SECURITY SAAS ZSCALER +
SERVICE ATTACHMENT
Part I: Rates and Charges.
Part II: Service Description and Requirements.
Part III: Service Terms and Conditions.
Part I: Rates and Charges. Customer will pay the monthly recurring charge (MRC) and nonrecurring charges (NRC) shown in the Customers Contract, based upon the Zscaler services ordered (each, individually a Zscaler Service and collectively, Zscaler Services). The current Zscaler Service offering is Zscaler Web Security. Customer will be invoiced the MRC upon the Service Activation Date. As used herein Verizon includes Zscaler, Inc. as the provider of Zscaler Services. Verizon reserves the right to audit the number of End Users, as defined below, Customer has on Zscaler Services, and in the event that the number of End Users of Zscaler Services exceeds the number of End User subscriptions ordered by Customer, Verizon reserves the right to charge Customer for the difference, or, if the difference is significant, to take other appropriate steps, including suspending and/or terminating Zscaler Services.
1. Service Commitment. The Service Commitment for each Zscaler Service is shown in the applicable Contract. The minimum Service Commitment is 12 months. Customer may order additional subscriptions at any time and each order will have its own Service Commitment, and each order will be billed at the then-current rates. Unless Verizon or Customer provides notice of termination of all or part of an order 45 days prior to the expiration of a Service Commitment, each order will automatically renew for a minimum period of 12 months (and will be considered a new order). Verizon reserves the right to change the MRC to be effective at the beginning of a new Service Commitment with 60 days notice prior to the expiration of the then current Service Commitment. If: (a) Customer terminates a Zscaler Service or any subscription before the end of the relevant Service Commitment for reasons other than Cause; or (b) Verizon terminates Zscaler Services for Cause, then Customer will pay an amount equal to the relevant MRC for the terminated subscriptions remaining during relevant Service Commitment or Service Commitments.
2. Premium Data Centers. Use of Premium Data Centers as defined herein will require additional bandwidth charges as shown in the Order. Premium Data Centers are those data centers located in Australia, India, South America and South Africa. Data center usage will be determined based on the location of End Users, as defined below.
Part II: Service Description and Requirements.
1. Service Description. Zscaler Services provides network-based services to mitigate risk and enforce Customer policies, including antivirus, vulnerability management, and granular user activity control of web browsing sessions. Zscaler Services include the infrastructure, Customer portal used for administration, service management, reporting, and helpdesk support. Upon Customers order, Zscaler Services are provided at one of four service levels; Web Threats Suite, Web Standard Suite, Web Advanced Suite, and Web Premium Suite. Zscaler Services are described for Customers reference at http://www.zscaler.com/resourcesdatasheets.php.
1.1 Web Portal. The web portal for Zscaler Services (the Portal) provides web-based information, resources, support, and configuration of Zscaler Services with a dashboard view of service statistics, summary and detailed reporting features. Portal also provides functionality for managing user and domain data as well as providing direct users of Zscaler Services (End User(s)) with password and password assistance. Customer can manage End User on the Portal using hosted databases, Microsoft Active Directory synchronization, or Lightweight Directory Access Protocol (LDAP) directory synchronization.
2. Zscaler Services Orders and Acceptance.
2.1 Orders. Customer must order the appropriate number of a licenses for a specific individual End User to access the Internet through the Zscaler Services (Seats) for such End Users use of the Zscaler Services. A Seat may be used only by a single, individual named End User, and a Seat may never be shared between or used by more than one individual. A Seat may only be transferred from one individual to another if the original individual is no longer permitted to access, and does no longer access, the Internet in connection with Zscaler Services. During the subscription Service Commitment of End User, Customer must notify Verizon within 5 business days if the number of End Users Seats increases by more than 5% of the then-declared number of Seats. If Customer wishes to add additional Seats, Customer shall submit an Order for such additional Seats. Unless otherwise specified in the relevant Order, additional Seat licenses shall be coterminous with expiration of the existing End User licenses. All pricing is on a per-Seat per-Order basis.
2.2 Acceptance Process. Verizon will notify Customer of the date when each Zscaler Service ordered by Customer is ready for use. Thereafter, Customer has ten days (Verification Period) to verify that the Zscaler Service complies the applicable features, function, performance and/or other attributes of, and requirements for, Zscaler Services (the Specifications). Customer may reject all or any portion of Zscaler Services within the Verification Period for failure to conform to the Specifications. Upon any rejection, Customer, in its sole discretion, may elect to: (a) give Verizon twenty days from receipt of notice of rejection to correct errors or other nonconformity at no charge and to redeliver corrected Zscaler Services; or (b) terminate the Zscaler Services. Rejection of Zscaler Services may be made via fax, E-mail, mail, or courier service. Customer will be deemed to accept Zscaler Services if Verizon fails to receive notice of rejection of the Zscaler Services prior to the expiration of the Verification Period (Service Acceptance).
3. Customer Support.
3.1 Support Availability. Zscaler Services provides Standard Support with e-mail or web chat assistance to Customer on a 24 x 7 basis for technical support to correct malfunctions or deficiencies in Zscaler Services, answer questions pertaining to installation, implementation, capabilities and/or use of the Zscaler Services and such other support reasonably requested by Customer. Also, Zscaler Services permits access by Customer to any website(s) providing technical support information including service bulletins and frequency asked questions (FAQs).
3.2 Technical Support Procedures. In accordance with the terms set forth in this section, Verizon shall respond to malfunctions or deficiencies and other support requests according to the following Severity Levels, in according with the times set forth in the following table (referred to hereinafter as the Support Table):
SUPPORT TABLE
SEVERITY LEVEL |
RESPONSE TIME |
RESOLUTION TIME |
Severity 1: Critical Situation |
< 15 min |
2 hours |
Severity 2: Serious Situation |
< 1 hour |
Within 4 hours |
Severity 3: Minor Situation |
< 4 hours |
Within 8 hours |
Other/Informational Situation |
< 24 hours |
< 48 hours |
3.2.1 Critical Situation. Critical Situation means a Zscaler Services degradation causing a material adverse effect on the productivity and/or service levels for 20% or more of End Users of the Zscaler Services (i.e., any Customer personnel to whom the Zscaler Services are available). Verizon will work on a continuous, 24 hour per-day basis to resolve the error. Errors will be resolved as quickly as possible, but no later than the Resolution Time set forth in the Support Table. A Critical Situation is resolved if it has either corrected the error(s) entirely or reduced the situation to either a Serious Situation or Minor Situation status, as defined below.
3.2.2 Serious Situation. Serious Situation means any of the following situations: (a) a Zscaler Services degradation causing a material adverse effect on the productivity and/or service levels for less than 20% of Customers personnel utilizing the Zscaler Services or (b) a Zscaler Services degradation causing any adverse effect on the productivity and/or service levels for less than 50% of any Customers personnel utilizing Zscaler Services. Verizon will work on a continuous basis during the business day to resolve the Serious Situation. Verizon will devote sufficient resources to ensure resolution of the Serious Situation no later than the Resolution Time set forth in the Support Table for a Serious Situation. A Serious Situation is resolved if it has either corrected the error(s) entirely or reduced the situation to a Minor Situation status, as defined below.
3.2.3 Minor Situations. Minor Situation means a situation that is not a Critical Situation or a Serious Situation, but any other situation in which the Zscaler Services are not fully operational. Verizon will devote sufficient resources to ensure that the Minor Situation is resolved no later than the Resolution Time set forth in the Support Table for a Minor Situation. A Minor Situation is resolved when it has either corrected the error(s) entirely, whether by a permanent error correction or a workaround situation which fully neutralizes the service-affecting aspects of the error while not negatively impacting Customer.
3.3 Other/Informational Situations. Other/Informational Situation means a situation involving requests for information pertaining to the Zscaler Services but which has no service-affecting impact on Zscaler Services or Customer. Examples may include general information requests, new feature requests or other product roadmap requests. Verizon will devote sufficient resources to provide the requested information no later than the Resolution Time set forth in the Support Table.
3.4 Implementation Support. Verizon will provide telephone and e-mail assistance for questions regarding the installation, implementation and use of Zscaler Services.
3.5 Error Tracking Process. All Zscaler Services deficiencies shall be recorded through an electronic trouble ticket process and a trouble ticket tracking number will be assigned. Such tracking number should be used by all parties during any subsequent calls concerning this particular problem. This tracking number will be used to electronically track the progress of resolution of the problem and issue status reports.
4. Maintenance Process.
4.1 Routine Maintenance. Verizon shall provide at least forty-five days notification (via e-mail or telephone) to Customer prior to scheduling routine maintenance. Such notification will include the estimated start time and date, estimated finish time, description of work to be performed and identification of the locations that shall be affected. Routine Maintenance shall be performed solely between 2300 and 0300 local time (i.e., 11:00 p.m. and 3:00 a.m.) (local time determined based on the Zscaler Services equipment that may be impacted by such routine maintenance). Any routine maintenance that may result in an interruption of service shall be coordinated with the Customer with at least ten business days prior written notice.
4.2 Emergency Maintenance. The term Emergency Maintenance means modifications required to be promptly applied to maintain the security and integrity of the Zscaler Services (e.g., as a software modification required to correct an identified security issue). Verizon will notify Customer as soon as possible and prior to commencing emergency maintenance (and if possible under the circumstances, at least 48 hours prior to commencement of the Emergency Maintenance). When emergency maintenance is underway and that may exceed the estimated finish time, Verizon will notify Customer immediately.
5. Zscaler Services Terms.
5.1 End User Agreement and Acceptable Use Policy. Customers use and access to the Zscaler Services is pursuant to Zscalers End User License Agreement and Acceptable Use Policy, located at www.zscaler.com/legal and governs Customers use of and access to the Zscaler Services.
5.2 Service Level Agreement. The Service Level Agreement (SLA) for Zscaler Services, which is made a part of the Agreement, sets forth Customers sole remedies for any claim in connection with Zscaler Services and is located at www.zscaler.com/legal.
5.3 Use of the Portal. Customer is responsible for implementing the configuration options for Zscaler Services through the Portal.
5.4 Delivery. As Zscaler Services are a purely hosted software-as-a-service offering, Verizon does not intend for the delivery any tangible products, including any software or hardware.
5.5 Zscaler Hardware Installations. Zscaler Services may be provided from any hardware installation forming part of the Zscaler Services anywhere in the world and the provision of Zscaler Services may, at any time, be transferred from one installation to another. No installation, or part thereof, is dedicated to the sole use of Customer.
Part III: Service Terms and Conditions. In addition to the terms and conditions found in the End User License Agreement and Acceptable Use Policy, the following terms and conditions apply.
1. Disclaimers. EXCEPT AS EXPRESSLY SET FORTH IN THE SERVICE LEVEL AGREEMENT, VERIZON EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. VERIZON DOES NOT WARRANT THAT THE FUNCTIONS OR FEATURES CONTAINED WITHIN THE ZSCALER SERVICES WILL MEET CUSTOMERS REQUIREMENTS, OR WILL OPERATE IN ANY COMBINATION WHICH MAY BE SELECTED FOR USE BY CUSTOMER, OR THAT OPERATION OF THE ZSCALER SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL DEFECTS THAT MAY EXIST IN THE ZSCALER SERVICES WILL BE CORRECTED.
2. Nature of Service. Zscaler Services does not provide service, maintenance or repair to or for any real or personal property.
3. Customer Data. Customer (and not Verizon) is responsible for taking any steps that may be required by law or otherwise to inform End Users sending requests for web pages and receiving web pages from or to the IP addresses receiving Zscaler Services that such requests and all web traffic is subject to scanning for viruses, malware, and/or compliance with any web access control restrictions or web access monitoring that are placed into effect by Customer, and as a result the webs traffic data, header information and/or web pages requested and viewed, the length of time of such viewing in addition to other information requested by Customer may be accessed and stored for that limited purpose. As a part of that limited purpose, Verizon (including its suppliers used in providing this service) may use any virus, malware or web traffic information to (i) maintain and improve the performance and integrity of Zscaler Services, (ii) observe, study and test the functioning of Zscaler Services; (iii) comply with regulatory, legislative or contractual requirements (including cooperating with law enforcement authorities); and (iv) make available to licensors information passing through Zscaler Services for the purposes of enhancing Zscaler Services and protecting against viruses or malware. Customer acknowledges that the United States and other countries regulate the treatment of web traffic and other information and will comply with all applicable data protection, privacy and similar laws in its use of Zscaler Services and that Verizon is not liable for any use of Zscaler Services by Customer in a manner that is inconsistent with legal requirements or by Verizon in accordance with the above limited purpose.
3.1 In certain jurisdictions the use of components of Zscaler Services may be restricted by law and/or it may be necessary to obtain the consent of or provide adequate notice to individual end-users or third parties, including but not limited to employees of the Customer or persons impacted by Zscaler Services, and/or where required, inform, consult or agree with employee representatives/work councils, and/or to file a declaration with the appropriate data protection authority and/or to take other steps prior to and in connection with the monitoring or filtering of electronic communications traffic using Zscaler Services or parts thereof. Verizon makes no representation as to where or if such requirements or any other requirements apply in the jurisdiction where Customer deploys Zscaler Services or any other jurisdiction where such deployment has an effect. It is Customer's sole responsibility to obtain its own legal advice as it deems necessary and to comply with any applicable data protection, privacy, antitrust and labor law, law, regulation, codes of practice or other requirement prior to deploying and otherwise in connection with the ongoing operation of Zscaler Services. Customer undertakes that it will investigate and comply with all such laws and regulations, codes and requirements.
3.2 Customer acknowledges and agrees that the configuration of Zscaler Services components and its implementation is entirely within the control of the Customer. In particular, web URL filtering are intended to be used solely to enable the Customer to enforce an existing, effectively implemented Customer acceptable computer use policy (or its equivalent), to the extent permitted by applicable law and regulations. Customer undertakes to ensure at all times that the configuration of web URL filtering is in compliance with such policy and applicable laws and regulations in the affected jurisdictions. Verizon and Verizon affiliates accept no liability that may be incurred by Customer as a result of the operation of Zscaler Services. The Customer recognizes that, for instance, the definition of what does and does not constitute a pornographic image may be subjective or subject to legal and regulatory requirements and this should be taken into account during Customer's configuration of the web URL filtering option.
3.3 If Customer fails to ensure the necessary compliance with applicable laws, regulations and other requirements, including the above usage restrictions, Customer shall indemnify Verizon and Verizon affiliates, and Verizon's and Verizon affiliates' associates, officers, directors, employees, agents and partners (collectively, Verizon Indemnitees) in respect of any and all claims, regulatory actions, losses, damages, costs and expenses suffered or incurred directly or indirectly by Verizon Indemnitees from or arising out of such failure by Customer.
3.4 Customer acknowledges that, Verizon does not have access to, control or influence over the content of any web pages processed by Zscaler Services and, to the extent that any web pages consist of or contain personal data as such term is defined in the EU Directive 95/46/EC, Verizon is not a data controller of such personal data and will only process the same on the instructions of the Customer, who shall be considered as the data controller of such personal data. The Customer undertakes to comply with any data protection, applicable legislation, and submit all required notification or authorization request to the relevant data protection authorities. As such, the Customer will indemnify and hold harmless Verizon Indemnitees in respect of any and all claims, regulatory actions, losses, damages, costs and express suffered or incurred directly or indirectly by them.
4. Export Compliance. The parties acknowledge that the export restrictions and service locational limitations set forth in the Guide shall apply.