THE TERMS AND CONDITIONS OF CUSTOMER’S PURCHASE OF SECURITY PENETRATION-­RELATED SERVICES (“SERVICES”) FROM SELLER ARE LIMITED TO THOSE CONTAINED HEREIN. ANY ADDITIONAL OR DIFFERENT TERMS OR CONDITIONS IN ANY FORM DELIVERED BY YOU ("CUSTOMER") ARE HEREBY DEEMED TO BE MATERIAL ALTERATIONS AND NOTICE OF OBJECTION TO THEM AND REJECTION OF THEM IS HEREBY GIVEN.

BY RECEIVING THE SERVICES OR BY MAKING PAYMENT TO THE CDW AFFILIATE IDENTIFIED ON THE INVOICE, STATEMENT OF WORK OR OTHER CDW DOCUMENTATION ("SELLER") TO PERFORM OR PROCURE ANY SERVICES, CUSTOMER AGREES TO BE BOUND BY AND ACCEPTS THESE TERMS AND CONDITIONS.

ANY GENERAL DESCRIPTION OF THE SECURITY SERVICES AND/OR THE RESULTS THEREOF POSTED ON ANY SELLER WEBSITE OR MOBILE APPLICATION DO NOT CONSTITUTE PART OF THE AGREEMENT BETWEEN SELLER AND CUSTOMER.

These Terms and Conditions constitute a binding contract between Customer and Seller and are referred to herein as either "Terms and Conditions" or "Agreement". In addition to any agreement that references or incorporates these Terms and Conditions, Customer accepts these Terms and Conditions by making a purchase from or placing an order with Seller or otherwise engaging Seller to perform or procure any Services (as this and all capitalized terms are defined herein). These Terms and Conditions are subject to change without prior notice, except that the Terms and Conditions posted on a Site at the time Customer places an order or signs a Statement of Work will govern the order in question, unless otherwise agreed in writing by Seller and Customer.

Customer consents to receiving electronic records, which may be provided via a Web browser or e-­mail application connected to the Internet;; individual consumers may withdraw consent to receiving electronic records or have the record provided in non-­electronic form upon written request to Seller. In addition, Internet connectivity requires access services from an Internet access provider. Contact your local access provider for details. Electronic signatures (or copies of signatures sent via electronic means) are the equivalent of written and signed documents.

Customer may issue a purchase order for administrative purposes only. Additional or different terms and conditions contained in any such purchase order will be null and void. No course of prior dealings between the parties and no usage of trade will be relevant to determine the meaning of these Terms and Conditions or any purchase order or invoice, or any document in electronic or written form that is signed and delivered by each of the parties for the performance of Services (each, a “Statement of Work”).

1. Customer acknowledges and agrees that it understands and accepts the risks associated with the Services and hereby expressly authorizes Seller to perform the Services.

2. Customer represents, warrants and covenants that: (a) it has and will continue to have full rights, power, and authority to consent to having the Services provided in the manner as agreed upon in the SOW and/or Agreement;; (b) the execution and performance of the SOW and/or Agreement does not and will not violate or constitute a default under its constituting documents or any applicable law, any order of any court or government agency, or any agreement to which it is a party;; (c) the execution and performance of the SOW and/or Agreement have all been duly and validly authorized by all necessary corporate action, and the SOW and/or Agreement constitute a valid and binding obligation of Customer;; (d) it holds all permits, licences, approvals and statutory authorities that are necessary for the performance of its obligations under the SOW and/or Agreement, including, but not limited to, any approvals or consents, or providing any notices, required under applicable laws in respect of the processing of any personal data, and it has obtained in writing all consents, approvals and licenses necessary (including, but not limited to, from any third party) to allow: (i) Seller, its affiliates, subcontractors and its or their personnel to provide the Services;; (ii) Customer to receive the Services;; and (iii) for the Seller, its affiliates, subcontractors and its or their personnel to be able to access and test the Customer's Network, in the manner detailed in the SOW and/or Agreement; (e) Seller's performance of the Services as anticipated under the SOW and/or Agreement will not cause Seller, its affiliates, subcontractors and its or their personnel to commit any offence under any relevant computer misuse, cyber-security, anti-­hacking, wire-­tapping, interception of communications or systems, or similar or related legislation, regulation or binding industry code, guidance or requirements in any country (including where the services are provided, performed, received or relevant IT equipment, assets and/or systems are located) ("Computer Misuse Legislation") and Customer has provided its consent in relation to the Services and has obtained all required consents in respect of the same;; and (f) it will use the Services for lawful purposes only. Seller shall not be liable for claims resulting from a breach of any of the foregoing.

3. Customer acknowledges and agrees that:

(a) the Services include investigating and exploiting the Customer’s Network and security vulnerabilities by attempting to gain access to Customer’s Network and confidential security-­related information through testing activities that are not authorized by Customer’s Network security policies and that if done without Customer’s and/or the applicable third party’s authorization and consent could violate applicable laws;

(b) the Services relating to security are only one component of Customer’s overall security program and are not a comprehensive security solution or a comprehensive evaluation of Customer’s security and, without limiting the foregoing (a) it is impossible to, and the Services will not, detect, disclose or resolve every security vulnerability or hazard, (b) unauthorized access by third parties may occur and (c) impenetrable security cannot be attained; and

(c) Seller may perform any or all of the Services either directly or by using subcontractors or any other authorized personnel, in its sole discretion.

4. Customer is, and will continue to be, solely responsible for:

(a) exercising reasonable care under the circumstances in monitoring and managing its security environment and mitigating the risks associated with any potential or actual security hazard;

(b) establishing and maintaining appropriate internal controls and complying with all applicable laws and regulations;;

(c) implementing any advice or recommendations provided by Seller as part of the Services.

5. Customer represents and warrants that it owns all right, title, and interest in and to, or has the license for and the right to grant Seller access to and to authorize Seller to bypass or attempt to bypass any security features or technological protection measures associated with, any programs, systems, hardware, data, materials, IP addresses, domains or other information furnished or made available by Customer to Seller for the purpose of enabling Seller to perform the Services. Customer hereby assumes the sole responsibility for the accuracy of such programs, systems, data, materials, IP addresses, domains or other information furnished or made available by Customer to Seller.

6. Customer shall cooperate with Seller in the performance of the Services. Without limiting the previous sentence, Customer shall: (a) provide Seller, its affiliates, subcontractors and its or their personnel with timely access to the Customer's Network, the Customer’s data and information reasonably requested by Seller with respect to the Services; (b) promptly render all decisions and approvals so as not to delay or impede Seller’s performance of the Services; and (c) promptly notify Seller of any issues, concerns or disputes regarding the Services. Customer acknowledges and agrees that Seller’s performance depends on Customer’s timely and effective satisfaction of Customer’s responsibilities under the SOW and/or Agreement and Customer’s timely decisions and approvals in connection with the Services.

7. Customer shall permit, and hereby authorizes, Seller to connect diagnostic software and equipment to Customer’s communications network, systems, applications and equipment, including, without limitation, any third party provided, supplied, licensed, hosted or managed network, systems, applications, equipment and/or elements of the same (“Customer's Network”) for the purposes of performing the Services, which may require accessing Customer’s Network and confidential security-­related information. Seller has no liability or obligation for: (a) the installation, operation or maintenance of the Customer’s Network; or (b) the availability, capacity or condition of the Customer’s Network or (c) any adverse impact of the Services on the Customer's Network.

8. Customer and Seller acknowledge and agree that, in connection with Seller’s performance of the Services:

(a) Seller is not required to process or transfer data that identifies or can be used to identify a natural person (“Personal Information”);

(b) Seller is acting as a service provider, and is neither a controller nor owner of Personal Information;

(c) to the extent data accessed or processed by Seller constitutes Personal Information, that Personal Information will be accessed or processed based on Customer’s direction, and Seller has no rights to use that Personal Information other than in connection with providing the Services to Customer;

(d) Customer is solely responsible for obtaining any approvals or consents, or providing any notices, required under applicable laws regarding Seller’s performance of the Services, including, but not limited to, the processing of any Personal Information.

9. Customer shall identify Customer’s mission-­critical systems and shall not permit Seller to have access to such systems, and Seller shall have no liability or responsibility with respect to such systems even if Customer intentionally or unintentionally allows Seller access to them.

10. Notwithstanding anything to the contrary in the SOW and/or Agreement, Customer shall be solely responsible for daily back-­up and other protection of data (including, but not limited to, any data of Customer, Customer’s customers, Customer’s contractors and any other third party) and software against loss, damage or corruption. Customer shall be solely responsible for reconstructing or restoring such data (including, but not limited to, data located on disk files and memories) and software that may be lost, damaged or corrupted during the performance of the Services. Customer shall perform a full back-­up prior to Seller commencing the Services and shall also perform the same periodically throughout the delivery of the Services. Customer shall be solely responsible for ensuring proper and adequate backup and storage procedures.

11. Seller warrants that it will perform the Services in a professional manner that is consistent with industry practice. Customer acknowledges and agrees that Customer’s exclusive remedy for any breach of this warranty will be for Seller, upon receipt of written notice by Customer, to use reasonable efforts to cure that breach. Except as expressly set out in the Agreement, Seller makes no, and expressly disclaims all, representations, warranties or conditions, whether express, implied or statutory, including, but not limited to, warranties of merchantability, fitness for a particular purpose, title, non-­infringement, quiet enjoyment or from a course of dealing, course of performance or usage in trade in connection with the Services. Seller does not warrant, and specifically disclaims, that the Services will be accurate, without interruption or error-­free.

12. NONE OF SELLER, ITS AFFILIATES, THEIR RESPECTIVE SUPPLIERS, SUBCONTRACTORS, EMPLOYEES OR AGENTS SHALL BE LIABLE TO CUSTOMER OR TO ANY THIRD PARTY FOR, AND CUSTOMER WILL BE RESPONSIBLE FOR, ANY CLAIMS, LIABILITIES, LOSSES, DAMAGES, COSTS OR EXPENSES (INCLUDING, BUT NOT LIMITED TO, LEGAL FEES AND EXPENSES) RESULTING FROM, ATTRIBUTABLE TO OR ARISING OUT OF CUSTOMER’S USE OR RECEIPT, OF THE SERVICES (INCLUDING, BUT NOT LIMITED TO, IN CONNECTION WITH THE LOSS, DAMAGE OR CORRUPTION OF DATA AND SOFTWARE). THE FOREGOING SHALL APPLY IN ADDITION TO AND NOTWITHSTANDING ANY OTHER DISCLAIMER OR LIMITATION OF LIABILITY OTHERWISE CONTAINED IN THE SOW AND/OR AGREEMENT.

13. IN NO EVENT SHALL SELLER BE LIABLE TO THE CUSTOMER FOR ANY:

(a) LOSS OF GOODWILL, PROFITS, USE OF MONEY, BUSINESS OR REVENUE (WHETHER DIRECT OR INDIRECT);

(b) LOSS OF USE OF, INTERRUPTION IN USE OR AVAILABILITY OF, HARDWARE OR SOFTWARE;

(c) LOSS OF, OR DAMAGE TO, OR CORRUPTION OF, OR INTERRUPTION IN USE OR AVAILABILITY OF, DATA (WHETHER DIRECT OR INDIRECT);

(d) STOPPAGE OF OTHER WORK OR IMPAIRMENT OF OTHER ASSETS;; AND/OR

(e) INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES,

WHETHER BASED ON BREACH OR FAILURE OF EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT, MISREPRESENTATION, NEGLIGENCE, TORT, STRICT LIABILITY IN DELICT OR OTHERWISE, ARISING FROM OR RELATED TO THE SOW AND/OR AGREEMENT, ANY COMMITMENT PERFORMED OR UNDERTAKEN UNDER OR IN CONNECTION WITH THE SOW AND/OR AGREEMENT, THE SERVICES OR OTHERWISE, REGARDLESS OF WHETHER SELLER HAS BEEN ADVISED, KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES.

14. THE AGGREGATE CUMULATIVE MONETARY LIABILITY OF SELLER UNDER OR RELATING TO THE AGREEMENT SHALL NOT EXCEED THE AMOUNTS PAID OR PAYABLE BY THE CUSTOMER TO SELLER FOR THE SERVICES GIVING RISE TO THE CLAIM.

15. The following indemnification obligations of the Customer are cumulative and shall apply in addition to any other indemnification obligations of the Customer set out in the SOW and/or Agreement:

(a) Customer agrees to defend, indemnify and hold Seller and its affiliates and their respective directors, officers, members, employees, contractors, representatives, successors and assigns (collectively the “Indemnified Parties”) harmless from and against any loss, damage, liabilities, cost, expense (including, but not limited to, legal fees and costs), claims, demands, fines, penalties or causes of action of any nature for any relief, elements of recovery or damages recognized by law (including, without limitation, legal fees and expenses, costs related to mitigation and equitable relief), claimed against or incurred by any of the Indemnified Parties as a result of, arising out of or otherwise related to

(i) a breach by Customer of any of Customer’s obligations, responsibilities, covenants or warranties in the SOW and/or Agreement;

(ii) any of Customer’s representations in the SOW and/or Agreement being untrue;

(iii) any prosecution under or breach arising out of the Computer Misuse Legislation related to performance of the Services;; and/or

(iv) Customer's use of the Services not in accordance with the terms of the SOW and/or Agreement.

(b) Customer agrees to defend, indemnify and hold the Indemnified Parties harmless from and against any loss, cost, expense (including, but not limited to, legal fees and costs), claims, demands, liabilities, fines, penalties, damages, or causes of action of any nature for any relief, elements of recovery or damages recognized by law (including, but not limited to, legal fees and expenses, costs related to mitigation and equitable relief), claimed against or incurred by Indemnified Party based on, resulting from, arising out of or otherwise related to Customer’s use or receipt of the Services.

16. Seller has the right to immediately terminate the Services upon written notice to Customer, without liability to Customer for such termination, if Seller determines that the performance of any part of the Services would be in conflict with law.