FORGE INSTITUTE MASTER SERVICES AGREEMENT

This “Agreement”, which shall be posted online at www.Forge.Institute/Terms, is entered into by Forge Institute (“Forge”) and the person signing the Forge Institute Services Order Form agreeing to the terms of this Agreement (“Customer” or “You”) effective as of the date so signed (or accepted) by the last Party to do so (the “Effective Date”) on said Order Form and will be continue until the date that is one year thereafter (the “Renewal Date”, if applicable) unless terminated sooner as hereinafter provided. Forge and Customer may be referred to herein individually as a “Party”, and collectively as the “Parties”. This Agreement governs the Parties respective rights and duties concerning the Services selected by Customer and provided by Forge. Upon posting of any subsequently amended version of this Agreement online at www.Forge.Institute/Terms, Customer’s continuation of such Services after receiving notice of such posting shall constitute acceptance of any such amendment(s) not otherwise expressly accepted in writing. 

1. DEFINITIONS

1. “Best Practices” means any advice, content, instructions, practices, policies, documentation, or other tangible or intangible information that is considered generally accepted by practitioners or industry and government entities. 

1. “Customer Protected Data” or “CPD” means any of Customer’s data not publicly available and which is gathered through the provision of the Services or contained in any Deliverable, including (without limitation) personal identifiable data, payment card information, critical infrastructure and key resources information, and other protected data. 

1. “Deliverable” means the draft or final report created for Customer as a result of the Services provided hereunder, unless otherwise defined in an individual Order.

1. “Services” means the consulting, testing, recommending, advising, implementing, assessing or other services selected by Customer and described in an Order Form that Forge provides pursuant to Section 2.2 hereof or (if applicable) Section 2.3 hereof. Services may be either:

(a) “Non-engaged Services” provided for implementation of standard Best Practices (without liability and indemnification duties), including (for example, if selected by Customer) those identified in Section 2.2.  

(b)  “Professional Services” subject to the standard of care of the cybersecurity industry in Arkansas, including (for example, if selected by Customer) the following: 

(1) No Professional Services are currently offered.

1. “Order” means (a) a mutually agreed upon Order Form, statement of work, or scope of work, or scope of service, or service brief that sets forth and describes the Services to be provided hereunder, the applicable fees to be paid (if any), and as applicable, any delivery schedules, timelines, specifications, and any other terms agreed upon by the parties; or (b) a Forge services-ordering document which identifies the Services ordered and references this Agreement. An Order must include indicia of agreement of the Parties, including (for example) the Parties signature or written acknowledgement, or Customer’s electronic signature or similar acceptance indicator in accordance with digital media industry standards.
   

2. “Termination” means the termination, expiration or non-renewal of this Agreement or an Order subject to this Agreement, in accordance with the provisions of this Agreement or, if applicable, the provisions of said Order.

2.     SERVICES

2.1 Services Order. Any and all Services performed by Forge shall be selected by Customer on the Order and Order signed or accepted by the Parties.  All changes to said selection of Services must be approved by both Parties in writing.

2.2 Non-engaged Services. Customer agrees that Forge provides Non-engaged Services to Customer free of charge, but also free of liability exposure and indemnity obligations. Said freedom from liability exposure and indemnity obligations apply to all of Forge’s communications, acts and omissions to or for Customer, including (for example)  but not limited to cyber security risk assessments, “best practices” protocols and information and training, supplier/vendor risk management, contractual agreements and insurance, consumer privacy compliance, and cybersecurity incident response. Forge provides scans of Internet services associated with the Customer to observe potential vulnerabilities and attack paths. These Services include scanning publicly available information about the Customer through Internet services (e.g., DNS, IP addressing, TLS certificates, etc.), social media posts, and web presence. No attempts will be made to exploit Customer’s vulnerabilities or penetrate Customer’s internal networks. Forge will provide Customer with a summary report of potential vulnerabilities and remediations. All report data will be treated as Confidential. Forge provides Non-engaged Services for help purposes only, not as a third party managed security service provider. Due to the complex and malicious nature of cyber security threats, customers are strongly encouraged to also contact their insurer and attorney for additional information and assistance.

2.3 Professional Services.

(a) Professional Services purchased and paid for by Customer are subject to the provisions of Article 6 (Limited Warranty), Article 7 (Limitation of Liability) and Article 8 (Indemnification) hereinbelow.

(b) Customer may reschedule the Professional Services up to ten business days prior to the start of the Services, at no cost. If Customer reschedules the Services with less than ten business days’ notice, Customer will forfeit the portion of the Services equal to the number of days that were rescheduled without the required notice. If Customer reschedules the Services after they have begun, Customer will forfeit five days of Services, or the number of days remaining on the Services, whichever is fewer. Customer will also be responsible for any out-of-pocket expenses incurred by Forge due to such rescheduling.

(c) If performance of the Professional Services is delayed by Customer’s acts or omissions, including Customer’s failure to meet the requirements set forth in an Order, Customer will forfeit the duration of such delay from its Professional Services time. Customer will have one month from the date of the applicable Services order to use or schedule any Professional Services, after which time any remaining, unscheduled Professional Services time will be forfeited.

2.4 Deliverables. Customer retains all right, title and interest in and to Customer Data and Customer Confidential Information. In addition, Customer shall own all right, title and interest in the Results obtained by Customer through Customer’s use of the Services. For purposes of this Agreement, “Results” shall mean the data based on Customer Data resulting from Customer’s use of the Service, but does not include any dashboards for displaying results, report templates or other components of the Service used by Forge. Forge owns all right, title, and interest in and to Forge’s trade secrets, its Confidential Information, and other proprietary rights in any material used by Forge or presented to Customer, whether such was developed prior to the Services, independent of this Agreement, or in performance of the Services (each, “Forge IP”), including but not limited to, documentation, software, designs, inventions, discoveries, specifications, improvements, tools, models, know-how, methodologies, analysis frameworks, and report formats. Customer will have a perpetual, royalty-free, worldwide, non-exclusive, non-transferable license to use any Forge IP incorporated into any Deliverable, for Customer’s internal business purposes only, upon Customer's payment in full of all undisputed amounts due hereunder (if any). Forge may incorporate the Forge IP in future performance of any of its Services, provided Customer Data or Customer Confidential Information is not included in any Forge IP.

2.5 Forge Personnel. Forge shall have sole discretion in staffing the Services and may assign the performance of any portion of the Services to any subcontractor, except that Customer may request the use of Forge personnel in any Order. In the event that Forge subcontracts any portion of the Services, Forge shall be fully responsible for the acts and omissions of any such subcontractor and shall not be relieved of its obligations under this Agreement.

2.6 Customer Systems. Customer represents and warrants that it has authorization from Customer’s owner or management for Forge to perform the Services on the networks, systems, IP addresses, assets, and/or hardware as instructed by Customer, and that Customer will provide Forge with access to all records, practices and policies needed to perform the Services.

3.     FEES; PAYMENT TERMS

3.1 Non-engaged Services are free of charge through August 31, 2023; thereafter, the charges for Non-engaged Services will be as published on the appropriate page of www.Forge.Institute and any Order.

3.2 Customer agrees to pay the fees, charges and other amounts in accordance with any applicable Order. Forge will invoice Customer upon execution of an Order, unless otherwise agreed by the Parties. All fees are non-refundable, unless otherwise stated in an applicable Order. In the event an Order requires travel by Forge to a Customer-designated site, Customer shall also reimburse Forge for all reasonable out-of-pocket expenses incurred by Forge in connection with delivery of the Services.

3.3 Customer shall be responsible for remitting all taxes levied on any transaction under this Agreement, including (for example) all federal, state and local sales taxes, levies and assessments, and local withholding taxes in Customer’s jurisdiction, if any, excluding, however, any taxes based on Forge's income. In the event Customer is required to withhold taxes from its payment or withholding taxes are subsequently required to be paid to a local taxing jurisdiction, Customer is obligated to pay such tax, and Forge, as applicable, will receive the Order payment amount as agreed to net of any such taxes. Customer shall provide to Forge written evidence that such withholding tax payment was made.

4.     CONFIDENTIALITY

4.1 Confidential Information. “Confidential Information” means information provided by one Party to the other Party which is designated in writing as confidential or proprietary, as well as information which a reasonable person familiar with the disclosing Party’s business and the industry in which it operates would know is of a confidential or proprietary nature. A Party will not disclose the other Party’s Confidential Information to any third party without the prior written consent of the other Party, nor make use of any of the other Party’s Confidential Information except in its performance under this Agreement. Each Party accepts responsibility for the actions of its agents or employees and shall protect the other Party’s Confidential Information in the same manner as it protects its own Confidential Information, but in no event with less than reasonable care. The Parties expressly agree that the terms and pricing of this Agreement are Confidential Information. A receiving Party shall promptly notify the disclosing Party upon becoming aware of a breach or threatened breach hereunder, and shall cooperate with any reasonable request of the disclosing Party in enforcing its rights.

4.2 Exclusions. Information will not be deemed Confidential Information if such information: (a) is known prior to receipt from the disclosing Party, without any obligation of confidentiality; (b) becomes known to the receiving Party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing Party; (c) becomes publicly known or otherwise publicly available, except through a breach of this Agreement; or (d) is independently developed by the receiving Party without use of the disclosing Party’s Confidential Information, such independent development to be evidenced by written or electronic documentation in existence before receipt of such Confidential Information from the disclosing Party; however, the receiving Party may disclose Confidential Information pursuant to the requirements of applicable law, legal process or government regulation, provided that (unless prohibited from doing so by statute, regulation or court order) the receiving Party gives the disclosing Party reasonable prior written notice before disclosure, and such disclosure is otherwise limited to the required disclosure.

4.3 Dissemination Markings. Customer agrees to abide by and follow the dissemination markings on each and every Deliverable provided by Forge. Dissemination markings governing the distribution of the documentation may include the TLP or Traffic Light Protocols or other State or Federal Government markings. If Dissemination Markings are used, Customer will be provided information on how to follow the requirements of the Dissemination Marking. 

5.     DATA PRIVACY

5.1 Customer Protected Data. To the extent that Forge possesses CPD  about any individual or entity in the course of providing any of the Services, Forge may use such Customer Protected Data as necessary: (a) to provide the Services to Customer; (b) in anonymized and aggregated form that does not or cannot be used to identify Customer or any Customer Data, generate statistics and produce reports; and (c) to collect data and analytics about use of the Services in order to continue to improve the development and delivery of the Services.

5.2 Data Privacy. Customer represents and warrants that Customer has obtained all necessary rights to permit Forge to collect and process Customer Data from Customer, including, without limitation, data from endpoints, servers, cloud applications, information systems, and logs.

5.3 Compliance with Law.  Forge may disclose Customer Data or Personal Data pursuant to the requirements of applicable law, legal process or government regulation, provided that (unless prohibited from doing so by statute, regulation or court order) Forge gives Customer reasonable prior written notice before disclosure, and such disclosure is otherwise limited to the required disclosure.

5.4 This Agreement and related Orders are subject to Forge’s Privacy Policy found at www.forge.institute/terms, as it currently exists and is hereafter amended in Forge’s sole discretion, which policy being incorporated herein by reference.

6.     LIMITED WARRANTY

6.1 Warranty and Remedy. Forge warrants that the Professional Services will be provided with reasonable skill and care conforming to generally accepted industry standards, and in conformance in all material respects with the requirements set forth in the Order. Customer must report any deficiency in the Services to Forge in writing within fifteen business days of delivery or performance of the portion of the Services containing the deficiency. For any breach of the above warranty, Forge will, at its option and expense, either (a) use commercially reasonable efforts to provide remedial services necessary to enable the Services to conform to the warranty, or (b) refund pro-rata amounts paid for the non-conforming Services. Customer will provide reasonable assistance in remedying any defects. The remedies set out in this subsection are Customer’s sole remedies for breach of the above warranty.

6.2 No Other Warranty. EXCEPT FOR THE WARRANTY ABOVE, FORGE MAKES NO OTHER WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS. FORGE MAKES NO WARRANTY THAT ALL SECURITY RISKS, INCIDENTS, OR THREATS WILL BE DETECTED OR REMEDIATED BY USE OF THE SERVICES OR THAT FALSE POSITIVES WILL NOT BE FOUND.

7.     LIMITATION OF LIABILITY

7.1 Exclusion of Certain Damages. NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE.

7.2 Limitation on Amount of Liability. WITH RESPECT TO EACH RESPECTIVE ORDER, NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR MORE THAN THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER TO FORGE THEREUNDER DURING THE TWELVE MONTHS IMMEDIATELY PRIOR TO THE EVENT GIVING RISE TO LIABILITY, EXCEPT THAT THE LIMITATION IN THIS SECTION 7.2 SHALL NOT APPLY TO: (a) VIOLATIONS OF A PARTY’S INTELLECTUAL PROPERTY RIGHTS BY THE OTHER PARTY; OR (b) A PARTY’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT.

8.     INDEMNIFICATION

8.1 By Forge. Forge will indemnify Customer from and against all costs, liabilities, losses, and expenses (including, but not limited to, reasonable attorneys’ fees) (collectively, “Losses”) arising out of a third party claim alleging that the Professional Services infringe or misappropriate any intellectual property rights of such third party. Notwithstanding the foregoing, in no event shall Forge have any obligations or liability under this Section arising from: (a) use of any Services in a manner not anticipated by this Agreement or in combination with materials not furnished by Forge, and (b) any content, information or data provided by Customer or other third parties. If the Services are or are likely to become subject to a claim of infringement or misappropriation, then Forge will, at its sole option and expense, either: (c) obtain for the Customer the right to continue using the Services; (d) replace or modify the Services to be non-infringing and substantially equivalent to the infringing Services; or (e) if options (a) and (b) above cannot be accomplished despite the reasonable efforts of Forge, then Forge may terminate Customer’s rights to use the infringing Services and will refund pro-rata any prepaid fees for the infringing portion of the Services. THE RIGHTS GRANTED TO CUSTOMER UNDER THIS SECTION 8.1 SHALL BE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY ALLEGED INFRINGEMENT BY THE SERVICES OF ANY PATENT, COPYRIGHT, OR OTHER PROPRIETARY RIGHT.

8.2 By Customer. Customer will indemnify, defend, and hold Forge harmless from and against all Losses arising out of a third party claim regarding: (a) Customer’s violation of any representations and warranties made in Sections 2.6 and 5.2 of this Agreement; or (b) Customer’s violation of applicable law.

9. TERM AND RENEWAL(S)

9.1 Relationship between Order and this Agreement. This Agreement may only be Terminated in accordance with the provisions of this Article 9. Each  Order is subject to the provisions of this Agreement and may only be Terminated in accordance with the provisions of said Order, as augmented by the provisions of this Article 9 to the extent not expressly covered by said Order; absent express coverage in said Order, the provisions of this Article 9 apply to the Termination of said Order. The term of each Order will govern the Services identified therein, provided that this Agreement remains in effect; termination of this Agreement terminates all Orders. This Agreement will survive the Termination of any Order so long as at least one Order remains in effect; however, Termination of all remaining Orders in accordance with the provisions thereof or hereof, as applicable, will Terminate this Agreement unless extended by the Parties in writing.

9.2 Automatic Renewal(s). This Agreement will automatically renew on the Renewal Date unless Terminated as hereinafter provided; thereafter, each anniversary of the Renewal Date will constitute another Renewal Date for the automatic renewal of the term of this Agreement for an additional year unless Terminated as hereinafter provided.

9.3 Termination for Cause. Either Party may terminate this Agreement and/or any related Order:

(a)   effective immediately upon the cessation of business operations of one Party;

(b)  effective thirty (30) days after the Accused Party’s receipt of written notice from the aggrieved Party that the Accused Party has breached a material provision of this Agreement or Order (for example, non-payment of invoiced amounts), said notice setting forth the facts constituting said breach, provided that the Accused Party does not provide written or tangible evidence that said breach has been cured before the expiration of said thirty (30) days; or

(c)   within sixty (60) days of the filing of voluntary or involuntary bankruptcy, insolvency or similar proceeding against the Accused Party that is not dismissed.

9.4 Termination Without Cause.  Either Party may terminate this Agreement and/or any Order upon no less than thirty (30) days’ prior written notice to the other Party, for any or no reason.

9.5 Renewal(s). The initial 1-year term of this Agreement (from the Effective Date until the Renewal Date), and any additional 1-year renewal terms (from a Renewal Date until the next anniversary Renewal Date), will automatically renew for an additional 1-year term unless Terminated earlier in accordance with this Agreement or unless either Party provides the other with written notice of non-renewal at least thirty (30) days prior to the respective upcoming Renewal Date. Compensation for Services during each successive renewal term will be at the same rate(s) for the same during the previous term, unless Forge provides Customer with written notice of any new compensation rate(s) at least Forty-five (45) days prior to the upcoming Renewal Date.

9.6 Survival. All provisions of this Agreement which by their nature are intended to survive the termination of this Agreement shall survive such termination.

9.7 Payment for Services Provided. If either Party elects to Terminate with or without cause, then the Customer shall immediately pay all fees due for services rendered up to date of notice of termination. 

10. GENERAL PROVISIONS

10.1 Miscellaneous. (a) This Agreement shall be construed in accordance with and governed for all purposes by the laws of the State of Arkansas, excluding its choice of law provisions, and each Party consents and submits to the jurisdiction and forum of the state and federal courts in the State of Arkansas located in Little Rock, Arkansas and each Party waives all objections to venue and personal jurisdiction for matters arising from or related to this Agreement and/or any related SOW; (b) this Agreement, along with all related SOWs constitute the entire agreement and understanding of the Parties hereto with respect to the subject matter hereof, and supersedes all prior agreements and undertakings, both written and oral; (c) this Agreement and each SOW may not be modified except by a writing signed by each of the Parties; (d) in case any one or more of the provisions contained in this Agreement shall for any reason be held to be invalid, illegal or unenforceable in any respect, such invalidity, illegality or unenforceability shall not affect any other provision of this Agreement but rather this Agreement shall be construed as if such invalid, illegal or other unenforceable provision had never been contained herein; (e) Customer shall not assign its rights or obligations hereunder without Forge's prior written consent; (f) subject to the foregoing subsection (e), this Agreement shall be binding upon and shall inure to the benefit of the Parties hereto and their successors and permitted assigns; (g) no waiver of any right or remedy hereunder with respect to any occurrence or event on one occasion shall be deemed a waiver of such right or remedy with respect to such occurrence or event on any other occasion; (h) nothing in this Agreement, express or implied, is intended to or shall confer upon any other person any right, benefit or remedy of any nature whatsoever under or by reason of this Agreement, including but not limited to any of Customer’s own clients, customers or employees, vendors and third-party suppliers; (i) the headings to the sections of this Agreement are for ease of reference only and shall not affect the interpretation or construction of this Agreement; (j) terms in an SOW have precedence over conflicting terms in this Agreement, but have applicability only to that particular SOW; and (k) this Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.

10.2 Injunctive Relief. Notwithstanding any other provision of this Agreement, both parties acknowledge that any breach of this Agreement may cause the other Party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate. Therefore, the Parties agree that, in addition to any other remedy to which a Party may be entitled hereunder, at law or equity, each Party shall be entitled to seek an injunction to restrain such use in addition to other appropriate remedies available under applicable law.

10.3 Relationship of the Parties. Forge and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or creating the relationships of principal and agent between them, for any purpose whatsoever. Neither Party shall make any contracts, warranties or representations, or assume or create any obligations, express or implied, in the other Party’s name or on its behalf.

10.4 Force Majeure. Other than payment obligations hereunder, neither Party will be liable for any inadequate performance to the extent caused by a condition that was beyond the Party's reasonable control (including, but not limited to, natural disaster, act of war or terrorism, riot, global health crisis, acts of God, or government interference or intervention), except for mere economic hardship, so long as the Party continues to use commercially reasonable efforts to resume performance.

10.5 No Reliance. Customer represents that it has not relied on the availability of any future feature or version of the Services or any future product or service in executing this Agreement or purchasing any Services hereunder.

10.6 Notices. Unless specified otherwise herein, (a) all notices must be in writing and addressed to the attention of the other Party's primary point of contact and (b) notice will be deemed given: (1) when verified by written receipt if sent by personal courier, overnight courier, or when received if sent by mail without verification of receipt; or (2) when verified by automated receipt or electronic logs if sent by email. When sent by email, notices to Forge must be sent to Agreements@Forge.Institute.

10.7 Publicity. Customer acknowledges that Forge may use Customer’s name and logo for the purpose of identifying Customer as a customer of Forge Services.

10.8 Compliance with Law. Each Party agrees to comply with all applicable federal, state and local laws and regulations including but not limited to those governing the use of network scanners, vulnerability assessment software products, encryption devices, user monitoring, and related software in all jurisdictions in which systems are scanned, scanning is controlled, or users are monitored.