Operating Terms and Conditions for Incident Response Services

The terms and conditions below outline how the provision of Incident Response Services are to occur. These Operating Terms and Conditions are hereby incorporated into any applicable Work Order and, along with that Work Order and the Master Terms and Conditions, form the full agreement for those Services between the Customer and MCPc.
  1. Pricing
    1. In order to engage MCPc to provide Incident Response (“IR”) Services under this Agreement (“Incident Response Agreement”), Customer shall pay MCPc a declaration fee (“Declaration Fee”) which will provide the Customer with prompt access to MCPc resources for the engagement.  This Declaration Fee is separate from any other services to be provided during the IR engagement.  If the Customer is currently engaged with MCPc for services related to Incident Response security (“IR Security Program”) the Declaration Fee may be waived.
    2. MCPc's Incident Response Services are performed on a time and materials basis at MCPc’s standard IR hourly rates. If Customer is currently enrolled in an IR Security Program, MCPc will perform on a time and material basis at the hourly rate established in the IR Security Program.
    3. Upon notification of an incident which threatens the confidentiality, integrity, or availability of Customer's systems or data, MCPc will engage resources until Customer accepts services as complete. Payment in full is required regardless of whether Customer receives payment from its insurance provider.
    4. Should the services require hardware or other specialized products, Customer may be provided a quotation for the equipment and any additional services.
    5. All amounts due and paid in advance are applicable solely to that contract as described in the applicable Order Document; such amounts may not be used or applied towards any other obligations Customer may have towards MCPc, whether as an offset, recoupment, indemnification or any other defense to payment except for claims arising out of that Order Document because of defects in the specific goods or services described in such Order Document.
  2. Invoicing
    1. Payment of the Declaration Fee is due and payable in full within two (2) business days of Customer signing this Agreement. Customer will be invoiced weekly for the Incident Response Services. Payment of the Incident Response Services is due based upon agreed upon payment terms between Customer and MCPc.
    2. If a customer is currently enrolled in an IR Security Program, invoicing for any work performed under a declared cyber incident will be invoiced separately from the IR Security Program invoice.
  3. Customer Responsibilities.
    1. In the event of an IR event for which MCPc has been engaged, the Customer will:
      1. Provide MCPc with specific and detailed information concerning their computer systems and networks as may be more fully set forth in the Order Document;
      2. Make available to MCPc personnel physically located on their premises, access to and time on their computer systems and network sufficient for MCPc to provide the Services;
      3. Provide one representative who shall have substantial computer systems, network, and project management experience to act as a liaison between Customer and MCPc; and
      4. Provide all information, access, and good faith cooperation reasonably necessary to facilitate the Services. 
    2. If Customer fails or delays in its performance of any of the foregoing, MCPc shall be relieved of its obligations hereunder to the extent such obligations are dependent on such performance.
  4. Ownership of Work Product.
    1. Notwithstanding anything in the Master Terms and Conditions or any other agreement that may exist in writing or orally between the Customer and MCPc, the Incident Response Services do not constitute works for hire.  The Parties agree that MCPc exclusively owns any and all object code, source code, flow charts, documentation, information, reports, test results, findings, ideas and any and all works and other materials developed by MCPc hereunder excluding any Customer Confidential Information (collectively, the “Work Product”) and that title thereto shall remain with MCPc.  All applicable patents, copyrights, trademarks, trade secrets and other rights and interests in the Work Product are and shall remain entirely in MCPc.  Upon payment in full of the amounts due hereunder, Customer shall have a perpetual, non-transferable, non-exclusive license to use any reports and findings prepared as deliverables of the Services for its internal business purposes.  Nothing herein shall transfer ownership of any Customer intellectual property rights to MCPc.  In the course of providing the Services, MCPc may obtain data about a threat actor which shall not be considered the property or Confidential Information of Customer, and which MCPc may retain to compare against other known threats and to enhance its intelligence and services; provided that MCPc anonymizes all related data prior to its retention by MCPc such that Customer is not identifiable by any means.
  5. Travel and Expense
    1. This section shall apply regardless of any previously negotiated terms and conditions between MCPc and Customer, whether oral or written.
    2. Customer agrees to reimburse MCPc’s reasonable and actual expenses incurred related to providing Services under this Agreement, unless otherwise set forth in an Order Document.  These expenses may include, but are not limited to, any expenses for travel to and from a customer’s location, for lodging to support a customer’s location, and for any food or meals.
  6. Service Level Objectives
    1. An incident manager will respond to a Customer request for emergency assistance within four (4) hours.
    2. If client requests on-site assistance in the continental U.S., MCPc will make a concerted effort to arrive on-site within twenty-four (24) hours. Response time outside the continental U.S. is subject to travel carrier and visa availability. MCPc will make commercially reasonable efforts to respond to client’s travel requests.
  7. Term and Termination.
    1. Either party may cancel this Order Document for a breach of contract, provided that the cancelling party notifies the breaching party within ten (10) days of the breach of contract. The breaching party then has thirty (30) days to cure such breach of contract.
  8. The Customer may cancel this agreement for convenience; in the event of such cancellation, the balance of fees due for services performed and not already paid, will immediately become