Terms & Conditions - Cyber-Security Professional Services

 

  1. Definitions
    1. “Service” refers to a Cyber Security Professional Service provided by StarHub Ltd, and shall include without limitation, incidence response, penetration testing, vulnerability assessments and security operations centre (SOC) services (Reg. No. 199802208C).
    2. “Force Majeure Event” means any event beyond our reasonable control, including without limitation, acts of God, requirements of any governmental or regulatory authority, war, national emergency, accident, fire, lightning, equipment failure, computer software or Software malfunction, electrical power failure, faults, interruption or disruption of the Network or the networks of other Service Providers or of your equipment or the equipment of any third party, riots, strikes, lock-outs, industrial disputes (whether or not involving our employees) or epidemics of infectious diseases.
    3. “Report” shall mean the reports for the services rendered, which you may receive as part of this Service.
       
  2. Eligibility for Service.
    1. We will provide the Service(s) as stated in the application form and/or order form as may be agreed by us from time to time.
    2. We will not be liable for any Service failure, interruption or performance degradation:-
      1. arising from StarHub's Business Internet service; and/or
      2. arising from the local/international leased circuit connections.
    3. Notwithstanding any other provision herein, we may decline acceptance of your application at our discretion.
       
  3. Service Provision
    1. Without prejudice to paragraph 2.3 above, we reserve the right not to accept or proceed with your application if:
      1. the application form submitted by you is not duly completed and signed; or
      2. you fail to provide us with the information as stipulated in these terms and conditions or the application form and/or questionnaire.
    2. If we accept your application for the Service, we will notify you of the commencement date for the provision of the Service and this date will be known as the ready for service ("RFS") date. The RFS date will be specified in our accepted application. We reserve the right to change the RFS date without liability.
    3. You will receive your reports on a monthly, or otherwise periodic, basis after the RFS date.
    4. If you cancel your application for the Service before the RFS date, you will be liable to pay our prevailing cancellation Charges, which shall be 100% of the recurring subscription Charges for the Minimum Period of Service, as well as any one-time charges, as may be applicable.
       
  4. Minimum Period of Service
    1. The initial Minimum Period of Service for the Service shall be such period as is stated in the application form computed from the RFS date. Upon the expiry of the initial Minimum Period of Service, the Service will be renewed automatically on a monthly basis unless either party gives the other party written notice of termination in accordance with these terms and conditions.
    2. The computation of the Minimum Period of Service will not take into account any period of suspension or cessation of the Service. If the Service is suspended or ceased and subsequently reactivated, the Minimum Period of Service will be automatically extended by such period of suspension or cessation.
       
  5. Duration of Service
    1. The Service under this Agreement will commence on the RFS date as notified by us to you in accordance with paragraph 4.2 above.
    2. This Agreement will continue until the end of the duration as set out in the Application Form.
       
  6. Scope of Service
    1. We will provide the Service to you in accordance with the details set out in the application form. Under no circumstances shall we be responsible if any of the particulars provided by you in the application forms are incorrect, false and/or incomplete.
    2. You may request us to change, from time to time, the Service particulars set out in the application/order form, subject to our confirmation and payment of the prevailing administrative fee chargeable by us. In the event of such change, the subscription Charges payable and the Service particulars will be amended accordingly. For the avoidance of doubt, you will continue to be liable for the payment of such revised subscription Charges pursuant to paragraph 9.1 below.
    3. You acknowledge and agree that availability of the Service is subject to:-
      1. availability of resources, including but not limited to, network availability and our area of coverage at the time at which the Service is requested or delivered;
      2. geographic and technical capacity of the Network and of our delivery systems at the time at which the Service is requested or delivered; and
      3. provisioning time for the Service. Such provisioning time will be determined by us in our discretion and may be changed by us.
    4. We reserve the right to immediately stop any Service(s) with or without notice to you, if we determine in our absolute discretion that the provision of such Service(s) will or may affect the Service's infrastructure, StarHub IP Backbone and/or the Network. We will not be liable to you or any third party for the foregoing.
       
  7. Use of the Service
    1. Grant of License
      1. Subject to the provisions of this Agreement, StarHub grants to you a limited non-exclusive, non-transferable and non-assignable right to use the Reports for your internal use only.
      2. The Report(s) and any related documentation is owned by StarHub or its partners, and is protected by applicable intellectual property laws. Nothing in this Agreement conveys to you any title, or property interest, in the Report(s).
      3. You shall retain and shall not remove, or destroy any copyright, trademarks, logos or any other intellectual property rights or notices placed or contained in the Software, as delivered to you, unless you receive the express written permission of StarHub.
    2. You shall fully indemnify us in respect of any infringement of any intellectual property rights (“IPR”) arising as a result of your use of the Report(s) in breach of the Agreement. You will allow us (or our licensors) to control any proceedings arising as a result of such infringement, threatened infringement, or claim relating to the IPR. You shall make no admission as to liability or agree to any settlement or compromise of any action. You shall, at our request and cost, offer such assistance as we may reasonably request in relation to any proceedings relating to our IPR. Any recovery obtained from such proceedings shall accrue solely for our benefit. You may also be require to cease use of part of or all of the Reports should any such IPR infringement arise.
       
  8. Your Responsibilities
    1. In addition to paragraph 4 (Your Responsibilities) of our General Terms & Conditions, you agree that you must provide accurate and complete particulars/information to us and such particulars/information will be set out in the application/order form;
    2. You shall not and shall not permit others to use or permit the use of the Report(s) and/or the related documentation for any purpose or use, other your internal use. You shall not disclose, copy, disseminate, redistribute, or publish any portion of the Service or Report(s) to any other party. Reproduction of the Service in any form or by any means is forbidden without our prior written permission, including but not limited to :-
      1. information storage and retrieval systems;
      2. recordings and re-transmittals over any network (including any local area network);
      3. use in any timesharing, service bureau, bulletin board or similar arrangement or public display;
      4. posting any portion of the Service / Reports to any other online service (including bulletin boards or the Internet); or
      5. sublicensing, leasing, selling, offering for sale or assigning the Service to another entity or user.
    3. You acknowledge and understand that if you do not fulfill your obligations or provide the necessary information as provided herein, then we may not be able to provide or may have to cease providing the Service to you.
       
  9. Billing
    1. You are liable to pay the Charge(s) for the Service, at the prevailing prescribed rate(s) as stated in the application and/or order form as may be agreed by us from time to time.
       
  10. Liability
    1. The Service(s) and Report(s) are provided on an “as is” basis, without warranties of any kind, whether express or implied, including implied warranties of merchantability, satisfactory quality, fitness for a particular purpose and non-infringement, to the fullest extent allowed by law. No advice or information whether oral or written, obtained by you from us or through the Service(s) and/or Report(s) will create any warranty not expressly set out in this Agreement. The use of the Report(s) shall be at your own risk.
    2. Without prejudice to paragraph 11 of our Business General Terms & Conditions, under no circumstances will we and our Affiliates and sub-contractors be liable for:
      1. any costs of procurement or substitute or replacement goods or services, lost business profits or revenue or loss or corrupted data, loss of production, loss of contracts, loss of goodwill or anticipated savings, or wasted management and staff time; and/or
      2. any incidental, indirect, special or consequential damages, losses, expenses or costs of any kind; even if advised of the possibility of such losses, and whether arising directly or indirectly out of the Agreement or use of the Services or the performance, defective performance, non-performance or delayed performance by us of any of our obligations under or in connection with this Agreement.
    3. Any compensation provided as part of any incident response framework shall be your sole and exclusive compensation for our failure or inability to meet any agreed incidence response timelines.
       
  11. Confidentiality
    1. In addition to paragraph 20 (Confidentiality) of our General Terms & Conditions, you shall not disclose to any person any information relating to the Service including but not limited to the Service ID(s) and password(s), software or equipment which are/is acquired from or provided by us or our third party supplier. This restriction will not apply to any information which is or becomes publicly available otherwise than through a breach of your obligation.
       
  12. Termination and Suspension of the Service
    1. Save for any other provisions herein, the Service under this Agreement or this Agreement may be terminated by either party giving at least one (1) month's written notice to the other party during the service duration.
    2. If you give us notice that ends during the applicable Minimum Period of Service pursuant to paragraph 12.1 above :-
      1. you must immediately pay us the early termination charges and, where applicable, prorated usage charges for the Service. Early termination charges is applied at one hundred percent (100%) of the recurring subscription fee(s) for the remainder of the Minimum Period of Service; and
      2. paragraph 12.7 below shall apply.
    3. If the Service or this Agreement are/is terminated pursuant to paragraph 12.4 or 12.5 below, you will compensate us for any damages or losses we may suffer because of the termination. Without prejudice to the foregoing, if such termination occurs during the applicable Minimum Period of Service, you are liable to pay us the sums referred to in paragraph 12.2 above.
    4. In the event of any of the following :-
      1. you breach any of the terms and conditions of this Agreement or any other agreement you have with us;
      2. you become or threaten to become bankrupt or insolvent, or die;
      3. you make any arrangement or composition with or assignment for the benefit of your creditors or go into either voluntary or compulsory liquidation or a receiver, trustee, judicial manager or administrator is appointed over any of your assets;
      4. the equivalent of any of the events referred to in paragraphs 12.4.2 and 12.4.3 above under the laws of any relevant jurisdiction occurs to you;
      5. you provide incorrect, false or incomplete information to us;
      6. the requirements of any relevant regulatory authority result in us having to stop providing the Service or to provide the Service in a manner which is unacceptable to us;
      7. if you are likely to create imminent harm (such as interruption, disruption, congestion, signal leakage and any Unauthorised Act) to our Network or any third party's networks or systems or our provision of the Service, or defraud us, or are likely to create imminent harm or are abusive to our personnel; or
      8. for any reason beyond our control (including loss of any licence, way-leave or easement, requirements of any governmental or regulatory authority or orders by the court and cessation or failure to deliver by a third party supplier) we are unable to provide the Service,

        we may suspend or terminate all or any part of the Service or terminate this Agreement with 7 working days' notice (for paragraphs 12.4.1 and 12.4.5 above) or with immediate effect (for paragraphs 12.4.2, 12.4.3, 12.4.4, 12.4.6, 12.4.7 and 13.4.8 above) without compensation and without prejudice to our rights to damages for any antecedent breach by you of this Agreement. You may immediately contact our business helpdesk or our account manager to tell us why such suspension or termination should not occur. We will consider each case and where we deem appropriate, will not proceed with the suspension or termination of such account or take any other appropriate action where necessary.
    5. In the event that we suspect that you are using or allowing the Service to be used for fraud, misconduct or any other illegal or improper purpose, we will refer this to the relevant authorities without notice to you and comply with directions or guidelines issued by them without further reference to you.
    6. If and when you make good any breach or default, we may restore any suspended Service after you have paid for any reinstallation, restoration or re-connection charges and reimbursed us for our reasonable costs in suspending the Service.
    7. If the Service are terminated, all sums due, accruing due or payable to us in respect of the Service, up to the date of termination (including late payment Charges) will, upon the termination, become immediately due and payable to us.
    8. We reserve the right to charge you our prevailing reactivation Charges for reactivating any suspended Service. Reactivation of any Service is subject to our absolute discretion.
    9. The termination of this Agreement will not affect any accrued rights or remedies of either party against the other party.
       
  13. Personal Data Protection Compliance
    1. We may when providing the Service(s) have access to and/or process Personal Data under your possession, control or custody. You represent and warrant that you have obtained the relevant consents from the Individuals to which the Personal Data relates, and that you further acknowledge that we are a Data Intermediary in relation to such Personal Data.
    2. You shall fully indemnify and hold us harmless from a breach of this clause.
    3. The terms “Personal Data”, Individuals” and “Data Intermediary” shall bear the same meanings as defined under the Personal Data Protection Act.
       
  14. Additional Service Terms and Conditions
    1. Some of the Services will require your agreement to further service terms and conditions, which will also be set out in your application form.
       
  15. Additional Service Terms and Conditions for Penetration Testing and/or Vulnerability Assessment Services.
    1. We will perform a Security Penetration Test on one or more computer systems owned and/or operated by you (the “Tests”).
    2. The details of your host IP addresses, ranges, URL or any other resource (referred as the “Scope”) are given in Annex 1of these Terms and Conditions.
    3. You authorizes us to perform the Tests on the dates as given in Annex 2 (the “Dates”)
    4. At any time during the tests, you can request us to stop the Tests.
    5. We shall use commercially best efforts to perform the Tests in accordance with the commercially accepted best practices and not to change or amend any applications, data, programs or components of the your network or computer system (including hardware and software) (“Systems”).
    6. Notwithstanding the aforesaid, the Service(s) are provided on an ‘as is’and ‘as available’ basis, and we does not offer any implied or express warranties that the results of the tests will mean that the Customer’s network is secure from every form of cyber attacks or that there will be no changes, amendments or damage to the Systems.
    7. You hereby represent and warrant that you have the legal right to subject the Systems to the aforementioned Tests and that you have obtained such consent or right from the legal owner of the System if you are not the owner of such System.
    8. You agree not to hold us liable for any indirect, punitive, special, incidental, or consequential damage (including but not limited to loss of business, revenue, profits, use, data or other economic advantage) in relation to the Services however it arises, whether for breach or in tort, even if we have been previously advised of the possibility of such damage.
    9. You have the sole responsibility for ensuring adequate protection and the backup of data and/or equipment used in connection with the Tests and will not make a claim against StarHub for lost data, re-run time, inaccurate output, work delays or lost profits resulting from the Tests.
    10. We shall not divulge any information that has been disclosed between parties in relation to the Tests and/or the Test results. Confidential Information will be destroyed after the tests, except insofar that such information is not necessary for the preparation of the Reports.
    11. You may respond in your usual manner when you detect the carrying out of the tests on your firewall logs, alert systems, etc. as you would do in case of a real security penetration; in order not to distort the results of the Tests. However, you shall not notify legal or public authorities of this penetration nor hold us liable for the same.ustomer Service Warranty.