Sophos Security Service Schedule

1. 1. definitions and interpretation
      1. In this Service Schedule, in addition to those terms defined in the General Conditions, and where applicable, the Mobile Terms and the Mobile Equipment Terms, the following terms and expressions apply to the Sophos Security Services

1. 1. 2. The headings in this Agreement are for ease of reference only and shall not affect its construction.
   2. SECURITY SERVICE
      1. The Sophos Security Service comprises one or more of the following individual Licensed Products: Sophos Device Encryption, Sophos Endpoint Advanced, Sophos Endpoint Intercept X, Sophos Mobile Advanced, Sophos Server Protection, Sophos Intercept X Advanced for Server, Sophos Email Advanced, Sophos Phish Threat, Sophos Intercept X Advanced, Sophos Intercept X Advanced with EDR and Sophos Intercept X Advanced for Server with EDR. Further details of the Licensed Product can be found at https://www.sophos.com/en-us/products/sophos-central.aspx.
      2. Unless otherwise specified in the Commercial Schedule, the Minimum Holding is one (1) of any License for the Minimum Period of the Subscription.
      3. Subject to 2.2, Customer may purchase or remove any number of Licenses during the Minimum Period or until the cancellation of the Subscription provided that the total number of Licenses held does not fall below the number originally contracted for.
      4. The Customer shall only be permitted to use the Licensed Products within the Territory for the internal business purposes of the Customer relating specifically to the integrity of its systems, networks, documents, emails and other data. 
      5. All Licences will automatically co-terminate upon the earlier of (i) the termination of this Agreement or (ii) at the end of the Minimum Period or at the cancellation of the Subscription.  The Customer shall cease to use the Security Service and any Licensed Products upon termination of this Agreement or at the end of the Minimum Period or at the cancellation of the Subscription.
   3. lIcensed product warranties
      1. For a warranty period of ninety (90) days from the date of initial activation of a particular Licensed Product for the first time under this Agreement, O2 warrants that: (i) if properly used and installed, the Licensed Products will perform substantially in accordance with the Documentation on the designated operating system(s), and (ii) the Documentation adequately describes the operation of the Licensed Products in all material respects.
      2. If the Customer notifies O2 of a breach of the warranty described in paragraph 3.1 above during the applicable warranty period, O2’s entire liability and the Customer’s sole remedy shall be (at O2’s option and to the maximum extent permitted by applicable law) to correct, repair or replace the Licensed Products and/or Documentation, as applicable, within a reasonable time or provide or authorise a pro rata refund of the fee.
      3. The warranty in paragraph 3.1 shall not apply if (i) the Licensed Product has not been used in accordance with the terms and conditions of this Agreement and the Documentation, (ii) the issue has been caused by failure of the Customer to apply any action or instruction recommended by O2 in writing, (iii) the issue has been  caused by the act or omission of, or by any materials supplied by, the Customer or any third party, or (iv) the issue results from any cause outside of O2’s reasonable control.
   4. LIMITATIONS
      1. Except for the express warranties for the Licensed Products contained in paragraph 3 above, O2 makes no warranties, conditions, undertakings or representations of any kind, either express or implied, statutory or otherwise in relation to the Licensed Product including without limitation any implied warranties or conditions of merchantability, satisfactory quality, fitness for a particular purpose, non-infringement or arising from course of dealing, usage or trade.
      2. O2 will use reasonable skill and care in providing the Security Service. However, O2 does not warrant that:

(a) the Security Service will meet the Customer’s requirements or that the operation of the Licensed Product be error free or free from interruptions or other failures;

(b) the Security Service will protect the Customer against all possible security threats (including but not limited to intentional misconduct by third parties);

(c) there will be no malfunctions or other errors in the Sophos Security Service caused by virus, infection, worm or similar malicious code not introduced or developed by O2; or

(d) the Customer is entitled to block any third party applications or that the Customer is entitled to encrypt  or decrypt any third party information.

1. 5. third party software
      1. The Licensed Products may operate or interface with software or other technology that is licensed to Sophos from third parties (“Third Party Licensors”), which is not proprietary to Sophos, but which Sophos has the necessary rights to license to O2 and the Customer (“Third Party Software”). The Customer agrees that (a) it will use such Third Party Software in accordance with this Agreement, (b) no Third Party Licensor makes any warranties, conditions, undertakings or representations of any kind, either express or implied, to the Customer concerning such Third Party Software or the Licensed Products themselves, (c) no Third Party Licensor will have any obligation or liability to the Customer as a result of this Agreement or use of such Third Party Software, (d) such Third Party Software may be licensed under license terms which grant the Customer additional rights or contain additional restrictions in relation to such materials, beyond those set forth in this Agreement, and such additional license rights and restrictions are described or linked to in the applicable Documentation, the relevant Sophos webpage, or within the Product itself.
      2. If the Documentation indicates that the Licensed Product includes Java software (“Java”) from Oracle Corporation (“Oracle”), the following additional required terms from Oracle apply to use of Java as part of the Licensed Product:  Use of the Commercial Features for any commercial or production purpose requires a separate license from Oracle.  “Commercial Features” means those features identified in Table 1-1 (Commercial Features In Java SE Product Editions) of the Java SE documentation accessible at http://www.oracle.com/technetwork/java/javase/documentation/index.html.
      3. If the Licensed Product is Sophos Central Wireless, the Google Maps / Google Earth Additional Terms of Service (including the Google Privacy Policy) apply to use of the Licensed Product.
   6. Data Protection And Use of Data
      1. The Customer acknowledges and agrees that Sophos may directly and remotely communicate with the Licensed Products in order to provide maintenance and technical support, and to collect the following types of information: (i) products, product versions, product features and operating systems being used, (ii) processing times taken by the product, (iii) customer identification code and company name, and (iv) IP address and/or ID of the machine which returns the above listed information. Certain products may require the collection of additional information as detailed in the Sophos privacy policy at: http://www.sophos.com/en-us/legal/sophos-group-privacy-policy.aspx.
      2. The Customer acknowledges and agrees that O2 may provide to Sophos contact details and (where applicable) payment information for the purposes of (i) providing technical support, (ii) billing, (iii) verifying credentials, (iv) issuing license expiry and renewal notices, (v) carrying out compliance checks for export and sanction control purposes, and (vi) providing account management.
   7. CUSTOMER OBLIGATIONS
      1. The Customer is responsible for ensuring their Devices are compatible with the Sophos Security Service. The Customer can confirm compatibility of their Devices via the following website which details the system requirements of each of the Sophos Licensed products https://community.sophos.com/kb/en-us/118620
      2. Unless performed by O2 and purchased by the Customer as part of the Digital Evolution Services, the Customer is responsible for configuring and installing the Sophos Security Service on the Customer’s Devices.
      3. The Customer shall keep its log-on credentials secure at all times and shall only grant access to such details to those persons it deems appropriate. O2 will have no liability to the Customer for any misuse of such log-on credentials by any Customer employee or third party.
      4. The Customer shall not modify or allow modification of the Licensed Products (i) except as necessary to configure the Licensed Products using the menus, options and tools provided for such purposes and contained in the product; and (ii) except as necessary to develop custom filters using the Application Programming Interfaces (APIs) where contained in the Licensed Product or provided directly by Sophos for such purposes;
      5. The Customer shall not reverse engineer, disassemble or decompile the Licensed Products or any portion thereof or otherwise attempt to derive or determine the source code or the logic therein except to the extent that such restriction is prohibited by applicable law;
      6. The Customer shall not transmit or provide access to the Licensed Products save as provided in this Agreement;
      7. The Customer shall not sub-license, rent, sell, lease, distribute or otherwise transfer the Licensed Products;
      8. The Customer shall not use or allow use of the Licensed Products in or in association with safety critical applications where a failure of the Licensed Products could result in personal injury, death, or property damage such as, without limitation, medical systems,  or nuclear power applications.
      9. The Customer shall not use or allow use of the Licensed Products for the purposes of competing with Sophos, including without limitation competitive intelligence (except to the extent that this restriction is prohibited by applicable law).  Competitive intelligence shall mean the collection and examination of information about the Licensed Products and / or Sophos to increase the Customer’s competitiveness.
      10. The Customer shall be solely responsible for proper back up of all data and shall take appropriate measures to protect such data. O2 assumes no liability or responsibility whatsoever if data is lost or corrupted.
      11. If O2 elects to send malware samples or any other materials to Sophos for review, the Customer shall remove any regulated health and payment card data prior to submission.
      12. The Customer will comply, and will ensure that its relevant personnel comply, with all applicable Sanctions and Export Control Laws. 
      13. While information about the classification of Licensed Products for export purposes is available at http://www.sophos.com/en-us/legal/export.aspx  and Sophos will use reasonable endeavours to maintain the information on such webpage, the Customer is responsible for seeking its own legal advice and ensuring its own compliance in relation to all applicable Sanctions and Export Control Laws
      14. Customer shall not store or transmit any content through the Sophos Licensed Products that (i) is unlawful, pornographic, obscene, indecent, harassing, racially or ethnically offensive, harmful, threatening, discriminatory or defamatory, (ii) facilitates or promotes illegal activity, (iii) infringes any third party intellectual property rights, or (iv) is otherwise inappropriate (“Prohibited Content”).
      15. The Customer acknowledges that Sophos reserves the right to remove content from the Licensed Products immediately without prior notice where it reasonably suspects that such content is Prohibited Content.  The Customer is fully responsible for monitoring and ensuring that no Prohibited Content is transmitted or stored on the Licensed Products.
      16. The Sophos Licensed Products are not designed for the storage of regulated health or payment card data, and Customers may not store or transmit such information through Sophos Licensed Products unless they have entered a separate written agreement with O2 expressly permitting such purpose.
      17. The Customer shall fully indemnify and hold O2 harmless from and against any claim, loss, liability or damage suffered or incurred by O2 resulting from or related to the Customer’s breach of this paragraph 7.
   8. CHARGES
      1. The Customer will be charged for each License provided as part of the Security Service on a monthly basis until the earliest of the following events occurs:
         1. the Customer cancels the License;
         2. the Customer cancels the Subscription (subject to the Customer paying any Termination Fees if applicable); or
         3. the Agreement is terminated (subject to the Customer paying any Termination Fees if applicable).
      2. The Security Service is licensed on a per User basis with the exception of Server Products which are charged per Server and Sophos Phish Threat which is charged per campaign. 
      3. O2 shall monitor Customer usage of the Security Service on a monthly basis and reserves the right to charge the Customer for any Licenses added by the Customer via the Customer Administration Portal. The Charges will commence in the calendar month that the Licenses were added.
      4. The Charges do not include any data or Short Message Service (SMS) charges. When the Customer installs the Security Service onto a Device or when any updates to the Security Service are delivered to the Customer’s Device, the Customer will be charged for data usage in accordance with the Customer’s Airtime Agreement.
   9. Audit
      1. O2 (or its appointed third party auditor) may audit the Customer’s relevant records to confirm the Customer’s compliance with this Agreement and will only have access to those records reasonably necessary to confirm such compliance. O2 shall provide 30 days’ written notice to the Customer prior to conducting an audit.
   10. EVALUATION
       1. Subject to O2’s written agreement the Customer may use a Licensed Product for evaluation purposes only, in a Customer's test environment, without payment of a fee for a maximum of 30 days or such other duration as is specified by O2 at its sole discretion. The Product is provided “AS IS” during such evaluation period.
   11. CUSTOMER SUPPORT
       1. O2 will provide the Customer with support for the Security Service via telephone support number 0800 977 7337. Technical product support will be available 7 days a week from 8am – 9pm. Support relating to billing queries will be available Mon-Fri 8am-8pm Sat-Sun 9am-6pm.
   12. TERM AND TERMINATION RIGHTS
       1. Unless otherwise stated in the Commercial Schedule, the Security Service is available to purchase with a Minimum Period of 30 days. Following the expiry of the Minimum Period, the Customer will continue to be charged the monthly Rental Charge until the Customer cancels the Subscription to the Security Service.
       2. The Customer can choose to cancel the Subscription to the Security Service at any time but will incur Rental Charges (and where applicable Termination Fees) as specified in the Commercial Schedule. The Customer must provide a minimum of 30 days’ notice of termination. For clarity, the Customer will be charged the Rental Charges during any such notice period.
       3. The Security Service will be cancelled following the expiry of the 30 days’ termination notice referred to in paragraph 12.2. Following cancellation, the Customer will no longer have access to the Customer Administration Portal and all customer data will be deleted after 90 days.
       4. In the event that O2 is no longer permitted by Sophos to provide the Security Service all rights of the Customer to use the Licensed Products shall cease automatically.
       5. The Customer shall cease to access and/or use the Licensed Products if they no longer have a valid Agreement with O2.