Terms & Conditions

RESOLUTEGUARD LLC, a New Jersey limited liability company, with offices located at 417 Crescent Parkway, Sea Girt, New Jersey 08750 (“Service Provider”) provides information technology services, including those services presently provided to you (“Sub-Recipient”) and/or those services described in a Order Form (the “Order Form”) (collectively, the “Services”), which if applicable, is incorporated as if set forth fully herein.  Sub-Recipient is a sub-recipient of grant funds received by Educational Services Unit 6, hereinafter referred to as “ESU Partner” and desires to retain Service Provider to provide the Services. By receiving the Services from Service Provider, Client agrees and understand that all Services are bound by the following terms and conditions (these “Terms and Conditions”)

1. Services. Service Provider is in the business of providing cybersecurity risk management services to public entities. Service Provider shall provide certain services to Sub-Recipient as set forth in Exhibit A (the “Services”), which is attached to these Terms and Conditions and incorporated as if set forth fully herein.
   
   
2. Fees and Expenses. For the Services to be performed hereunder, ESU Partner shall pay to Service Provider, on behalf of the Sub-Recipient the fixed fee for Sub-Recipient as set forth in that certain Payment Agreement by and between Service Provider and ESU Partner dated January 22, 2024 (the “ESU Partner Payment Agreement”) (collectively, the “Fees”).
   
   
3. Sub-Recipient’s Obligations. Sub-Recipient represents and warrants to Service as follows:

• 3.1 Sub-Recipient will cooperate with Service Provider in all matters relating to the Services and appoint a Sub-Recipient employee to serve as the primary contact with respect to these Terms and Conditions and who will have the authority to act on behalf of Sub-Recipient with respect to matters pertaining to these Terms and Conditions (the “Sub-Recipient Contract Manager”). Service Provider will be entitled to rely upon directions and guidance from the Sub-Recipient Contract Manager until Service Provider is affirmatively made aware of a change of status of the Sub-Recipient Contract Manager;
  
  
• 3.2 Sub-Recipient shall respond promptly to any Service Provider request to provide direction, information, approvals, authorizations, or decisions that are reasonably necessary for Service Provider to perform Services in accordance with the requirements of these Terms and Conditions. It being understood that if Service Provider’s performance of its obligations under these Terms and Conditions is prevented or delayed by any act or omission of Sub-Recipient, its agents, subcontractors, consultants, or employees, Service Provider shall not be deemed in breach of its obligations under these Terms and Conditions or otherwise liable for any costs, charges, or losses sustained or incurred by Sub-Recipient, in each case, to the extent arising directly or indirectly from such prevention or delay.
  
  
• 3.3 Sub-Recipient shall comply fully with all reasonable specifications, rules, regulations, and policies governing the Services provided to Sub-Recipient by Service Provider. Such rules, regulations and policies shall be subject to change from time to time in Service Provider’s sole discretion;
  
  
• 3.4 Sub-Recipient, and not Service Provider, is responsible for Sub-Recipient’s own compliance with all applicable laws, including all confidentiality and security requirements, including, but not limited to such requirements of the FERPA, HIPAA, and the USA Patriot Act. The Services are not intended, and will not be used, to bring Sub-Recipient into full regulatory compliance with any law, rule, regulation, or requirement that may be applicable to Sub-Recipient’s business or operations. The Services may aid Sub-Recipient’s efforts to fulfill regulatory compliance; however, the Services are not (and should not be used as) as a compliance solution;
  
  
• 3.5 Service Provider may provide Sub-Recipient with specific advice and directions related to the Services (“Advice”). Sub-Recipient is strongly advised to follow Advice which, depending on the situation, may require Sub-Recipient to make additional purchases or investments in its Environment at its sole cost. Sub-Recipient acknowledges and agrees that Service Provider is not responsible for any problems or issues (such as downtime or security-related issues) caused by Sub-Recipient’s failure to promptly follow Advice. If, in Service Provider’s discretion, Sub-Recipient’s failure to follow Advice renders part or all of the Services economically or technically unreasonable to provide, then Service Provider may terminate all or a portion of the Services.

4. Intellectual Property. All intellectual property rights, including copyrights, patents, patent disclosures and inventions (whether patentable or not), trademarks, service marks, trade secrets, know-how, and other confidential information, trade dress, trade names, logos, corporate names and domain names, together with all of the goodwill associated therewith, derivative works and all other rights (collectively, “Intellectual Property Rights”) in and to all documents, work product and other materials that are delivered to Sub-Recipient under these Terms and Conditions or prepared by or on behalf of Service Provider in the course of performing the Services (collectively, the “Deliverables”) except for any Confidential Information of Sub-Recipient or Sub-Recipient-provided materials shall, as between Sub-Recipient and Service Provider, be owned exclusively by Service Provider. Service Provider . Service Provider hereby grants Sub-Recipient a license (or if applicable, a sublicense) to use all Intellectual Property Rights in the Deliverables free of additional charge (other than the Fees) and on a non-exclusive, worldwide, non-transferable, non-sublicensable, fully paid-up, royalty-free and perpetual basis, solely to the extent necessary to enable Sub-Recipient to make reasonable use of the Deliverables and the Services. Service Provider hereby grants Sub-Recipient a license (or if applicable, a sublicense) to use all Intellectual Property Rights in the Deliverables free of additional charge (other than the fees) and on a non-exclusive, world-wide, non-transferable, non-sub licensable, fully paid up, royalty free and perpetual basis, sorely to the extent necessary to enable Sub-Recipient to make reasonable use of the Deliverables and the Services.
   
   
5. Confidentiality. From time to time during the Term of these Terms and Conditions, either party (as the “Disclosing Party”) may disclose or make available to the other party (as the “Receiving Party”), non-public, proprietary, and confidential information of Disclosing Party that, any information that a reasonable person would regard as, know, or should understand to be confidential or proprietary, including but not limited to (a) if disclosed in writing or other tangible form is clearly labeled as “confidential,” or (b) if disclosed orally, is identified as confidential when disclosed and within ten (10) days thereafter, is summarized in writing and confirmed as confidential (“Confidential Information”); provided, however, that Confidential Information does not include any information that: (a) is or becomes generally available to the public other than as a result of Receiving Party’s breach of this Section 5; (b) is or becomes available to the Receiving Party on a non-confidential basis from a third-party source, provided that such third party is not and was not prohibited from disclosing such Confidential Information; (c) was in Receiving Party’s possession prior to Disclosing Party’s disclosure hereunder; or (d) was or is independently developed by Receiving Party without using any Confidential Information. The Receiving Party shall: (x) protect and safeguard the confidentiality of the Disclosing Party’s Confidential Information with at least the same degree of care as the Receiving Party would protect its own Confidential Information, but in no event with less than a commercially reasonable degree of care; (y) not use the Disclosing Party’s Confidential Information, or permit it to be accessed or used, for any purpose other than to exercise its rights or perform its obligations under these Terms and Conditions; and (z) not disclose any such Confidential Information to any person or entity, except to the Receiving Party’s Group who need to know the Confidential Information to assist the Receiving Party, or act on its behalf, to exercise its rights or perform its obligations under these Terms and Conditions. If the Receiving Party is required by applicable law or legal process to disclose any Confidential Information, it shall, prior to making such disclosure, use commercially reasonable efforts to notify Disclosing Party of such requirements to afford Disclosing Party the opportunity to seek, at Disclosing Party’s sole cost and expense, a protective order or other remedy. For purposes of this Section 5 only, Receiving Party’s Group shall mean the Receiving Party’s affiliates and its or their employees, officers, directors, shareholders, partners, members, managers, agents, independent contractors, service providers, sublicensees, subcontractors, attorneys, accountants, and financial advisors. Provided, however, Service Provider may share with the Sub-Recipient’s applicable educational service unita copy of the final Deliverables (if any) inclusive of any findings thereto. Provided however, this Section 5 shall not prohibit or otherwise prevent Service Provider from extracting, compiling, synthesizing, and analyzing data provided by Sub-Recipient to Service Provider in connection with the delivery of the Services to the extent such data or information does not identify or is otherwise attributable to Sub-Recipient operations, systems, networks, or any person.
   
   

Certain Information provided by Service Provider contains documentation on the design and deployment of Sub-Recipient’s network and should be protected as Tier 1 Confidential Information. Service Provider transfers Tier 1 information via a secure transfer that meets NIST-CSF controls. Sub-Recipient’s cybersecurity officer or Sub-Recipient Contract Manager should be sure to store, secure, provide access, process and/or transmit this information as they do other electronic Tier 1 Confidential information.

10. Term. These Terms and Conditions shall commence as of the start date noted in the Order Form and, unless otherwise set forth in the Order Form, sooner terminated as provided in these Terms and Conditions, will remain in full force and effect for an initial term equal to one (1) year from the Effective Date (the “Initial Term”) after which the term shall automatically renew for additional twelve (12) month periods (collectively with the Initial Term, the “Term”) unless a party provides written notice to the other party of that party’s intention to not renew these Terms and Conditions at least thirty (30) days prior to the expiration of the then current Term. In the event of termination, under any provision of these Terms and Conditions, Service Provider shall provide any services required to be performed under the Agreement which have been funded by the ESU Partner pursuant to the ESU Partner Payment Agreement.
    
    
11. Termination. Either party may terminate these Terms and Conditions, effective upon written notice to the other party (the “Defaulting Party”), if the Defaulting Party: (a) materially breaches these Terms and Conditions, and such breach is incapable of cure, or with respect to a material breach capable of cure, the Defaulting Party does not cure such breach within thirty (30) days after receipt of written notice of such breach; (b) becomes insolvent or admits its inability to pay its debts generally as they become due; (c) becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law, which is not fully stayed within seven (7) business days or is not dismissed or vacated within forty-five (45) days after filing; (d) is dissolved or liquidated or takes any corporate action for such purpose; (e) makes a general assignment for the benefit of creditors; or (f) has a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business. Notwithstanding anything to the contrary in this section, Service Provider may terminate these Terms and Conditions before the expiration date of the Term on written notice if ESU Partner fails to pay any amount when due under the ESU Partner Payment Agreement or if the grants funds described herein are not otherwise available to Sub-Recipient.
    
    
12. Termination Without Cause. Either party may terminate these Terms and Conditions for any reason at any time, without penalty, by giving the other party sixty (60) days advance written notice.
    
    
13. Independent Contractor. The details of the method and manner for performance of the Services by Service Provider shall be under its own control, Sub-Recipient being interested only in the results thereof. The Service Provider shall be solely responsible for supervising, controlling, and directing the details and manner of the completion of the Services. Nothing in these Terms and Conditions shall give Sub-Recipient (or ESU Partner) the right to instruct, supervise, control, or direct the details and manner of the completion of the Services. Service Provider is for all purposes hereunder an independent contractor and in no event will Service Provider be considered an agent or employee of Sub-Recipient or ESU Partner or any of their subsidiaries or affiliates for any purpose.
14. Limited Warranty. Service Provider warrants that it shall perform the Services, which includes the delivery of a vulnerability assessment to Sub-Recipient, in a timely, workmanlike, and professional manner in accordance with generally recognized industry standards for similar services. Additionally, Service Provider represents and warrants that any Services, Deliverables, or products created from these Terms and Conditions and software or products used in the execution of such are owned by the Service Provider or the Service Provider has secured licensing and permissions for such. SERVICE PROVIDER (a) MAKES NO WARRANTIES EXCEPT FOR THAT SET OUT ABOVE; AND (b) DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Except as specified herein, without limiting the generality of the foregoing, Service Provider makes no representations or warranties with respect to any third party software or Deliverables provided to Sub-Recipient with respect to the Services, nor does Service Provider provide to Sub-Recipient any representations, warranties, assurances or promises that Sub-Recipient’s operations during or following the delivery of the Services will meet any or all regulatory compliance requirements (or other requirements of applicable laws). Service Provider’s sole and exclusive liability and Sub-Recipient’s sole and exclusive remedy for breach of the limited warranty set out in this Section shall be reperformance of the affected Services. If Service Provider cannot reperform the Services in compliance with the warranty set forth above within a reasonable time (but no more than thirty (30) days) after Sub-Recipient’s written notice of such breach, Sub-Recipient may, at its option, terminate the Agreement by serving written notice of termination in accordance with Section 7. Service Provider shall not have any obligation to refund to Sub-Recipient or ESU Partner any portion of the fees previously paid by ESU Partner as of the date of termination corresponding to the defective Services, except for any fee’s advanced and / or paid for the period during the breach of the limited warranty.
    
    
15. Limitation of Liability. IN NO EVENT SHALL SERVICE PROVIDER BE LIABLE TO MEMBER OR TO ANY THIRD PARTY (INCLUDING ANY MEMBER) FOR ANY LOSS OF USE, REVENUE, OR PROFIT OR LOSS OF DATA OR DIMINUTION IN VALUE, OR FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, OR PUNITIVE DAMAGES WHETHER ARISING OUT OF BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE AND WHETHER OR NOT SERVICE PROVIDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE. SERVICE PROVIDER’S SOLE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS AND CONDITIONS, WHETHER ARISING OUT OF OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, SHALL BE AS SET FORTH IN SECTION 10 ABOVE.
    
    
16. Choice of Law. These Terms and Conditions and all matters arising out of or relating to these Terms and Conditions, including tort and statutory claims are governed by, and construed in accordance with the laws of the State of New Jersey, without giving effect to any conflict of laws provisions thereof that would result in the application of the laws of a different jurisdiction. Any proceedings to enforce the terms of these Terms and Conditions shall be commenced solely in the State of New Jersey.
17. Entire Agreement. These Terms and Conditions, the Order Form, and any attached exhibits or schedules constitute the entire Agreement of the parties with respect to the subject matter hereof and supersedes all prior and contemporaneous written or oral understandings, agreements, representations, and warranties with respect to such subject matter.
    
    
18. Severability. The invalidity, illegality, or unenforceability of any provision herein does not affect any other provision herein or the validity, legality, or enforceability of such provision in any other jurisdiction.
    
    
19. Amendment. The parties may not amend these Terms and Conditions except by written instrument signed by the parties.
    
    

18. Waiver. No waiver of any right, remedy, power, or privilege under these Terms and Conditions (“Right(s)”) is effective unless contained in a writing signed by the party charged with such waiver. No failure to exercise, or delay in exercising, any Right operates as a waiver thereof. No single or partial exercise of any Right precludes any other or further exercise thereof or the exercise of any other Right. The Rights under these Terms and Conditions are cumulative and are in addition to any other rights and remedies available at law or in equity or otherwise.
    
    

19. Assignment. Neither party may directly or indirectly assign, transfer, or delegate any of or all of its rights or obligations under these Terms and Conditions, voluntarily or involuntarily, including by change of control, merger (whether or not such party is the surviving entity), operation of law, or any other manner, without the prior written consent of the other party. Any purported assignment or delegation in violation of this Section shall be null and void. These Terms and Conditions is binding upon and inures to the benefit of the parties and their respective successors and permitted assigns. Except for the parties, their successors, and permitted assigns, there are no third-party beneficiaries under these Terms and Conditions (including Sub-Recipients).
    
    

20. Miscellaneous. Any provision that, in order to give proper effect to its intent, should survive the expiration or termination of these Terms and Conditions, will survive such expiration or termination for the period specified therein, or if nothing is specified for a period of twelve (12) months after such expiration or termination. These Terms and Conditions may be executed in counterparts.
    
    

22. Force Majeure. No party shall be liable or responsible to the other party, nor be deemed to have defaulted under or breached these Terms and Conditions, for any failure or delay in fulfilling or performing any term of these Terms and Conditions (except for any obligations of ESU Partner to make payments to Service Provider under the ESU Partner Payment Agreement), when and to the extent such failure or delay is caused by or results from acts beyond the impacted party’s (“Impacted Party”) reasonable control, including, without limitation, the following force majeure events (“Force Majeure Event(s)”): (a) acts of God; (b) flood, fire, earthquake, or explosion; (c) war, invasion, hostilities (whether war is declared or not), terrorist threats or acts, riot or other civil unrest; (d) government order, law, or actions; (e) embargoes or blockades in effect on or after the date of these Terms and Conditions; (f) national or regional emergency; (g) strikes, labor stoppages or slowdowns, or other industrial disturbances; (h) shortage of adequate power or transportation facilities; and (i) other similar events beyond the reasonable control of the Impacted Party. The Impacted Party shall give notice within ten (10) days of the Force Majeure Event to the other party, stating the period of time the occurrence is expected to continue. The Impacted Party shall use diligent efforts to end the failure or delay and ensure the effects of such Force Majeure Event are minimized. The Impacted Party shall resume the performance of its obligations as soon as reasonably practicable after the removal of the cause. In the event that the Impacted Party’s failure or delay remains uncured for a period of ten (10) consecutive days following written notice given by it under this Section, either party may thereafter terminate these Terms and Conditions upon ten (10) days’ written notice.

Exhibit A

Service Provider shall provide the services and products to each Sub-Recipient who elects to receive Services by executing an Order Form. The Description of services listed in Exhibit A are Service Provider’s confidential information and not to be disclosed without prior written authorization.

Comprehensive Internal Network/External Vulnerability Scan

Based on NIST-CSF Controls

Web Meeting to Outline Onboarding and Setup for assessment software installation

• Discuss assessment information requirements
• Screenshare with Technical staff to implement scanning software
• Share best practices for optimal scanning results

SMART-Cyber Action Plan (SMART-CAP)

Web Meeting to review SMART-CAP including Cybersecurity Best Practices

Action Plan prioritized by risk of loss occurrence

• User Assignment
• Help/Support Documentation
• Align Guidelines and Solution Activities

Review Vulnerability Scan Reports

Network Management Plan

• User-Friendly Detailed Remedial Actions

Consolidated Risk Report

• Network Security Summary
• Create Inventory Management Summary
• Establish Network Documentation

Review Excel Export

• Server Aging Report
• Workstation Aging Report
• Includes: Discovery Tasks, User Information, Disc Capacity, and more

Policies and Guidelines

Prioritize SMART-CAP for Documenting Best Practices

• Support for modifying Guideline templates
• Align Guideline creation and Solution Activities