CipherShield Contractual Terms and Agreement
The supplier, CipherShield (the Supplier), provides cybersecurity and information technology services.
The customer (the Customer) wishes to obtain, and the Supplier agrees to provide, the services on the contractual terms set out in this agreement.
1. Definitions and Interpretation
1.1 Definitions
| Term | Definition/Meaning |
|---|---|
| Agreement Commencement Date | The date this agreement is signed by all parties. |
| APP | An Australian Privacy Principle under the Privacy Act. |
| APP Entity | Has the meaning given in the Privacy Act. |
| Business Day | A day banks are open for business in Sydney, excluding Saturdays, Sundays and public holidays. |
| Business Hours | 9:00am to 5:00pm on any Business Day. |
| Change Order | Has the meaning given in clause 7.1. |
| Consumer Price Index | Consumer Price Index (All Groups) (Australia) published by the Australian Bureau of Statistics. |
| Control | Has the meaning in section 50AA of the Corporations Act; change of control is construed accordingly. |
| Corporations Act | Corporations Act 2001 (Cth). |
| Customer Equipment | Any tools, systems, cabling, facilities or other equipment provided by the Customer, its agents, subcontractors or consultants, used in supplying the Services. |
| Customer Materials | All documents, information, items and materials provided by the Customer to the Supplier in connection with the Services (owned by the Customer or a third party). |
| Customer Representative | Has the meaning in clause 5.1(b). |
| Data Breach Investigation | An investigation carried out under clause 11.3(c). |
| Data Incident | An Eligible Data Breach that has occurred, or is suspected to have occurred, regarding Personal Information under this agreement. |
| Deliverables | Outputs of the Services specified in an Order and other documents, products, or materials provided by the Supplier to the Customer (excluding Hardware, Software and Supplier Equipment). |
| Eligible Data Breach | Has the meaning given in the Privacy Amendment (Notifiable Data Breaches) Act 2016 (Cth). |
| GST | Goods and services tax under A New Tax System (Goods and Services Tax) Act 1999 (Cth). |
| GST Law | Has the meaning given in that Act. |
| Hardware | Any physical product sold to the Customer by the Supplier. |
| Intellectual Property Rights | Patents, rights to inventions, copyright and related rights, trademarks, business names, domain names, technology and all other IP rights, registered or unregistered. |
| Log Files | Machine data/telemetry generated by computers or software and ingested into CipherShield’s managed platforms for the Customer’s ITC/OT environment. |
| Managed Services | Ongoing cyber security services provided by the Supplier as set out in the Managed Services Schedules to this agreement. |
| Milestone | A date by which part or all of the Services are to be completed, as set out in an Order. |
| Order | The Customer’s request for Services based on a valid Quote, or a Statement of Work/proposal issued by the Supplier and signed by the Customer. |
| Personal Information | Has a meaning in the Privacy Act. |
| Privacy Act | Privacy Act 1988 (Cth), as amended. |
| Professional Services | Consulting, design, development, implementation or training services as described in an Order. |
| Proposal | A document describing the Services to be provided and applicable pricing and charges. |
| Quote | A quotation for Services, including Service Charges. |
| Resale Services | Services performed by a third-party vendor and resold to the Customer by the Supplier under this agreement. |
| Sensitive Information | Has the meaning in the Privacy Act. |
| Service Charges | Amounts payable for the Services as set out in the relevant Order. |
| Services | The services set out in an Order, which may include Hardware, Software, Professional Services, Managed Services or other agreed services. |
| Software | Software (including software-as-a-service or licensed software) owned by a third-party vendor and provided to the Customer by the Supplier under this agreement. |
| Statement(s) of Work (SoW) | Document describing the Services and applicable pricing and charges. |
| Supplier Equipment | Any equipment (other than Hardware) including tools, systems, cabling or facilities provided by the Supplier and used in supplying the Services. |
| Term | Has the meaning given in clause 2.1. |
1.2 Interpretation
In this agreement, the following rules of interpretation apply unless the contrary intention appears or the context otherwise requires:
(a) Headings are for convenience only and do not affect interpretation.
(b) A reference to a body (other than a party), whether statutory or not, that ceases to exist or whose powers or functions pass to another body is a reference to the replacement or successor body.
(c) No provision will be construed against a party solely because that party prepared it.
(d) Terms such as “include”, “including”, “for example” or similar do not limit the preceding words.
(e) This agreement includes all schedules and attachments.
2. Commencement and Term
2.1 This agreement starts with the Agreement Commencement Date and, unless terminated earlier under clause 14, continues until either party gives the other 30 days’ written notice. A notice of termination takes effect only after all Orders entered before the notice date are completed (the Term).
2.2 If there are no uncompleted Orders when a termination notice is served, the notice terminates this agreement immediately.
2.3 No further Orders may be entered into after a termination notice is served under clause 2.1.
3. Orders
3.1 During the Term, the Services provided under any Order are governed by this agreement.
3.2 Once agreed, an Order may only be amended in accordance with clause 7.
3.3 Each Order forms part of this agreement and is not a separate contract.
3.4 Each Order will specify the Services to be provided. Schedules may apply to particular Services in addition to these General Terms.
3.5 Order of precedence (in case of inconsistency):
(a) the terms of the applicable Service Schedule(s);
(b) these General Terms; then
(c) the terms of the Order.
3.6 Any terms in a purchase order or other Customer document do not form part of this agreement unless expressly agreed in writing and signed by authorised signatories of both parties.
4. Supplier Obligations and Warranties
4.1 The Supplier will provide the Services to a professional standard and in all material respects in accordance with the relevant Order.
4.2 The Supplier will use reasonable endeavours to meet any delivery dates or Milestones, which are estimates only. The Supplier is excused from delay caused by circumstances beyond its reasonable control (including third-party delay), and timeframes will be extended accordingly.
4.3 The Supplier will comply with applicable information security laws and regulations in the countries in which it operates.
4.4 Except for non-excludable guarantees at law, the Supplier gives no additional warranties in relation to the Services.
4.5 The Supplier does not guarantee that outcomes will meet the Customer’s expectations or objectives; the Customer must make its own enquiries as to suitability.
4.6 While the Supplier will use appropriate skills, training and tools, the Customer acknowledges that provision of the Services does not guarantee that:
(a) all threats or non-compliant environments will be identified;
(b) all damage will be prevented; or
(c) all responses will be effective.
5. Customer Obligations and Warranties
5.1 The Customer:
(a) must provide reasonable assistance and access (including sites, networks, infrastructure, documentation, licence information, Customer Materials, and personnel) to enable performance of the Services;
(b) must appoint a manager for the Services (the Customer Representative); and
(c) warrants that the Customer Representative has the authority to bind the Customer on all matters relating to the Services (including Change Orders).
5.2 The Customer further warrants that:
(a) no legal restrictions prevent compliance with this agreement;
(b) it will cooperate and provide all information reasonably necessary for the Services;
(c) information provided is accurate, correct and complete;
(d) it has obtained, at its cost, all necessary consents, licences and permissions from third parties; and
(e) it consents to the use of its name and Intellectual Property in connection with the Services.
5.3 The Customer acknowledges that no promise, representation or guarantee has been made regarding outcomes, profitability, or other results beyond what is set out in this agreement. The Customer has relied on its own skill and judgement and acknowledges that the Supplier does not warrant uninterrupted or error-free services or that content will be secure or not lost or damaged.
6. Non-solicitation
From the date of an Order until 12 months after its completion, neither party will, without the other’s prior written consent, employ, engage, or attempt to employ or engage any employee or contractor of the other party involved in providing the Services.
7. Change Control
7.1 Either party may propose a change to the scope or delivery of the Services.
7.2 No change takes effect until the Supplier issues, and the Customer accepts (email is sufficient), a Change Order setting out the proposed changes and their impact on:
(a) the Services;
(b) the Service Charges;
(c) the Services timetable; and
(d) any other affected Order terms. Approved changes form part of the Order.
8. Service Charges and Payment
8.1 The Supplier will invoice the Customer in accordance with the Order. If not specified, invoices are monthly in arrears for Services delivered that month.
8.2 The Customer will pay reasonable, pre-advised additional expenses incurred by the Supplier in performing the Services.
8.3 The Customer must pay each invoice within 30 days of the invoice date to the bank account nominated by the Supplier.
8.4 Professional and consulting work is performed during Business Hours. If the Customer requires work outside Business Hours, charges apply at 150% of the quoted weekday rate, and 200% of the quoted rate for weekends and public holidays.
8.5 Unless an Order specifies otherwise, the Customer has 10 Business Days from delivery to provide feedback or request a project debrief on any deliverable or draft. After the debrief, or after 10 Business Days (whichever occurs first), the Supplier will issue the final deliverable/report and any related invoices.
8.6 The Supplier may increase ongoing Service Charges annually, effective on each Order anniversary, in line with the percentage increase in the Consumer Price Index for the most recent 12-month period.
8.7 If the Customer postpones or cancels Professional Services with less than 5 Business Days’ notice and the Supplier cannot redeploy consultants, a cost-recovery fee applies. If not specified in the Order, the default is AUD $2000 per person per day, up to a maximum of 5 days.
8.9 Professional Services retainers or blocks of days must be used within 12 months of purchase; unused time is forfeited thereafter.
8.10 Except for amounts disputed under clause 8.11, interest accrues on overdue amounts at the CBA Excess Drawing Interest Rate, calculated monthly. The Customer must reimburse the Supplier’s reasonable recovery costs on an indemnity basis.
8.11 Without limiting other rights, if the Customer fails to pay undisputed amounts when due, the Supplier may suspend Services and any credit facility after notice.
(a) pay any undisputed portion by the due date.
(b) within 5 Business Days of receipt, notify the Supplier in writing of the reasons for disputing the remainder, and
(c) within 5 Business Days after that notice, the parties will meet to attempt a resolution.
8.12 All sums payable to the Supplier under this agreement:
(a) are exclusive of GST (unless stated otherwise). The Customer must pay applicable GST on receipt of a valid tax invoice; and
(b) must be paid in full without set-off, counterclaim, deduction or withholding (other than tax withholding required by law).
9. Intellectual Property Rights
9.1 Each party retains ownership of its pre-existing Intellectual Property Rights.
9.2 Unless expressly stated otherwise in the Order:
(a) the Supplier and its licensors retain ownership of all Intellectual Property Rights in the Deliverables (excluding Customer Materials incorporated in them); and
(b) the Supplier grants the Customer a non-exclusive, royalty-free licence during the Term to use the Deliverables solely for receiving and using the Services.
10. Insurance
10.1 During the Term, the Supplier will maintain:
(a) Public Liability Insurance up to $20,000,000;
(b) Professional Indemnity Insurance up to $10,000,000; and
(c) Workers’ Compensation Insurance as required by law.
11. Privacy
11.1 If the Supplier collects, holds, uses or discloses Personal Information in connection with this agreement, the Supplier must:
(a) handle Personal Information in accordance with its privacy policy;
(b) use Personal Information only to perform its obligations; and
(c) not disclose Personal Information to third parties (including subcontractors) without the Customer’s prior written consent or as required by law.
11.2 The Customer warrants that it:
(a) will not provide Sensitive Information unless necessary for the Services and then only with the Supplier’s specific written consent;
(b) has made all notifications required by APP 5 and obtained all necessary consents by APP 6 to enable the Supplier to use the Personal Information lawfully in performing the Services; and
(c) has informed individuals that Personal Information may be accessed by people located overseas for service delivery and back-office functions, including billing.
11.3 Data Incidents: If the Supplier becomes aware of, or has reasonable grounds to suspect, a Data Incident:
(a) it will immediately take reasonable steps to contain the incident and prevent further serious harm;
(b) it will promptly notify the Customer in writing with details of the incident and actions taken;
(c) it will investigate whether the incident is an Eligible Data Breach within 20 days;
(d) on completion, it will provide the Customer with a copy of the investigation report;
(e) it will discuss with the Customer the conduct and outcomes of the investigation and, if an Eligible Data Breach has occurred, whether the Customer or the Supplier will make the required notifications; and
(f) where the Supplier is to make notifications, the Customer must promptly review and not unreasonably withhold approval of the notifications before they are made.
11.4 The Customer:
(a) acknowledges that the Supplier relies on the Customer’s directions regarding the extent to which Personal Information disclosed under this agreement may be used;
(b) indemnifies the Supplier against third-party claims arising from the Supplier’s acts or omissions in relation to Personal Information to the extent those acts or omissions result directly from the Customer’s instructions or breach of this agreement; and
(c) acknowledges the Supplier may provide information to third parties to assess the Customer’s credit standing, history and capacity.
12. Confidentiality
12.1 Each party (the Recipient) must keep confidential any information relating to the other party or its business disclosed by or on behalf of that party, and the terms of this agreement, except where:
(a) the information is in the public domain (other than through breach of confidence);
(b) disclosure is required by law or a recognised securities exchange;
(c) disclosure is expressly permitted by this agreement;
(c) disclosure is to officers, employees or professional advisers who need to know, provided they keep it confidential;
(d) disclosure is required for legal proceedings regarding this agreement; or
(e) the disclosing party has consented in writing.
12.2 The Recipient must ensure its directors, officers, employees, agents, representatives, and related bodies comply with clause 12.
12.3 On termination, the Customer may direct the Supplier in writing to destroy or return the Customer’s confidential information, subject to the Supplier retaining information required for corporate and accounting records.
13. Limitation of remedies and liability
13.1 Nothing limits or excludes liability for:
(a) death or personal injury; or
(b) fraud by a party or its employees.
13.2 Subject to clause 13.1, neither party is liable (whether in contract, tort (including negligence) or otherwise) for special, indirect or consequential loss, including loss of profits (except as included in Service Charges), sales or business, production, agreements, business opportunity, anticipated savings, goodwill, reputation, or loss/corruption of software, data or information.
13.3 If a supply constitutes a consumer supply under the Competition and Consumer Act 2010 (Cth) or relevant State/Territory law, nothing in this agreement excludes, restricts or modifies any non-excludable rights. Where permitted, the Supplier’s liability is limited to:
(a) for goods: repair or replacement, supply of equivalent goods, or payment of the cost of repair/replacement/equivalent goods; and
(b) for services: re-supply of the services or payment of the cost of re-supply.
13.4 Subject to clauses 13.1 and 13.3, a party’s aggregate liability:
(a) for claims connected with an Order, arising in any calendar year, will not exceed 100% of the total charges (including fees and interest) payable by the Customer to the Supplier under that Order in that year; and
(b) for claims not connected with an Order will not exceed 100% of the total charges (including fees and interest) paid or payable under this agreement in the 12 months prior to the claim arising.
13.5 While the Supplier takes reasonable measures to preserve data it may access while providing the Services, it is not responsible if data is corrupted or erased for any reason. The Customer must maintain current backups and hold the Supplier harmless from claims arising from failure to restore data.
13.6 The Supplier is not liable for any proceeding or claim:
(a) caused by an act or omission of the Customer or its personnel; or
(b) relating to actions of the Supplier expressly or impliedly authorised by the Customer or its personnel.
14. Termination
14.1 Without limiting other rights, either party may terminate this agreement with immediate effect by written notice if:
(a) the other party fails to pay any amount when due and does not remedy within 7 days of written notice;
(b) the other party commits an irremediable material breach, or (if remediable) fails to remedy within 14 days of written notice; or
(c) the other party becomes, or is in jeopardy of becoming, subject to insolvency, administration, receivership or liquidation.
14.2 On termination of this agreement:
(a) all existing Orders terminate automatically;
(b) the Customer must immediately pay all outstanding invoices and interest, and the Supplier may issue invoices for Services supplied but not yet invoiced (including Hardware/Software orders that cannot be cancelled), payable under clause 8.3;
(c) the Customer must promptly return all Supplier Equipment (failing which the Supplier may enter premises to recover it and the Customer remains responsible for safekeeping); and
(d) the following clauses will continue in force: 1 (Interpretation), 6 (Non-solicitation), 9 (Intellectual Property Rights), 12 (Confidentiality), 13 (Limitation of remedies and liability), 14 (Termination), 22 (Waiver), 23 (Severability) and 28 (Governing law and jurisdiction).
15. Force Majeure
15.1 A party (the Affected Party) is not in breach, nor liable for loss suffered by the other, if performance is prevented, hindered or delayed by events beyond its reasonable control (Force Majeure Event).
15.2 The Affected Party is entitled to a reasonable extension of time and will use reasonable endeavours to perform despite the event.
15.3 Performance must resume as soon as practicable after the Force Majeure Event ceases.
16. Assignment and Subcontracting
Neither party may assign rights or novate this agreement without the other’s prior written consent (not to be unreasonably withheld). The Supplier may subcontract obligations and remains responsible for performance.
17. Project Governance
17.1 Each party will appoint a Project Sponsor and Project Manager with authority for day-to-day decisions.
17.2 Status meetings at least weekly during delivery; written status reports at least fortnightly (unless a SoW specifies otherwise).
17.3 Delivery may follow an agile/iterative approach; sequencing may be adjusted reasonably to manage risk and dependencies.
18. Publicity
The Supplier may reference the Customer (name and logo) and describe the engagement in general terms, subject to the Customer’s prior written approval for any detailed case studies.
19. Records and Audit
For 12 months after a SoW ends, each party will retain relevant records. For managed services or regulated environments, reasonable audit rights may be specified in the SoW.
20. Variation
Any amendment to this agreement must be in writing and signed by both parties.
21. Modern Slavery
21.1 In this clause, Modern Slavery has the meaning in the Modern Slavery Act 2018 (Cth).
21.2 The Supplier will take reasonable steps to identify, assess and address risks of Modern Slavery in operations and supply chains used for the Services.
21.3 If the Supplier becomes aware of Modern Slavery practices in those operations or supply chains, it will take reasonable action as soon as practicable to address or remove those practices, including by addressing the practices of relevant entities in its supply chains.
22. Waiver
A party may not rely on words or conduct of another as a waiver of any right, power or remedy unless the waiver is in writing, signed by the granting party, and effective only to the extent stated.
23. Severability
If any provision, or part of it, is invalid or unenforceable in any jurisdiction, it is severed to that extent in that jurisdiction, without affecting the remainder or the validity in other jurisdictions.
24. Entire Agreement
This agreement states all express terms agreed by the parties about its subject matter and supersedes all prior understandings and proposals on that subject.
25. Relationship of the Parties
Nothing in this agreement creates a partnership, joint venture, agency or fiduciary relationship. No party may bind another.
26. Notices
26.1 All notices must be in writing.
26.2 A notice is taken to be received:
(a) if hand-delivered, on delivery; or
(b) if sent by email, on receipt of a non-automated reply or other confirmation indicating the notice has been received.
27. Counterparts
This agreement may be executed in any number of counterparts.
28. Governing Law and Jurisdiction
This agreement is governed by the law in force in Western Australia.
Each party irrevocably submits to the exclusive jurisdiction of the courts of Western Australia, and their appellate courts, for proceedings arising out of or in connection with this agreement.