Virima Subscription and Professional Services Agreement

Virima Inc., a corporation organized under the laws of the State of Georgia, with offices at 6055 Southard Trace, Cumming, GA 30040 (“Virima”) owns, develops and markets the Virima™ IT Discovery, IT Asset Management (ITAM) and IT Service Management (ITSM) suite (the “Software”) which it makes available to subscribers via the Internet on a monthly and yearly basis (the “Subscription Services”).  Customer wishes to use the Software on a subscription basis and Customer has agreed to receive and pay for, the Subscription Services pursuant to the terms and conditions of this Agreement.

This Agreement sets forth the terms and conditions under which the parties agree that Customer may, pursuant to one or more separately executed Order Forms or Statements of Work (i) obtain a subscription to use Virima’s Software and related Documentation listed on the applicable Order Form; and (ii) purchase Professional Services listed on the applicable Statement of Work.  This Agreement includes the below Terms and Conditions and all Schedules and attachments that reference this Agreement.

By accessing the Subscription Services, the Customer agrees to be bound by the terms and conditions of this Agreement.  

NOW, THEREFORE, the parties hereto agree as follows:

  1. Definitions.  The definitions and rules of interpretation in this Section apply to this Agreement. 

1.1. “Authorized Users means those employees and agents of Customer who are authorized by Customer to access the Software and Documentation.

1.2. “Customer” means the party entering into this Agreement with Virima.

1.3. “Customer Data” means the data inputted by the Customer, its Authorized Users, or Virima on the Customer’s behalf for the purpose of using the Software or facilitating the Customer’s use of the Software.

1.4. “Designated Location” means the location(s) where Virima will permit Customer to install the Software as set forth in an Order Form.

1.5. “Documentation” means user documentation or material provided by Virima, whether written electronic format, or whether made available to Customer by Virima online via the Website which sets out a description of the Software and user instructions for the Software, as periodically updated.

1.6. “Order Form” means a document provided by Virima and signed by Customer that describes Virima’s service offering.

1.7. “Professional Services” means the training, consulting, development and other professional services provided by Virima as identified on a Statement of Work, but does not include the Subscription Services.

1.8. “Confidential Information” means all information relating to the business or affairs of a disclosing party, including but not limited to, technical or non-technical data, software (whether in object or source code form), formulae, tools, patterns, plans, compilations, programs, devices, methods, techniques, drawings, processes, financial data, lists of actual or potential customers or suppliers, marketing plans and business strategies, and also means and includes the terms and conditions of this Agreement (but not its existence). Confidential Information of Virima (as a disclosing party) also includes and means the Software. Further, Confidential Information includes information that a reasonable person would determine to be proprietary or confidential when taking into consideration its nature and the circumstances under which it is disclosed. Confidential Information will not include (i) information that becomes generally available to the public other than as a result of unauthorized disclosure by the recipient or persons to whom the recipient has made such information available, (ii) information available to the recipient on a non-confidential basis prior to receipt from the disclosing party, or received from a third party lawfully entitled to disclose the information and who does not have any confidence or secrecy obligations to the disclosing party, (iii) information that is disclosed to the public pursuant to a requirement of a court or government agency or in connection with judicial proceedings between the parties, provided, however, that prior to any disclosure pursuant to this clause (iii), the recipient will give the disclosing party advance notice of any proposed disclosure and a reasonable opportunity to obtain a protective order or to otherwise seek protection of the information.

1.9. “Software” means the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Services; including, but not limited to, the online software applications (along with those software applications distributed or provided to Customer for use on Customer premises or devices) provided by Virima as part of the Subscription Services whose functionality is described in the Order Form.

1.10. “Statement of Work” means a document provided by Virima and signed by Customer that describes the Professional Services to be provided by Virima to Customer.

1.11. “Subscription Fees” means the subscription fees payable by Customer to Virima for the Subscriptions Services, as set out in the applicable Order Form.

1.12. “Subscription Services” means the hosted customer experience software solutions identified in an Order Form but does not include the Professional Services.

1.13. “Support Service Policy” means Virima’s standard policy for providing support in relation to the Subscription Services as set forth the SaaS Policy document (“Exhibit A”). 

1.14. “Term” means the period of time during which Virima is required to provide Customer with the Subscription Services as set out in the applicable Order Form or Professional Services as set out in the applicable Statement of Work. 

1.15. “Website” means www.Virima.com or such other web address notified by Virima to Customer from time to time.

1.16. “Work Product” means object code, source code, flow charts, documentation, information, reports, test results, findings, ideas and any works and other materials developed by Virima in providing the Professional Services to Customer.

    2. Order Submission, Credit Approval and Payment.

2.1. Order Submission.  Customer may from time to time submit to Virima an Order Form or Statement of Work, acceptance of which by Virima shall confirm the availability of the Subscription Services or Professional Services requested.

2.2. Credit Approval and Deposits.  Customer agrees to provide Virima with credit information as requested, and delivery of Subscription Services or Professional Services is subject to credit approval. Customer’s execution of this Agreement authorizes Virima’s continuing credit review and approval. Virima shall have the right to require Customer to make one or more deposits as a condition of Virima’s continuation of Subscription Services or Professional Services; said deposit or deposits will be held by Virima as security for payment of Customer’s charges.  No interest shall be earned on deposits. At such time as the provision of Subscription Services or Professional Services to Customer is terminated, the amount of the deposit will be credited to Customer’s account and any credit balance will be refunded. Virima reserves the right to immediately terminate this Agreement in the event Customer’s credit is not approved to secure payments hereunder.  

    3. Billing and Payment.

3.1. Billing. Recurring Subscription Fees or other service charges are billed annually in advance. Billing will commence when Virima has prepared Subscription Services for Customer’s use whether or not Customer is ready to use the Subscription Services but in no event prior to the agreed to commencement date set forth in the applicable Order Form. Further, if set up requires Customer’s acts and/or omissions or information from Customer, in the event Customer fails to timely provide same, billing will likewise commence.

3.2. Payment. Payment of undisputed amounts is due in accordance with the invoice, without other set off or deduction, within thirty (30) days of the invoice date. If payment of undisputed amounts is not received within thirty (30) days of the invoice date, the unpaid balance of the undisputed amounts of any invoice shall bear interest at the lesser of one and one-half (1.5%) percent per month (prorated on a daily basis) or the highest rate allowed by law and Customer agrees to pay all collection costs including, but not limited to, reasonable attorneys’ fees, court costs and/or collection agency fees.

3.3. Suspension of Subscription Services. If the undisputed portion of Virima’s invoice is not paid within thirty (30) days of the date of the invoice, after providing five (5) business days written notice, Virima may immediately suspend the Subscription Services until all undisputed amounts owed have been paid. To re-enable Subscription Services, Virima may require a reconnection fee and other charges as Virima may reasonably require.

3.4. Disputed Invoices. Customer may dispute an invoice or any portion thereof only by (i) submitting a written, detailed claim to Virima (c/o Accounting Dept.) describing such dispute within thirty (30) days of the invoice date and (ii) making full and timely payment of all undisputed amounts. In the event that Customer has not disputed an invoice, or any portion thereof, within thirty (30) days of its date, Customer shall forfeit and waive any and all right to challenge the content of same.

3.5. Taxes and Fees. Prices for Subscription Fees or Professional Fees on an Order Form or Statement of Work are exclusive of applicable sales or use taxes, which, if applicable, shall be paid by Customer but shall not include any tax on Virima’s income.

    4. Access to Subscription Services. In consideration of Customer’s payment of the applicable Subscription Fees as set forth in the applicable Order Form, and Customer’s agreement to be bound by the terms and conditions of this Agreement, Virima grants Customer a non-exclusive, non-sublicensable, terminable, non-transferable, and limited right to access the Subscription Services and the Documentation during the Term solely for the Customer’s internal business operations. With respect to any Software that is distributed or provided to Customer for use on Customer premises or devices, Company hereby grants Customer a non-exclusive, non-transferable, terminable, non-sublicensable license to use such Software during the Term only in connection with the Services.

4.1. The Software (other than that portion that is distributed or provided to Customer for use on Customer premises or devices) is located on equipment and servers that are owned and controlled by Virima. Customer will provide a suitable platform on which Virima will install an on-site application which it will own and control and which will serve as the Designated Location. Customer shall have no right to receive a copy of the object code or source code to the underlying Software.

4.2. Customer must have a high-speed Internet connection, and hardware and software that is compatible with the Subscription Services, as set out in the Documentation. Virima has no responsibility to supply Customer with the connection, hardware or software required by the Documentation.

4.3. Virima solely owns the intellectual property in the Subscription Services, Software (except for third party components) and the Documentation.

    5. Conditions of Use. The Subscription Services provided to Customer are non-exclusive, non-sublicensable, non-transferable, and, and are for Customer’s internal business use only. Customer shall use all reasonable endeavors to prevent any unauthorized access to, or use of, the Subscription Services, Software and/or the Documentation and, in the event of any such unauthorized access or use, promptly notify Virima. The rights provided under this Agreement are granted to the Customer only, and shall not be considered granted to any affiliate of the Customer. Customer’s right to use the Subscription Services is conditional upon Customer’s compliance with the following prohibitions. Customer will not:

5.1. Use the Subscription Services in a manner that exceeds the limitations set forth in this Agreement or other limitations as set forth in the applicable Order Form;

5.2. Transfer this Agreement or any rights granted to Customer hereunder to use the Subscription Services to any other person or entity;

5.3. Sell, re-license, rent, lease, distribute, display, disclose, commercially exploit, make available or otherwise permit any person or entity, whether or not related to Customer, to use the Subscription Services, except for Authorized Users;

5.4. Use the Subscription Services in the operation of a service bureau or in any manner that involves the processing of third party data;

5.5. Make the Subscription Services available to anyone who is not an Authorized User;

5.6. Attempt to copy, modify, duplicate, or create any derivative works, from, frame, mirror, republish, download, display, transmit or distribute all or any portion of the Subscription Services, Software and/or Documentation (as applicable) in any form or media or by any means;

5.7. Attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human perceivable form all or any part of the Subscription Services, Software and/or Documentation to provide services to third parties;

5.8. Copy any feature, design or graphic in, or reverse engineer the Software;

5.9. Access the Subscription Services and Documentation (i) in order to build a solution or product which competes with the Subscription Services and/or Documentation or to assist any other Person to build a solution or product which competes with the Subscription Services and/or Documentation; or (ii) if Customer is an employee of a Virima competitor;

5.10. Use the Subscription Services in a way that violates any criminal or civil law;

5.11. Load test the Subscription Services in order to test scalability; or

5.12. Access, store, distribute or transmit any viruses, or any material during the course of its use of the Subscription Services that:

5.12.1. Is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; facilitates illegal activity; depicts sexually explicit images; promotes unlawful violence; is discriminatory based on race, gender, color, religious belief, sexual orientation, disability, or any other illegal activity; or causes damage or injury to any person or property;

Virima reserves the right, without liability to the Customer, to disable the Customer’s access to any material that breaches the provisions of this Section and/or suspend the Subscription Services.

    6. Customer Data. Customer must provide all data for use in the Subscription Services, and Virima is not obligated to modify or add to the Customer Data in any way. Customer is solely responsible for the content and accuracy of the Customer Data.

6.1. Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.

6.2. Virima agrees to keep Customer Data confidential in accordance with Section 12 of this Agreement.

6.3. Virima agrees to use the Customer Data only as necessary in order to carry out its obligations under this Agreement, and for no other purpose, with the exception that Virima may make use of the Customer Data as follows:

6.3.1. To observe and report back to Customer on Customer’s usage of the Subscription Services, and make recommendations for improved usage of the Subscription Services;

6.3.2. To identify trends and publish reports on its findings provided that the reports include data aggregated from more than one customer site and do not identify Customer; and,

6.3.3. To comply with any legislation in relation to any “personal data” received by or originating from Customer.

6.3.4. To take reasonable technical and organizational measures to keep personal data secure and to protect it against accidental loss or unlawful destruction, alteration, disclosure or access; and, must deal with the information only in accordance with Customer’s instructions, provided they are reasonable and lawful.

6.4. In providing the Subscription Services, Virima shall follow its archiving procedures for Customer Data as set out in the “Data Back-up” section of the Virima SaaS Policy document (“Exhibit A”). In the event of any destruction or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for Virima to use reasonable commercial efforts to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by Virima in accordance with the archiving procedure described in its Back-Up Policy. Virima shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party resulting from negligence or action by Customer.

6.5. In providing the Subscription Services, Virima shall follow its privacy policies as set out in the “Personally Identifiable Information” section of the Virima SaaS Policy document (“Exhibit A”) relating to the privacy of Customer Personally Identifiable Information (“PII”).

6.6. In the event that Virima processes any personal data on the Customer’s behalf when performing its obligations under this Agreement, the parties agree that it is their intention that the Customer shall be the data controller and Virima shall be a data processor and in any such case:

6.6.1. The Customer acknowledges and agrees that the personal data may be transferred or stored outside the country where the Customer is located in order to carry out the Subscription Services and Virima’s other obligations under this Agreement;

6.6.2. The Customer shall ensure that the Customer is entitled to transfer the relevant personal data to Virima so that Virima may lawfully use, process and transfer the personal data in accordance with this Agreement on the Customer’s behalf;

6.6.3. The Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;

6.6.4. Virima shall process the personal data only in accordance with the terms of this Agreement and any lawful instructions reasonably given by the Customer from time to time; and

6.6.5. Each party shall take appropriate technical and organizational measures against unauthorized or unlawful processing of the personal data or its accidental loss, destruction or damage.

    7. Professional Services Warranties. Virima warrants that (i) the Work Product will substantially conform to the applicable Statement of Work; and (ii) the Professional Services will be performed with reasonable skill, care and diligence. The remedies set out in this Section 7 are Customer’s exclusive remedies for breach of either warranty.

7.1. If the Professional Services do not conform to the Statement of Work or are not performed with reasonable skill, care and diligence, Virima shall re-perform the Professional Services to the extent necessary to correct the defective performance.

7.2. Customer must provide Virima with all information, access, and full good faith cooperation reasonably necessary to enable Virima to deliver the Professional Services and must do anything that is identified in the Statement of Work as Customer’s responsibility. If Customer fails to do this, Virima will be relieved of its obligations to the extent that the obligations are dependent upon Customer’s performance.

7.3. Virima solely owns the intellectual property in the Work Product. Upon payment in full of any amounts due for Professional Services, Customer shall have a non-exclusive, non-transferable right to use the Work Product for Customer’s internal business purposes for so long as the performance of the Professional Services is ongoing.

    8. Subscription Services Warranties. Virima warrants that: (i) the Subscription Services will function substantially as described in the Documentation; and (ii) Virima owns or otherwise has the right to provide the Subscription Services to Customer under this Agreement. The remedies set out in this Section 8 are Customer’s exclusive remedies for breach of either warranty.

8.1. If the Subscription Services do not function substantially in accordance with the Documentation, Virima may, at its option, either (i) modify the Subscription Services to conform to the Documentation; or (ii) provide a workaround solution that will reasonably meet Customer’s requirements. If neither of these options is commercially feasible in Virima’s sole and exclusive discretion, Virima may terminate the relevant Order Form under this Agreement, in which case Virima shall refund to Customer all fees pre-paid to Virima under the relevant Order Form for unused Subscription Services.

8.2. If the normal operation, possession or use of the Subscription Services by Customer is found to infringe any third party intellectual property right or Virima believes that this is likely, Virima may at its option, either (i) obtain a license from such third party for the benefit of Customer; (ii) modify the Subscription Services so that they no longer infringe; or (iii) if neither of these options is commercially feasible, terminate the relevant Order Form under this Agreement, in which case Virima shall refund to Customer all fees pre-paid to Virima under the relevant Order Form for unused Subscription Services.

8.3. However, Virima has no warranty obligations and does not warrant:

8.3.1. In the event and to the extent that the Subscription Services have been modified or altered by Customer or any third party, unless the modification was approved in writing by Virima;

8.3.2. In the event and to the extent of any non-conformance which is caused by use of the Subscription Services contrary to Virima’s instructions;

8.3.3. problems in the Subscription Services caused by any third party software or hardware, by accidental damage, or by other matters beyond Virima’s reasonable control; and

8.3.4. that the Customer’s use of the Subscription Services will be uninterrupted or error-free;

8.3.5. that the Subscription Services, Documentation, or the information obtained by the Customer through the Subscription Services will meet the Customer’s requirements.

8.4. Virima is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and Customer acknowledges that the Subscription Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.

    9. Customer Obligations. Customer shall pay: (i) all charges applicable to the Subscription Services or Professional Services (including charges as a result of fraud or unauthorized use of the Subscription Services); (ii) additional fees or charges arising from supplemental services requested by Customer and/or Customer’s usage of facilities, bandwidth and or network capacity above and beyond Customer’s entitlement as set forth in the applicable Order Form; and (iii) other mutually agreed charges as may be required for provision of the Subscription Services.

9.1. Customer shall provide Virima with all necessary cooperation in relation to this Agreement and all necessary access to such information as may be required by Virima, including but not limited to the following:

9.1.1. Customer will: (i) be solely responsible for all Customer Data and any party’s reliance thereunder and (ii) allow Virima, for the sole purpose of its performance hereunder, to copy, display, distribute, download, and otherwise use Customer Data to transmit it over the Internet.

9.1.2. When Service(s) occur at Customer’s offices, Customer shall provide: (i) space, utilities, and HVAC necessary to maintain the proper environment for the Service(s), (ii) a safe, hazard free, working environment complying with applicable laws and regulations, and (iii) access and cooperation as may be required for provision of the Service(s).

9.2. In order to render the Subscription Services, Customer agrees to:

9.2.1. Comply with all applicable laws and regulations with respect to its activities under this Agreement;

9.2.2. Carry out all other Customer responsibilities set out in this agreement in a timely and efficient manner. In the event of any delays in the Customer’s provision of such assistance as agreed by the parties, Virima may adjust any agreed timetable or delivery schedule as reasonably necessary;

9.2.3. Obtain and shall maintain all necessary licenses, consents, and permissions necessary for Virima, its contractors and agents to perform their obligations under this agreement, including without limitation the Subscription Services;

9.2.4. Ensure that Customer’s network and systems comply with the relevant specifications provided by Virima from time to time;

9.2.5. Provide Virima personnel with reasonable access to Customer’s premises and equipment at Virima’s request for purposes of installing and monitoring any Software that is distributed or provided to Customer for use on Customer premises or devices; and

9.2.6. Be solely responsible for procuring and maintaining its network and Internet connections to allow proper communication to Virima’s servers.

9.3. Virima may, at its expense, but no more than once annually, and on ten (10) days prior written notice, inspect Customer’s use of the Subscription Services, Authorized Users and compliance with the terms of this Agreement. Any inspection will occur during normal business hours and will be carried out in a manner that does not unduly interfere with Customer’s business. If any audit reveals a deficiency in Customer’s compliance with the terms of this Agreement, Customer will immediately cure such noncompliance.

    10. Termination. Prior to the expiration of the Term of Service, either party may terminate this Agreement or rights granted under a particular Order Form if the other party commits a material breach of this Agreement or an Order Form and the breach is not cured within 30 days of receipt of written notice from the injured party. If Customer has purchased multiple Services, termination of an individual Service(s) will not terminate this Agreement.

10.1. Instead of terminating rights granted to a Customer under an Order Form, Virima may suspend Customer’s access to the Subscription Services for a period of up to 45 days in the event that Customer fails to comply with Sections 4, 6, 11, 14. At any time during that period, Virima may terminate the rights granted to Customer.

10.2. In the event that the Services fail to reasonably meet the specifications set forth in the Order Form, Customer may terminate this Agreement on the calendar year anniversary of the commencement of the Term, and Customer shall owe no further fees for the Services after such date; provided Customer provides Virima with 90 days’ prior written notice of same with a reasonable opportunity to cure same.

10.3. Virima may terminate this Agreement immediately, if (1) Customer fails to make all payments when due; (2) Customer declares bankruptcy or is adjudicated bankrupt; or (3) a receiver or trustee is appointed for Customer or substantially all of your assets. Upon expiration of the Term of Service for all Subscription Service purchased pursuant to this Agreement, either party may terminate this Agreement for convenience by providing at least thirty (30) days prior written notice to the other. Upon termination of this Agreement, all rights and obligations of the parties under this Agreement will automatically terminate except for rights of action accruing prior to termination, payment obligations, and any obligations that expressly or by implication are intended to survive termination.

    11. Proprietary Rights. Customer acknowledges and agrees that Virima own all intellectual property rights in the Subscription Services, Software and the Documentation. This Agreement does not grant Customer any rights to, or in, patents, copyrights, database rights, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licenses with respect to the Subscription Services, Software or the Documentation.

    12. Confidential Information. Each party may be given access to Confidential Information from the other party in order to perform its obligations under this Agreement.

12.1. Permitted Use. Each party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than for the implementation of this Agreement and purposes permitted by this Agreement. Each party acknowledges that it will not obtain any rights of any sort in or to the other party’s Confidential Information. Although either party may disclose the general nature of this Agreement, neither party may disclose the specific financial terms of this Agreement without the prior written consent of the other party.

12.2. Non-Disclosure. Each party will restrict disclosure of the other party’s Confidential Information to those of its employees to whom it is necessary to disclose such Confidential Information in connection with the purposes permitted in this Agreement. Each party agrees to use the same discretion and care to protect the other party’s Confidential Information that the party uses to protect its own Confidential Information, but will in all cases make at least reasonable efforts to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement. Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party.

12.3. Required Disclosure. Nothing herein will prevent a receiving party from disclosing all or part of the disclosing party’s Confidential Information as necessary pursuant to the operation of law, a court order, or a governmental order; provided that prior to any such disclosure, the receiving party will use reasonable efforts to: (i) promptly notify the disclosing party in writing of such requirement to disclose and (ii) cooperate fully with the disclosing party in obtaining a protective order or otherwise protecting the information from disclosure.

12.4. Return. Either disclosing party may at any time notify the receiving party that the receiving party must return to the disclosing party the disclosing party’s Confidential Information. Each party hereby agrees to, within thirty (30) days of the notification: (i) return all documents and tangible items it or its employees or agents have received or created pursuant to this Agreement pertaining, referring, or relating to the other party’s Confidential Information and (ii) return or certify in a writing attested to by a duly authorized officer of such party that it has destroyed all copies, summaries, modifications, or adaptations that such party or its employees or agents have made from the materials provided by the disclosing party.

12.5. Customer acknowledges that details of the Subscription Services, and the results of any performance tests of the Subscription Services, constitute Virima’s Confidential Information. Although copyrighted, the Software, Documentation and other Confidential and Proprietary Information of Virima may be unpublished and contain confidential and proprietary information of Virima. Customer agrees to treat as confidential and keep secret all information contained or embodied in the Software and Documentation and to use a reasonable degree of care to protect the confidentiality of the Software and Documentation.

12.6. Virima acknowledges that the Customer Data is the Confidential Information of the Customer.

12.7. This Section 12 shall survive termination of this agreement, however arising.

    13. LIMITATION OF LIABILITY. NEITHER PARTY SHALL BE LIABLE UNDER THIS AGREEMENT FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, LOST OR CORRUPTED DATA, LOST PROFITS, LOST BUSINESS OR LOST OPPORTUNITY), OR ANY OTHER SIMILAR DAMAGES UNDER ANY THEORY OF LIABILITY (WHETHER IN CONTRACT, TORT, STRICT LIABILITY OR ANY OTHER THEORY), EVEN IF THE OTHER PARTY HAS BEEN INFORMED OF THIS POSSIBILITY. CUSTOMER ASSUMES ALL RESPONSIBILITY FOR THE SELECTION OF THE SUBSCRIPTION SERVICES, SOFTWARE AND DOCUMENTATION NECESSARY TO ACHIEVE CUSTOMER’S INTENDED RESULTS, AND FOR THE USE AND RESULTS OF THE SUBSCRIPTION SERVICES OR WORK PRODUCT. EACH PARTY’S TOTAL LIABILITY FOR ANY DIRECT LOSS, COST, CLAIM OR DAMAGES OF ANY KIND RELATED TO THE RELEVANT ORDER FORM SHALL NOT EXCEED THE AMOUNT OF THE FEES PAID OR PAYABLE BY CUSTOMER TO VIRIMA UNDER SUCH RELEVANT ORDER FORM DURING THE 6 MONTHS BEFORE THE EVENT GIVING RISE TO SUCH LOSS, COST, CLAIM OR DAMAGES. THIS LIMITATION ON LIABILITY WAS AND IS AN EXPRESS PART OF THE BARGAIN BETWEEN VIRIMA AND CUSTOMER AND WAS A CONTROLLING FACTOR IN THE SETTING OF THE FEES PAYABLE TO VIRIMA. HOWEVER, THERE IS NO LIMITATION ON DIRECT LOSS, CLAIM OR DAMAGES ARISING AS A RESULT OF AN INFRINGEMENT OF VIRIMA’S INTELLECTUAL PROPERTY RIGHTS, OR A BREACH OF SECTION 12 OF THIS AGREEMENT.

    14. Indemnification by Virima. Virima will indemnify and hold harmless Customer, its directors and employees from any damages finally awarded against Customer (including, without limitation, reasonable costs and legal fees incurred by Customer) arising out of any third party suit, claim or other legal action alleging that the use of the Subscription Services, Documentation or Work Product by Customer infringes any copyright, trade secret or United States patent, (“Legal Action”). Virima must also assume the defense of the Legal Action.

14.1. However, Virima shall have no indemnification obligations for any Legal Action arising out of: (i) a combination of the Subscription Services, Software or Work Product with software or products not supplied, or approved in writing by Virima; (ii) any repair, adjustment, modification or alteration to the Subscription Services by Customer or any third party, unless approved in writing by Virima; or (iii) any refusal by Customer to install and use a non-infringing version of the Subscription Services, or Work Product offered by Virima under Section 8.2. Sections 8.2, 13 and this Section 14 state the entire liability of Virima with respect to any intellectual property infringement by the Subscription Services, Software or Work Product.

14.2. Customer must give written notice to Virima of any Legal Action no later than 30 days after first receiving notice of a Legal Action, and must give copies to Virima of all communications, notices and/or other actions relating to the Legal Action. Customer must give Virima the sole control of the defense of any Legal Action, must act in accordance with the reasonable instructions of Virima and must give Virima such assistance as Virima reasonably requests to defend or settle such claim. Virima must conduct its defense at all times in a manner that is not adverse to Customer’s interests. Customer may employ its own counsel to assist it with respect to any such claim. Customer must bear all costs of engaging its own counsel, unless engagement of counsel is necessary because of a conflict of interest with Virima or its counsel, or because Virima fails to assume control of the defense. Customer must not settle or compromise any Legal Action without Virima express written consent. Virima shall be relieved of its indemnification obligation under Section 14 if Customer materially fails to comply with Section 14.2.

    15. Indemnification by Customer. Customer must indemnify and hold harmless Virima, directors, and employees from any damages finally awarded against Virima (including, without limitation, reasonable costs and legal fees incurred by Customer) arising out of any third party suit, claim or other legal action (including but not limited to any governmental investigations, complaints and actions) in connection with the Customer Data, including, without limitation, any action for infringement of any trademark, copyright, trade secret, right of publicity or privacy (including defamation), patent or other proprietary right with respect to the Customer Data (“Legal Claim”).

15.1. Virima must give written notice to Customer of any Legal Claim no later than 30 days after first receiving notice of a Legal Claim, and must give copies to Customer of all communications, notices and/or other actions relating to the Legal Claim. Virima must give Customer the sole control of the defense of any Legal Claim, must act in accordance with the reasonable instructions of Customer and must give Customer such assistance as Customer reasonably requests to defend or settle such claim. Customer must conduct its defense at all times in a manner which is not adverse to Virima’s interests. Virima may employ its own counsel to assist it with respect to any such claim. Virima must bear all costs of engaging its own counsel, unless engagement of counsel is necessary because of a conflict of interest with Customer or its counsel, or because Customer fails to assume control of the defense. Virima must not settle or compromise any Legal Claim without Customer’s express written consent. Customer shall be relieved of its indemnification obligation under Section 15 if Virima materially fails to comply with Section 15.1.

    16. Miscellaneous.

16.1. Limitation on Actions. No claim arising under or relating to this Agreement, unless involving death or personal injury may be brought by either party against the other more than one (1) year after the cause of action arises.

16.2. Force Majeure. Each party is excused from performance of this Agreement and is not liable for any delay in whole or in part caused by the occurrence of any contingency beyond the reasonable control of the party. These contingencies include, without limitation, war, sabotage, insurrection, riot or other act of civil disobedience, act of public enemy, failure or delay in transportation, act of government or any agency or subdivision thereof affecting the terms of this Agreement or otherwise, judicial action, labor dispute, accident, fire, explosion, flood, severe weather or other act of God. Notwithstanding the foregoing, Customer will not be relieved of its payment obligations to Virima in the event of a force majeure occurrence.

16.3. Export and Import Regulations. The Subscription Services, Software and Documentation may be subject to export, re-export, or import laws, restrictions, and regulations. Customer agrees to comply strictly with all such laws and regulations and acknowledges that it has the responsibility to obtain any licenses to export, re-export, or import the Subscription Services, Software and Documentation. If any Subscription Services, Software and Documentation are acquired by or on behalf of any agency of the U.S. Government, the U.S. Government agrees that such Products are “commercial computer software” or “commercial computer software documentation” and, absent a written agreement to the contrary, the U.S. Government’s rights with respect to such Products are limited by the terms of this Agreement pursuant to FAR § 12.212(a) and/or DFARS § 227.7202-1(a), as applicable.

16.4. Equitable Relief. Each of the parties hereto acknowledges and agrees that irreparable loss and damage will be suffered by the other party if a party beaches or violates any of the covenants and agreements contained in Sections 6, 11 and 12 hereof, and the parties agree and consent that, in addition to any other remedies available to them, each party hereto is entitled to an injunction and other equitable relief to prevent a breach or contemplated breach by the other party hereto of any of the covenants or agreements contained in Sections 5, 11, or 12.

16.5. Entire Agreement. This Agreement, including Order Forms and Statements of Work submitted pursuant to this Agreement, constitutes the entire agreement between the parties hereto with respect to the subject matter of this Agreement, and it supersedes all prior or contemporaneous oral or written agreements, commitments or understandings with respect to the matters that are the subject of this Agreement.

16.6. Amendment. No amendment, modification or discharge of this Agreement, or waiver of rights conferred by this Agreement, is valid or binding unless set forth in a writing signed by both parties.

16.7. Assignment. This Agreement cannot be assigned by Customer without the prior written consent of the Virima.

16.8. Governing Law; Forum Selection. This Agreement and any claims arising out of or relating to this Agreement will be governed by, interpreted, and construed in accordance with the laws (without regard to the conflict of laws rules) of the State of Delaware, U.S.A. The parties agree that this Agreement does not involve the sale of goods and that the Uniform Commercial Code as enacted in any jurisdiction, or any similar statutes concerning the sale of goods, does not apply to this Agreement. The parties further agree that any legal action or proceeding relating to this Agreement will be instituted in the state located in Fulton County, Georgia or federal courts located in the Northern District of Georgia. Alternatively, at Virima’s discretion and with respect to any action brought by Virima, Virima may initiate an action in a competent court located in the state of Customer’s principal office.

16.9. Notices. All notices, demands, requests, or other communications that may be or are required to be given, served, or sent by any party to any other party pursuant to this Agreement will be in writing and will be (i) mailed by first-class certified mail, postage pre-paid, return receipt requested, (ii) transmitted by hand delivery (including hand delivery through an internationally-recognized overnight delivery service), or (iii) transmitted by telegram or facsimile if simultaneously sent by the method specified in (i), in each case to the address of the respective party to this Agreement.

16.10. Severability. If any part of any provision of this Agreement or any other agreement, document or writing given pursuant to or in connection with this Agreement is invalid or unenforceable under applicable law, the invalid provision will be ineffective to the extent of such invalidity or unenforceability only, without in any way affecting the remaining parts of the provision or the remaining provisions of this Agreement.

16.11. Waiver. Failure by either party to enforce at any time or for any period of time any provisions of this Agreement will not be construed as a waiver of those provisions, and shall in no way affect a party’s right to later enforce those provisions or to enforce any other provision of this Agreement or to exercise any right or privilege under this Agreement.

16.12. Independent Contractors. The relationship between Virima and Customer under this Agreement is that of independent contractors only. Nothing in this Agreement will be construed to establish a partnership, joint venture, employer-employee, or agency relationship between Virima and Customer. Neither party has any power or authority to bind the other party in any transaction.

16.13. Publicity. The parties may publicize (i) the existence of the relationship evidenced by this Agreement and (ii) future market developments of significance (including Customer applications of Virima’s products and services). Virima may list Customer as a customer and use Customer’s logo on Virima’s website, on publicly available customer lists, and in media releases. Specific press releases, customer success stories, and quotes attributed to or referencing the parties must be approved by both parties and such approval will not be unreasonably delayed or withheld.

16.14. Precedence. To the extent there is a conflict between the terms in the main text of this Agreement and any terms in an Order Form or Statement of Work and any other referenced documents, the following precedence will apply: (1) this Agreement; (2) Order Form; (3) Statement of Work.

Exhibit A

Virima SAAS Policies

Disclaimer

Information in this document is subject to change without prior notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express permission of Virima Inc (“Virima”).

Virima may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document.  The furnishing of this document does not give external parties any license to these patents, trademarks, copyrights, or other intellectual property rights except as expressly provided in any written license agreement from Virima.

All other brand and product names are trademarks or registered trademarks of their respective holders.

I. About This Document

This document is intended to provide subscribers of the Virima software as a service (“Virima SaaS” also “subscription services”) with policies regarding:

  • Technical Support
  • System Maintenance & Updates
  • System Availability
  • Business Continuity & Disaster Recovery
  • Security & Data Protection

II. Technical Support

Every Virima SaaS subscription includes standard technical support which is available to named system administrators via email and phone during normal business hours (Monday through Friday 8 AM to 5 PM eastern) with a two-hour response assurance. Support channels are monitored all other times for priority requests for which best efforts will be made to respond in a timely fashion. Arrangements to receive support outside of the normal business hours can be made with prior notice.

Email ID[email protected]
Phone: 404.969.4180 ext. 2

In addition to the included standard technical support, Virima also offers a premium support plan for 24×7 response assurance. The optional premium support subscription plan provides customers access to technical support outside of normal business hours per Table 1 below.

Table 1:  After Hours Premium Support Plan

Issue ClassificationDefinitionResponse Time
P1System down or service significantly impacted2 hours
P2Service is impaired but overall system remains operational6 hours
P3Request for information or minor bug reporting24 hours

III. System Maintenance & Updates

This section describes the included Virima release and upgrade cycles to the subscription services, customer notices, timing, as well as other pertinent information so customers understand and appreciate the nature and pace of these efforts.

Product Releases

New features and functionality are enabled by updates and upgrades applied by Virima in accordance with this policy providing our customers the maximum value of the subscription services while minimizing down time. One impact of new releases and upgrades in a SaaS environment is that older versions are not supported and will no longer be available. To ensure customers obtain the maximum value of the offering, customers should ensure they notify Virima of any custom configurations they have implemented for usability and effectiveness prior to any major releases. There are three release types as listed in Table 2.

Table 2:  Release Types

Release TypeScopeFrequencyNotification
MajorNew major functionality, architectural changes, Schema updatesQuarterly 3:00 AM (eastern) on third Saturday of March, June, September, and December.One month before
MinorSmaller feature upgrades, Operating System updates, Metadata updatesTypically once a month. Exact release time may vary.One week before
Hot-fixBug fixes and any other patches needed for stabilityAs requiredTarget of 48 hours before

Release Plan

A “major” version of the subscription services is released every quarter. These upgrades are designed to provide significant new features and functionality as well as address software bugs.

Along with regular quarterly releases, there may also be “minor” releases between quarterly major releases to push bug fixes and other important updates. In most cases the deployment is done in during the time when customer activity is low, to avoid any disruption to the customers. Virima’s approach to release cycles and management for the subscription services is designed to provide stability, quality and predictability coupled with the flexibility to quickly resolve problems and deliver new features or service enhancements to the application.

Customer Notification

In the event any Release will materially change either the administrator or user experience, Virima will use reasonable efforts to provide its current Customers a non-production site to observe and/or test the new release prior to such release moving into production. Virima generally provides such a non-production site for a period of thirty (30) days for Customers to ascertain what, if any, impact there may be on its user groups. Additionally, if the nature of the changes requires the Customer to work with Virima on any customization for any of the newly introduced elements, a reasonable period of time to complete such work will be agreed upon between Virima and Customer and access to the non-production site will accordingly be extended during any such period. Virima provides its Customers with advance notice of the upcoming Major and Minor Releases with a reference to the applicable release notes as well as the location of the non-production site noted above.

In the event of a Hot Fix Release, Virima will attempt to provide its Customers at least 48 hours advance notice and will administer such releases in a manner designed to reduce disruption to end users.

IV. System Availability

Virima SaaS is hosted in Amazon Web Services and follows closely the AWS SLA standards. Best efforts are made to ensure the service available with a monthly uptime percentage of 99.99%.

  • Robust architecture (compute & platform)
  • Redundancy (load balancing/multi-path/failover)
  • Strong code dev processes
  • Responsiveness and scalability

V. Data Back-up & Disaster Recovery

Data Back-up Process

The SaaS application’s back-end database is configured in a Master/Slave setup, therefore there is always a backup copy of the active database at any time. Along with that, Virima has a policy of backing up physical data per the schedule listed in Table 2. The process of the data backup is as follows:

  • Back-up of existing customer back-end database is performed regularly using standard back-up procedures.
  • The backed-up database is compressed and stored according to the customer filter in Amazon Simple Storage Service (“S3”) bucket with full redundancy enabled.


Table 3:  Back-up Schedule

Backup TypeFrequency
DailyEvery day on an hourly basis considering 8 business hours
WeeklyEvery Saturday (midnight eastern time)
MonthlyThe last day of the month


Restore From Back-up

In the case of data loss or corruption, Virima will restore from the latest back-up containing valid data. Customers may request Virima to perform a restore from back-up in the event of data loss or corruption resulting from user error however customers are reminded to follow proper data entry procedures to ensure the integrity of all their data.

Backup Archive

Virima also archives the back-up data for long-term storage. The archival schedule is provided in Table 3.


Table 4: Archival Details

Backup TypeArchive Method
DailyCurrent week backup is recovered/stored
WeeklyPrevious 3 weeks backup is recovered/stored
MonthlyPrevious month backup is recovered/stored

Disaster Recovery

As Virima SaaS is hosted in Amazon Web Services, recovering in case of a disaster is a clear-cut process. All the backed-up data is stored in AWS Simple Storage Service (“S3”) buckets. Amazon S3 provides a highly durable storage infrastructure designed for mission critical and primary data storage. Objects are redundantly stored on multiple devices across multiple facilities within a region, designed to provide a durability of 99.999999999% (11 “9s”). So, it is highly unlikely that data loss will happen in case of disaster. Virima also uses high availability architected to span multiple availability zones to guarantee all the nodes do not fail at the same time. Virima follows a Recovery Time Objective (RTO) of 1 hour after AWS recovery and Recovery Point Objective (RPO) of 1 hour in case of complete site failure.

VI. Security & Data Protection

Physical safeguards (AWS facilities & certs)

Virima SaaS is built on top of a robust application platform hosted on Amazon Web Services (AWS) cloud. AWS delivers a scalable cloud computing platform with high availability and dependability. AWS physical and operational security processes are well defined and designed to meet any compliance requirements. Along with AWS security, Virima has its own application security measures to protect data in transit and data at rest.

AWS Shared Security Model

  • Any application hosted in AWS falls under Amazon’s shared security model broken into four parts:
  • Physical Security
  • Network Security
  • Platform Security
  • People & Procedures


Under the shared security model, AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate.

Updates & Patching

Virima assumes responsibility for, and management of, the operating system hosting the Virima SaaS running within the AWS compute environment. This includes regularly patching the underlying Linux operating system so that it remains current to within 30 days of release. Virima also maintains the underlying and associated application software that the Virima SaaS platform is built on. Since updating the underlying applications requires substantially more effort than OS patching, Virima targets quarterly updates and in some instances, given the nature of the update, may chose not to apply the latest available patch, particularly if it does not address significant security flaws or provide any meaningful improvements to the Virima SaaS platform. Virima also owns the configuration of the AWS-provided security group firewall which does not require frequent modification.

Policies for Employees

All software development and customer support are provided by Virima employees within Virima facilities under direct supervision of Virima managers. Virima follows standard business practices when onboarding, directing, and off-boarding employees. High level practices are listed below:

  • New employees receive criminal background and reference checks prior to hire
  • Access to development systems and individual client data is restricted based on job duties
  • Logs are frequently monitored to detect unauthorized access or suspicious activity
  • Upon employee separation all access is immediately revoked and tasks are reassigned to ensure minimal disruption to the business


Technology Safeguards

Virima has built various safeguards into the platform to help protect data from unauthorized access. Of course, product features designed to improve security are only effective if also properly implemented. As always, the customer is responsible for instituting, enacting and enforcing safe policies and procedures on behalf of their staff.

Authentication

Authentication is performed via the Virima SaaS login portal requiring user email and password which are encrypted. Customers have the option of enabling two factor authentication using Active Directory or LDAP. Customers can also setup Single Sign On using SAML and connect to their existing accounts such as Office365, AzureAD, Okta, etc.

Data field privacy

Data field privacy allows for asset/CI field data to be encrypted and stored so only permissioned users/roles have access.

Role-based access

Virima SaaS includes several predefined roles with set permissions based on common ITAM and ITSM practitioners. System administrators are able to modify existing permissions or create new roles and permission following the standard RACI matrix:

  • Responsible
  • Accountable
  • Consulted
  • Informed


Audit controls

The system maintains a complete history of all changes made to every ITSM and asset/CI record in the database. Any changes made to an ITSM record or asset/CI is automatically tracked and stored indefinitely. The change history cannot be modified or deleted by the users. Examples of tracked changes include:

  • Record added/deleted
  • Record updated
  • Time stamp of change
  • Who made the change


Rule based escalations and notifications

Depending on the criticality of the data or the process, automatic escalations and notifications can be setup to alert the stakeholders whenever certain updates occur to specific record data.

Encryption

Data is encrypted both at rest and in transit. The device credentials required to complete discovery scans are always stored locally and encrypted within the Discovery Application(s). They are never sent or stored in the cloud and because they are immediately encrypted they are never accessible to anyone. Even during initial configuration of the system, credentials should not be shared with Virima employees. We would never ask for that information when troubleshooting either. Scan data collected by the Discovery Application is also encrypted and transmitted that way to the cloud-based Discovery Server.

Customers may also enable encryption of ITSM records and device configuration data before getting stored into the database.

Segregation Of Client Data

Virima SaaS runs in a multi-tenant environment. This means that although clients access a singular software environment, all the data is securely partitioned and tied to individual client instances. This means client data is never stored together or accessible/viewable by users of other instances.

VII. Personally Identifiable Information Privacy

Virima does not use personally identifiable information (“PII”) to market additional Virima services or products nor does Virima sell or exchange customer PII data with any third party for such purposes. Virima may use customer PII, specifically system administrators’ email addresses, to advise of product enhancements, system maintenance schedules, product release notes, system status messages or other information intended to enhance customers’ experience with the Virima subscription services.

Virima does not offer any privacy protections for PII data customers choose to share with third parties via Virima Application Programming Interfaces (“API’s”) or any other voluntary integration/data exchange method.

VIII. Closing

Virima takes system availability and security very seriously and will continue to evaluate and, when needed, modify the aforementioned policies and procedures. We strive to provide a robust, secure, and highly usable SaaS platform that our customers can trust and rely on every day.