control such defense and all negotiations relative to the settlement thereof, provided, further, that any settlement intended to bind Client and/or Customer or in any way prejudice, restrict or encumber the rights of Client in the Work Product or otherwise shall not be final without Client’s and Customer’s prior written consent.
If the 4Geeks violates any provision of this Agreement, Client and/or Customer shall, in addition to any damages to which it is entitled, be entitled to seek immediate injunctive relief against the 4Geeks prohibiting further actions inconsistent with the 4Geeks's obligations under this Agreement. To the extent a Party must seek enforcement of this Agreement or otherwise defend against an unsuccessful claim of breach, the unsuccessful Party shall be liable for all attorney's fees and costs incurred by the successful party to enforce the provisions of this Agreement. Except for a breach of Section 5, all rights and remedies provided in this Agreement are cumulative and not exclusive, and the exercise by either Party of any right or remedy does not preclude the exercise of any other rights or remedies that may now or then be available at law, in equity, by statute, in any other agreement between the Parties, or otherwise. Despite the previous sentence, the Parties intend that the 4Geeks's exclusive remedy for Client's payment breach shall be its right to damages equal to its earned but unpaid fees.
LIMITATION OF LIABILITY. EXCEPT FOR LIABILITY ARISING AS A RESULT OF 4Geeks’S INDEMNIFICATION OBLIGATIONS OR FOR A PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, OR BREACH OF ITS CONFIDENTIALITY OBLIGATIONS (WITH RESPECT TO WHICH THE LIMITATIONS AND DISCLAIMERS OF LIABILITY IN THIS SECTION 12 SHALL NOT APPLY), IN NO EVENT SHALL: (I) EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY CONSEQUENTIAL, INCIDENTAL, PUNITIVE, SPECIAL, EXEMPLARY OR INDIRECT DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), EVEN IF SUCH PARTY WAS ADVISED OF THE POSSIBILITY OF THE OCCURRENCE OF SUCH DAMAGES; OR (II) EITHER PARTY’S TOTAL CONFIDENTIAL CUMULATIVE LIABILITY TO THE OTHER PARTY ARISING OUT OF THIS AGREEMENT EXCEED AN AMOUNT EQUAL TO THE SUM OF THE TOTAL FEES PAID AND PAYABLE TO 4Geeks UNDER THE STATEMENT OF WORK UNDER WHICH SUCH LIABILITY ARISES IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
Compliance with Law. 4Geeks is in compliance with and shall comply with all applicable laws, regulations, and ordinances. 4Geeks has and shall maintain in effect all the licenses, permissions, authorizations, consents, and permits that it needs to carry out its obligations under this Agreement.
Entire Agreement. This Agreement, including and together with any related exhibits, schedules, attachments, and appendices, is the sole and entire agreement of the Parties concerning the subject matter contained herein, and supersedes all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, regarding such subject matter.
Notices. All notices, requests, consents, claims, demands, waivers, and other communications under this Agreement (each, a "Notice", and with the correlative meaning "Notify") must be in writing and addressed to the other Party at its address set out in the signature block below (or to such other address that the receiving Party may designate from time to time in accordance with this Section). Unless otherwise agreed herein, all Notices must be delivered by personal delivery, nationally recognized overnight courier, or certified or registered mail (in each case, return receipt requested, postage prepaid). Except as otherwise provided in this Agreement, a Notice is effective only (a) on receipt by the receiving Party; and (b) if the Party giving the Notice has complied with the requirements of this Section 16.
Severability. If any term or provision of this Agreement is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable, such invalidity, illegality, or unenforceability shall not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction; provided, however, that if any fundamental term or provision of this Agreement, is invalid, illegal, or unenforceable, the remainder of this Agreement shall be unenforceable. Upon a determination that any term or provision is invalid, illegal, or unenforceable, the Parties shall negotiate in good faith to modify this Agreement to effect the original intent of the Parties as closely as possible in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.
Amendments. No amendment to, or modification of this Agreement is effective unless it is in writing, identified as an amendment to this Agreement and signed by an authorized representative of each Party.
Waiver. No waiver by any Party of any of the provisions of this Agreement shall be effective unless explicitly set forth in writing and signed by the Party so waiving. Except as otherwise set forth in this Agreement, no failure to exercise, or delay in exercising, any right, remedy, power, or privilege arising from this Agreement shall operate or be construed as a waiver thereof, nor shall any single or partial exercise of any right, remedy, power, or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.
Assignment. 4Geeks shall not assign, transfer, delegate, or subcontract any of its rights or obligations under this Agreement without the prior written consent of Client. Any purported assignment or delegation in violation of this Section 20 shall be null and void. No assignment or delegation shall relieve the 4Geeks of any of its obligations hereunder. Client may at any time assign or transfer any or all of its rights or obligations under this Agreement without 4Geeks's prior written consent.
Successors and Assigns. This Agreement is binding on and inures to the benefit of the Parties and their respective successors and permitted assigns.
Third-Party Beneficiaries. Subject to the next paragraph, this Agreement benefits solely the Parties and their respective successors and permitted assigns and nothing in this Agreement, express or implied, confers on any third party any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement. The Parties hereby designate Customer as third-party beneficiaries of the Agreement, having the right to enforce it.
Choice of Law. This Agreement and all related documents, and all matters arising out of or relating to this Agreement, whether sounding in contract, tort, or statute are governed by, and construed in accordance with, the laws of the State of Delaware, United States of America without giving effect to the conflict of laws provisions thereof to the extent such principles or rules would require or permit the application of the laws of any jurisdiction other than those of the State of Delaware. In the event of any litigation to enforce a party’s rights under this Agreement, the prevailing party shall be entitled to recover from the other party an amount equal to the prevailing party’s attorneys’ fees, expert fees, court costs and other expenses related to such litigation.
Choice of Forum. Each party hereby irrevocably consents to the exclusive jurisdiction and venue in the state and federal courts for Delaware, in connection with any action or dispute arising between the parties under or in connection with this Agreement.
Counterparts. This Agreement may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be one and the same agreement. Notwithstanding anything to the contrary in Section 16, a signed copy of this Agreement delivered by facsimile, email, or other means of electronic transmission is deemed to have the same legal effect as delivery of an original signed copy of this Agreement.
The parties agree that Client and/or Customer, as licensee of certain Deliverables under this Agreement, shall retain and may fully exercise all of its rights under the United States Bankruptcy Code, as may be amended or supplemented from time to time (“Code”). The parties further agree that, in the event of the commencement of Bankruptcy Proceedings by or against 4Geeks under the Code, Client shall be entitled to retain all of its rights under this Agreement. Without limiting the foregoing, the parties agree that the certain Deliverables are “intellectual property” as defined in 11 U.S.C. 101(35A) which have been licensed or provided hereunder in a contemporaneous exchange for value and that this Agreement shall be governed by 11 U.S.C. 365(n), as the same may be amended or supplemented from time to time, if 4Geeks files for bankruptcy.
Force Majeure. Any delay or failure of either Party to perform its obligations under this Agreement will be excused to the extent that the delay or failure was caused directly by an event beyond such Party's control, without such Party's fault or negligence and that by its nature could not have been foreseen by such Party or, if it could have been foreseen, was unavoidable (which events may include natural disasters, embargoes, explosions, riots, wars, or acts of terrorism) (each, a "Force Majeure Event"). 4Geeks's financial inability to perform, changes in cost or availability of materials, components or services, market conditions, or supplier actions or contract disputes will not excuse performance by 4Geeks under this Section 27. 4Geeks shall give Client prompt written notice of any event or circumstance that is reasonably likely to result in a Force Majeure Event, and the anticipated duration of such Force Majeure Event. 4Geeks shall use all diligent efforts to end the Force Majeure Event, ensure that the effects of any Force Majeure Event are minimized and resume full performance under this Agreement.
[SIGNATURE PAGE FOLLOWS]
IN WITNESS WHEREOF, the Parties hereto have caused this Agreement to be executed as of the Effective Date by their respective officers thereunto duly authorized.
4Geeks Technologies, Inc. 2711 Centerville Road Wilmington, Delaware 19808
In addition to the other provisions in the Agreement and notwithstanding anything in the Agreement to the contrary, the parties shall be bound by the terms in this Exhibit A (this “Exhibit”) (which is attached to and shall be deemed a part of the Agreement). In the event of a conflict between the provisions in the body of the Agreement and the provisions contained in this Exhibit, the provisions contained in this Exhibit shall prevail:
REPRESENTATIONS, WARRANTIES AND COVENANTS: 4Geeks represents, warrants and covenants to Client as follows:
the performance of 4Geeks’s obligations established by the Agreement will not violate any law, regulation or obligation by which it is bound, including but not limited to anti-corruption and public procurement laws and regulations, and laws and regulations applicable to government officials, and will not conflict with or violate any agreement or instrument to which 4Geeks is a party or by which it is bound;
4Geeks shall carry out its obligations established by the Agreement in accordance with all applicable laws, regulations or orders issued by any government authority having jurisdiction over the territory in which any part of the services will be performed;
except to the extent previously disclosed to Client in writing, 4Geeks represents that 4Geeks and each and every director, owner, employee or any person acting on its behalf in connection with the Services are not employees of any government, government agency, public international organization and are not officials of a political party or candidates for political office;
any expenses submitted by 4Geeks for reimbursement in accordance with the Agreement shall have been legally incurred in connection with the Services rendered under the Agreement;
in the performance of the Services, no services, money or other items of value, whether or not reimbursable, will be paid, promised, offered or authorized by the 4Geeks, or any person acting on its behalf, directly or indirectly, to any person employed by or acting on behalf of any government, government agency, political party, officials of a political party, or candidate for political office for the purpose of or having the effect of:
bribery, kickbacks or other corrupt practices;
influencing any act or decision of such person or organization;
inducing any such person or organization to do or omit to do any act in violation of their lawful duty; or inducing any such person to use their influence with any government, government agency, public international organization, political party, party official or candidate for political office in order to secure any improper advantage for, or to obtain or retain business on behalf of, 4Geeks or Client.
If at any time during the Term of the Agreement any of these representations and warranties ceases to be accurate, 4Geeks will promptly notify Client. 4Geeks understands that these representations and warranties will be relied upon by Client in preparing accurate financial accounts and records, filing reports and preparing and filing tax returns, as required by law.
Notwithstanding anything to the contrary contained in the Agreement, Client may unilaterally terminate the Agreement if at any time Client, acting in good faith, has reason to believe:
that 4Geeks has used or is in the process of using any part of the compensation payable, or expenses reimbursable, as a part of the Agreement, for a bribe, kickback or other corrupt payment;
that the representations, warranties and covenants in the foregoing section are false or have been breached; or
that the Agreement or any of its terms violates or contravenes any law, regulation, restriction or order of the United States of America or any government in whose territory the Agreement or any part of it is to be performed.
Termination under this provision shall be effective immediately, and without payment of any compensation, upon Client giving the 4Geeks written notice.
In addition to 4Geeks’s recordkeeping obligations set forth in the Agreement, 4Geeks shall preserve all records of expenditures and charges related to the Services, including but not limited to receipts, invoices, statements, wire confirmations, cancelled checks or check registries, and bank records. In instances where the aforementioned records do not clearly state the recipients and purposes of any such expenditures, 4Geeks shall create and preserve additional records setting forth in reasonable detail the recipients and purposes of each such expenditure.
RIGHT TO AUDIT
Client shall have the right to audit 4Geeks’s books and records at any time to determine 4Geeks’s compliance with the terms and conditions of this Exhibit.
SECURE AND ETHICAL CODING PRACTICES EXHIBIT
SCOPE AND APPLICATION
For all Services under the Agreement where 4Geeks is developing, updating, or integrating software applications, codes, tags, scripts, widgets, analytics, and providing software development tools and/or Platform as a Service (“PaaS”) software development tools, or other digital or software based applications for Client (“Applications”), 4Geeks shall adhere to the requirements in this Exhibit.
RISK AND VULNERABILITY IDENTIFICATION, DOCUMENTATION AND COMMUNICATION
All Applications and hosting environments shall be developed, implemented, and maintained taking into consideration application security risks and vulnerabilities over the entire software development life cycle.
4Geeks shall have in place, and maintain, a process to identify, rank, and document application security risks and vulnerabilities, addressing techniques to mitigate such risks and vulnerabilities to the extent reasonably feasibly possible based upon the type and context of data to be processed through the software application or hosting environment, and the harm that may result to Client and individuals should a security risk or vulnerability be exploited.
For all engagements, both where code is developed for Client and where Client utilizes pre-existing applications, 4Geeks shall share with Client its written risk assessments upon Client’s request.
Both 4Geeks and Client shall strive to identify and communicate to one another risks and vulnerabilities as early as possible in the software development life cycle, and promptly after their identification. 4Geeks shall advise Client of all identified risks and Client and 4Geeks shall jointly discuss methods and means to address and mitigate those risks to acceptable levels prior to 4Geeks developing the code. Should Client disagree with 4Geeks’s means for reducing and/or addressing risks, Client may terminate the Agreement and/or any or all purchase orders and SOWs issued to that point which may be impacted by the coding at issue. In the event that the software is to be designed and/or developed in stages, 4Geeks shall advise Client of all known risks to the entire software code package at the beginning of the project to the extent such risks are identified at that time. If risks are identified after stages of code have been developed, 4Geeks shall advise Client of those risks as, and when, identified by 4Geeks.
4Geeks shall strive to document useful and relevant security risks and vulnerabilities to avoid over documentation and communication of all potential risks.
The risk assessments required under this Exhibit shall address, or shall have addressed, at minimum, each criteria set forth in the SECURITY REQUIREMENTS section of this Exhibit (the “Security Requirements”).
DEVELOPMENT, TESTING, DOCUMENTATION, AND IMPLEMENTATION.
4Geeks shall share with Client all documentation prepared that clearly explains the design for achieving each of the Security Requirements. This plan should address whether the security comes from custom software, third-party software, and/or physical or logical controls in the network or hosting platform environment. 4Geeks shall identify all practices and controls that are required of Client in order to address and meet the risk control measures to achieve the Security Requirements.
4Geeks shall document, provide, and follow a set of secure coding guidelines, processes, or procedures addressing, at minimum, the Security Requirements, taking into consideration items such as the then current Open Web Application Security Project (“OWASP”) Developer’s Guide and OWASP Secure Coding Practices Reference Guide, and/or similarly recognized standards and guides reasonably acceptable to the parties.
4Geeks shall either use or reference a set of common security control programming interfaces, such as the OWASP Enterprise Security Application Programming Interface (“OWASP ESAPI”), or another generally accepted API, or advise Client that it is not using such API and the reasons why. All security relevant code shall be reviewed by individuals knowledgeable about secure coding practices to test against the risk assessment and Security Requirements, and by someone other than the originating code authors before the code is put into a live production environment. The code review results shall ensure the code is developed securely, and all changes and corrections shall be implemented prior to placing the code into a live production environment.
4Geeks shall perform application security analysis and testing according to verification requirements of an agreed upon pre-existing or developed standard such as the then current OWASP Application Security Verification Standard (“OWASP ASVS”). 4Geeks shall document the verification findings and promptly share them with Client. Unless otherwise specifically agreed to by the parties, in writing, all applications shall meet, or exceed the highest verification standards for security from the agreed-upon standard (e.g. in the event of the OWASP ASVS – Level 3: Advanced).
4Geeks shall submit the code for all custom development applications to Client and Client shall have the right, but not the obligation, to submit the code through internal verification and analysis testing using any commercially available products of Client’s choice, or have the code assessed by independent third-parties.
4Geeks shall provide secure configuration guidelines that fully describe all security relevant configuration options and their implications for the overall security of the software. The guideline shall include a full description of dependencies on the supporting platform, including operating system, web server, and application server, and how they should be configured for security. The default configuration of the software shall be secure.
4Geeks shall remove all development, test, and/or custom application accounts, user IDs, and passwords before applications are put into a live production environment.
For live production environment applications, 4Geeks shall follow change control processes and procedures for changes to all system components addressing the following:
development/test environments are separate from live production environments and the separation is enforced with access controls;
the role based access controls of those with duties relevant to development/test environments are separate from those role based access controls of those with duties associated with the live/production environments;
live production data is not used for testing or development;
all test data and accounts are effectively removed before the applications are active in live production environments;
for the implementation of patches, updates, and software modifications, the functionality of the changes are first tested and anticipated impact is documented prior to change; and,
back-out procedures exist prior to any change to ensure system state can be promptly re-implemented as existing prior to change.
4Geeks shall use a source code control system that authenticates and logs the team member associated with all changes to the software baseline and all related configuration and build files.
Documentation of all Security Requirements shall be made available to Client upon request.
4Geeks shall specify the rules for canonicalizing, validating, and encoding to each input in the application, whether from users, file systems, databases, directories, libraries, or external systems. The default rule shall be that all input is invalid unless it matches a detailed specification of what is allowed. 4Geeks shall also specify the action to be taken when invalid input is received, specifically ensuring that the application is not susceptible to injection, overflow, tampering, or other corrupt input attacks.
4Geeks shall specify how authentication credentials and session identifiers will be protected throughout their lifecycle. Requirements for all related functions, including forgotten passwords, changing passwords, remembering passwords, logout, and multiple logins, shall be included.
4Geeks shall: (i) prepare a detailed description of all roles (groups, privileges, authorizations) used in the application; (ii) indicate all the assets and functions provided by the application; and, (iii) fully specify the exact access rights to each asset and function for each role.
4Geeks shall detail how errors occurring during processing will be handled. Unless specifically agreed to in writing between the parties as to which applications will provide best efforts results, all applications should terminate processing immediately upon handling an error.
4Geeks shall specify what events are security-relevant and need to be logged, such as detected attacks, failed login attempts, and attempts to exceed authorization. 4Geeks shall also specify what information to log with each event, including time and date, event description, application details, and other information useful in forensic efforts.
4Geeks shall specify how authentication and encryption will be handled for all external systems, such as databases, directories, and web services. All credentials required for communication with external systems shall be stored outside the code in a configuration file in encrypted form.
4Geeks shall specify what data must be encrypted, how it is to be encrypted, and how all certificates and other credentials must be handled. The application shall use a standard algorithm implemented in a widely used and tested encryption library, and shall meet the other requirements for strong industry-tested encryption.
4Geeks shall specify how applications and environments will protect against denial of service attacks. All likely attacks on the application should be considered, including authentication lockout, connection exhaustion, and other resource exhaustion attacks.
4Geeks shall specify that the default values for all security relevant configuration options shall be secure. For audit purposes, the software should be able to produce an easily readable report showing all the security relevant configuration details.
4Geeks shall create a specific set of vulnerabilities that shall not be found in the software. If not otherwise specified, then the software shall not include any of the flaws described in the current OWASP Top Ten Most Critical Web Application Vulnerabilities and the SANS CWE (Common Weakness Enumeration) Top 25. In no event, shall the software and/or the way it is deployed contain any of the following weaknesses:
Injection flaws, such as SQL, OS, and LDAP injection; Cross site scripting flaws; Broken authentication and session management flaws; Insecure direct object references; Cross site request forgery flaws; Security misconfiguration; Failure to restrict URL access; Un-validated redirects and forwards; Insecure cryptographic storage; Insufficient Transport Layer Protection.
STAFFING AND TRAINING
4Geeks will be responsible for verifying that all members of the development team have been trained in secure programming techniques. Client may require members of 4Geeks’s development team (including any Client pre-approved contractors) to complete Client specific training modules relating to secure software development within a reasonable period of time from the time that such developers commence work on any applications to be developed for Client.
4Geeks will perform appropriate background investigation, in compliance with applicable laws, of all development team members; and, any individuals who are reasonably unacceptable to Client shall be removed from the development team.
4Geeks shall disclose all third-party software used in the software, including all libraries, frameworks, components, and other products, whether commercial, free, open source, or closed source.
4Geeks shall make reasonable efforts to ensure that third-party software meets all the terms of this Exhibit and the Agreement and is as secure as code developed or provided under this Exhibit and the Agreement, and shall advise Client where it does not.
Notwithstanding any acceptance testing rights of Client in the Agreement, and without prejudice to those rights, Client shall have a separate and independent right to review software, or have the software reviewed, for security flaws at Client’s expense at any time. 4Geeks shall provide reasonable support, at no additional cost to Client, to the review team by providing source code and access to test environments. Any security issues uncovered which impact the Security Requirements, or are in any other way material, will be reported to 4Geeks and 4Geeks shall promptly and diligently correct those issues and provide written evidence of such correction to Client describing how the issues were addressed.
ASSURANCES At the time of delivering the software, an officer or managing director level employee of 4Geeks (if an entity), or 4Geeks (if an individual) shall provide all documentation that addresses or impacts upon the issues covered in this Exhibit along with a certification indicating that all requirements of this Exhibit have been addressed. The certification should establish that the Security Requirements, design, implementation, and test results were properly completed and all security issues were resolved appropriately. In lieu of an unconditional certification, an appropriate individual associated with 4Geeks shall provide a conditional certification indicating which measures have been addressed, and which matters remain outstanding, or have been conditionally addressed, along with the plan to address those conditional provisions. 4Geeks warrants that it will scan the software before delivery to Client using anti-virus software chosen by Client to detect and protect against any code that does not support a software requirement and weakens the security of the application, including computer viruses, worms, time bombs, back doors, Trojan horses, Easter eggs, and all other forms of malicious code. 4Geeks warrants that the software, service, or hosting environment shall not contain any Tracking Technology (defined below), except as is specifically allowed in writing by Client.
SECURITY ISSUE MANAGEMENT AND ACCEPTANCE
If security issues are discovered or reasonably suspected, 4Geeks shall assist Client in performing an investigation to determine the nature of the issue. Security issues not previously identified in the risk assessment, part of the Security Requirements, or otherwise identified as part of the obligations under this Exhibit shall be deemed “Novel”.
4Geeks shall appropriately protect information regarding security issues and associated documentation, to help limit the likelihood that vulnerabilities in operational Client software are exposed.
4Geeks shall use commercially reasonable efforts consistent with sound software development practices, taking into account the severity of the risk, to resolve all security issues not considered Novel as quickly as possible.
4Geeks and Client agree to scope the effort required to resolve Novel security issues, and to negotiate in good faith to achieve an agreement to perform the required work to address them.
The software shall not be considered accepted (or the Statement of Work shall not be considered complete if no acceptance criteria) until all documentation to be provided by 4Geeks under this Exhibit has been produced, and all security issues have been resolved.
ETHICAL CODING PRACTICES
If Tracking Technology is present in any applications or environments, 4Geeks shall describe to Client: (i) the nature and operation of that Tracking Technology; (ii) which persons or entities may obtain any data or information arising from such Tracking Technology; (iii) the purposes for which such Tracking Technology is used; (iv) the purposes for which any data or information arising from the use of the Tracking Technology will be used; and, (v) the methods and means by which visitors to such websites and/or users of such applications can disable such Tracking Technologies if their preference is to not be tracked, or applicable law so requires.
All Tracking Technology utilized for any Client sites arising from the Services, shall be subject to Client’s written advanced approval, and shall comply with the following unless specifically waived in writing by Client: (i) shall not be a misuse of locally shared objects (FLASH cookies) such as where no FLASH is running on the site, and security does not require loading FLASH cookies; (ii) is capable of being erased by the user through normal browser processes; (iii) is capable of being suppressed by normal browser processes such as a voluntarily user selected do not track setting or plug-in; (iv) does not contain information that can individually identify a person; (iv) is free from all malware and spyware of any sort; (v), shall not contain any executable code; and, (vi) shall not be capable of sharing or transmitting any of Client’s user’s identities.