SolCyber

Terms of Service

A PDF version of this document is available at legal.solcyber.com/c0e0aaaea050bcf3be26c0c23d58fa890c0dfb79c8a23016b4a86cd28ca6ea71.pdf.

SOLCYBER MANAGED SECURITY SERVICES, INC. SOLCYBER TERMS OF SERVICE SolCyber Managed Security Services, Inc., a Delaware corporation with offices located at 3090 Nowitzki Way, Suite 300, Dallas, TX 75219 (”SolCyber”) provides the Services (as defined below) to the End User (”End User”) by executing an order form with SolCyber. These Terms of Service (the "Terms of Service") contain the terms and conditions that govern the use of all SolCyber Services, which shall be ordered from SolCyber through order forms subject to these Terms of Service. SolCyber and End User may be referred to herein collectively as the "Parties” or individually as a ”Party.”

1 Definitions

(a) ”Authorized Site” means a web portal through which Authorized Users may access the

Software.

(b) ”Authorized User” means an employee, consultant, or independent contractor of End User, and identified by End User as such, who i) has received a valid password and login ID from SolCyber or from End User’s User Administrator (see Section 3 below) to access the Software or Services and ii) has accepted and agreed to the terms of these Terms of Service.

(c) ”End User Data” means all electronic information provided by End User to SolCyber under these Terms of Service (including, without limitation, employee information, End User information, application configurations, and data related to End User security and reporting).

(d) ”Customization” means a specific software-based Deliverable that includes new code or an adaptation (e.g., a change to source code) to the base Software and/or product embedded customized objects, which Deliverable has been furnished as part of a Statement of Work (including, without limitation, custom applications integrations, custom reports, and or onboarding procedures). For the avoidance of doubt, configuration of the base Software is not a Customization.

(e) ”Deliverables” means any tangible and intangible materials, including reports, studies, base cases, drawings, findings, manuals, procedures and recommendations that are prepared by SolCyber for End User pursuant to a Statement of Work in the course of furnishing the Software and Documentation.

(f) ”Documentation” means the standard SolCyber help materials, user documentation, and training materials normally made available by SolCyber in connection with specific Software products.

(g) “Managed Security Services” means the cybersecurity, managed security, monitoring, security operations center (SOC), and/or similar services that may be performed on a subscription or recurring basis as set forth in a Statement of Work. Terms of Service

(h) ”Modification” means a modification, alteration, addition, derivative work, derivation, enhancement and/or improvement of any kind to or of or from or based on or related to the Deliverable, and/or any part thereof, in any form or format. For the avoidance of doubt, configuration of the base Software is not a Modification.

(i) ”Professional Services” means the services to be performed by SolCyber for End User

(excluding Software or Managed Security Services) in accordance with Section 4 herein and as further detailed in a Statement of Work.

(j) ”Software” means the services to be performed by SolCyber for End User (excluding

Managed Security Services) in accordance with Section 4 herein and as further detailed in a Statement of Work.

(k) ”Statement of Work” (also referred to as an “SOW”) means a document in writing signed or accepted by both Parties, that: (a) details the scope of work of the Managed Security Services or Professional Services, to be performed by SolCyber under these Terms of Service, including identification of Deliverables and other materials to be provided to End User, if any; (b) identifies the locations at which the Managed Security Services or Professional Services shall be performed; and (c) specifies the applicable payment terms, including the hourly rate or unit rates, for performing the Managed Security Services or Professional Services. ,

(l) ”Term” means the period of time these Terms of Service are in effect, including the initial term and any extensions or renewals thereof.

(m) ”Update” means any updates, bug fixes, patches, maintenance releases, or other error corrections to the Software that SolCyber generally makes available free of charge to all End Users of the Software.

2 Services and Limited Licenses.

(a) Services. The term “Services” in these Terms of Service means, collectively, the Managed

Security Services and Professional Services, including any Software that may be included as part of the provision of the foregoing, as identified in a Statement of Work or detailed in an applicable Statement of Work. SolCyber may use one or more affiliated entities and/or subcontractors to provide the Services in accordance with these Terms of Service.

(b) License to End User. To enable End User to use the Services, SolCyber grants to End User, during the Term, a personal, limited, non-exclusive, non-sublicensable, non-transferable and nonassignable license (except in compliance with Section 14(a)) for Authorized Users solely to (i) access and execute the Software through the Authorized Site and use the applicable Documentation strictly for the benefit of End User’s internal business operations and (ii) input and upload End User Data in connection with the operation of the Software under these Terms of Service.

(c) License to SolCyber. To enable SolCyber to provide the Services, End User grants to

Terms of Service

SolCyber, during the Term, a personal, non-exclusive, non-sublicensable license to use, reproduce, transmit and modify the End User Data solely in connection with SolCyber provision of the Services, which for the avoidance of doubt includes SolCyber’s testing, monitoring, reporting, modeling, and benchmarking of the Software and use thereof.

3 End User Obligations

(a) Security & Infrastructure Obligations. End User will be responsible for designating an employee or other person (“User Administrator”) who shall be responsible for i) notifying SolCyber of each Authorized User for which it wishes to have access to the Software or Services; ii) identifying the roles and rights of each Authorized User; and iii) facilitating End User’s review of usage logs and other auditing or reporting information provided by SolCyber. End User will be responsible for maintaining the confidentiality and security of such passwords and login IDs and all activities that occur under these IDs, regardless of whether such passwords and login IDs are generated and managed by End User or by SolCyber. End User will ensure that each login ID and password issued to an Authorized User will be used only by that Authorized User. End User agrees to notify SolCyber promptly of any actual or suspected unauthorized use of any account, login ID or passwords, or any other breach or suspected breach of these security requirements. SolCyber reserves the right to suspend or terminate any login ID which SolCyber reasonably believes may have been used by an unauthorized third party or by any user or individual other than the Authorized User to whom such login ID and password was rightfully assigned. End User is also responsible for maintaining the required hardware, software, Internet connections and other resources necessary for End User and Authorized Users to access the Software through the Authorized Site.

(b) Other End User Responsibilities. During the term of these Terms of Service, End User will provide

SolCyber with reasonable access to requested resources such as (i) information about End User personnel, facilities, equipment, hardware, software, network and information, and (ii) timely decision-making, notification of relevant issues or information, identification of bugs in Software, and granting of approvals or permissions as reasonably necessary for SolCyber to provide the Software and/or Services under these Terms of Service. SolCyber shall not be responsible for any delay or other consequences resulting from End User’s failure to perform any of its obligations hereunder. End User’s failure to satisfy its responsibilities may lead to an increase in SolCyber’s fees, depending on the extent to which SolCyber has to provide additional effort or reschedule its commitments to deliver the Software and/or Services, or SolCyber’s inability to provide the Software and/or Services.

4 Professional or Managed Security Services.

(a) Scope of Service. SolCyber shall perform the Services set forth and as detailed in any

Terms of Service

mutually agreed or accepted Statement of Work. If the Parties desire changes to the Services, including alterations in, additions to, or deletions from the Services, or changes in the sequence of the performance of the Services, and such request affects the completion, substance, and/or fees, as defined therein, the change shall be mutually agreed to in writing. SolCyber shall perform all Services in a professional, workmanlike, and diligent manner using appropriately skilled, qualified, professional, and competent personnel.

(b) Customizations. SolCyber shall perform Customizations as set out in any agreed Statement of Work, in which case End User will have the same license usage rights to the Customizations as it has to the Software licensed hereunder.

5 Ownership & Proprietary Rights.

(a) SolCyber Intellectual Property. SolCyber owns or is an authorized licensee for all intellectual property used for purposes of providing the Services under these Terms of Service, whether developed prior to the commencement of these Terms of Service or anytime thereafter (the “SolCyber Properties”). All right, title, and interest in and to the SolCyber Properties (including, without limitation, all copyright, patent, trade secret, trademark and other intellectual property rights) and any Customizations, corrections, updates, adaptations, enhancements, improvements, translations or copies of the foregoing shall remain or vest exclusively with SolCyber.

(b) End User Intellectual Property. All right, title, and interest in and to the End User Data shall be owned exclusively by End User, provided that End User grants to SolCyber a non-exclusive, worldwide license to copy, transmit, modify and use the End User Data solely for purposes of providing the Services.

(c) Deliverables. Except as otherwise set forth in these Terms of Service, the Deliverables created specifically for End User by SolCyber are considered “works made for hire” and upon payment of all fees and expenses due for the Services, such Deliverables shall be owned exclusively by the End User. To the extent that such Deliverables are determined not to constitute “works made for hire” as a matter of law, SolCyber hereby irrevocably assigns and transfers such property, and all right, title and interest therein, including all intellectual property rights, to the End User and its successors and assigns. Notwithstanding the foregoing, “works made for hire” and the Deliverables shall not include SolCyber’s preexisting information and methodologies for delivery of the Services or Software, document templates, working papers, Confidential Information (as defined below) or project tools used by SolCyber to perform the Services.

6 Confidential Information.

From time to time during the Term, either Party may disclose or make available to the other Party information about its business affairs, products, confidential intellectual property, trade Terms of Service

secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form or media, and whether or not marked, designated, or otherwise identified as ”confidential” (collectively, ”Confidential Information”). Without limiting the foregoing, the Services, End User Data, and terms of these Terms of Service shall be considered Confidential Information. Confidential Information does not include information that the receiving Party can demonstrate that, at the time of disclosure is: (a) in the public domain; (b) known to the receiving Party; (c) rightfully obtained by the receiving Party on a non-confidential basis from a third party; or (d) independently developed by the receiving Party. The receiving Party shall not disclose the disclosing Party’s Confidential Information to any person or entity, except to the receiving Party’s employees, agents, contractors, consultants and representatives, including its bankers, attorneys and accountants (collectively “Representatives”) who have a need to know the Confidential Information for the receiving Party to exercise its rights or perform its obligations hereunder, and then only under a written confidentiality agreement or other binding confidentiality obligation no less restrictive than this Section 6. The receiving Party on behalf of itself and its Representatives agrees that it will treat Confidential Information of the disclosing Party with the same degree of care as it accords to its own confidential information of like sensitivity, but in no event less than a reasonable level of care. The receiving Party further ensures that it and its Representatives will use the disclosing Party’s Confidential Information only for the purposes contemplated by these Terms of Service. Notwithstanding the foregoing:

(a) each Party may disclose Confidential Information to the limited extent required (i) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (ii) to establish a Party’s rights under these Terms of Service, including to make required court filings.

(b) SolCyber may disclose End User's Confidential Information to End User's vendors, service providers, End Users, or other third parties; provided that (i) such disclosure is at the written direction of End User, and (ii) SolCyber is not liable or in any way responsible for any actions taken by such permitted third parties, including but not limited to a third party's unauthorized disclosure, misuse, data breach or any other authorized use of End User's Confidential Information. On the expiration or termination of the Terms of Service, the receiving Party shall promptly return to the disclosing Party all copies, whether in written, electronic, or other form or media, of the disclosing Party’s Confidential Information, or destroy all such copies and certify in writing to the disclosing Party that such Confidential Information has been destroyed. Any Confidential Information disclosed will remain confidential for three (3) years after the termination or expiration of these Terms of Service. Terms of Service

7 Restrictions.

End User shall not sell, rent, lease, sublicense, distribute, transfer, copy, reproduce, download, display, generate any Modification, timeshare, or otherwise exploit in any other manner the Software or use such as a component of or a base for products or services prepared for commercial sale, sublicense, lease, access or distribution. End User shall not itself, or cause or permit any Authorized User to, translate, reverse engineer, decompile, disassemble the Software or attempt to obtain in any other manner any Software source code. End User shall not cause or allow any third party or unlicensed user or computer system, other than an Authorized User, to access or use the Software. End User shall not introduce any infringing or otherwise unlawful data or material or any virus, spyware, malware or disabling code into the Software or into SolCyber systems or environment or attempt to deactivate or evade any protection mechanism of the Software, nor shall End User remove, obscure or alter any intellectual property right or confidentiality notices or legends appearing in or on any aspect of the Software. End User will not use SolCyber Properties to develop competitive products or services.

8 Warranties and Warranty Disclaimers.

(a) SolCyber Warranties. SolCyber will perform the Professional Services and Managed Security

Services in a professional, workmanlike, and diligent manner, using appropriately skilled, qualified, professional and competent personnel.

(b) SolCyber Warranties Disclaimer. EXCEPT FOR THE WARRANTIES SET FORTH IN SECTIONS 8(a) and 8(c), ALL SOLCYBER PROPERTIES ARE PROVIDED "AS IS.” SOLCYBER DOES NOT WARRANT THAT THE SOFTWARE OR SERVICES WILL MEET END USER’S REQUIREMENTS, THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL DEFECTS IN THE SOFTWARE WILL BE CORRECTED. TO THE FULL EXTENT PERMITTED BY LAW, SOLCYBER AND ITS AFFILIATES, EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, AND LICENSORS, DISCLAIMS ALL OTHER WARRANTIES WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF ANY INTELLECTUAL PROPERTY RIGHTS. FURTHER, SOLCYBER SHALL NOT BE LIABLE FOR ANY BUSINESS DECISIONS MADE OR IMPLEMENTED BY END USER BASED ON END USER’S USE OF THE SERVICES.

(c) Mutual Warranties. Each Party represents, warrants, and covenants that (i) it is a business entity duly organized and in good standing in all jurisdictions where it does business; (ii) has the full power and authority to enter into and perform its obligations under these Terms of Service; (iii) it will comply with all applicable laws in connection with its performance hereunder, including all export control laws. Terms of Service

9 Limitations of Liability.

EXCEPT FOR BREACHES OF SECTIONS 2, 3, 6, OR 10, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY LOSSES, DAMAGES, EXPENSES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR DATA USE, OR OTHER PECUNIARY LOSS, WHETHER IN AN ACTION IN CONTRACT OR TORT INCLUDING NEGLIGENCE, ARISING OUT OF OR IN ANY WAY RELATED TO THIS AGREEMENT, THE PERFORMANCE HEREOF, THE USE OF SOFTWARE, SERVICES OR DELIVERABLES PROVIDED HEREUNDER, AND SUCH ALLEGED PARTY'S BREACH OF THIS AGREEMENT EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EACH PARTY’S LIABILITY FOR DAMAGES HEREUNDER SHALL IN NO EVENT EXCEED IN THE AGGREGATE OF THE AMOUNT OF FEES PAID AND OWED BY END USER UNDER THIS AGREEMENT FOR THE IMMEDIATELY PRECEEDING TWELVE (12) MONTH PERIOD, EXCEPT TO THE EXTENT SUCH LIABILITY IS FINALLY JUDICIALLY DETERMINED TO HAVE RESULTED FROM A PARTY'S GROSS NEGLIGENCE, FRAUD, OR WILLFUL MISCONDUCT, IN WHICH CASE THE LIMITS HEREIN WILL NOT APPLY. THE PARTIES HAVE AGREED THAT THESE LIMITATIONS WILL SURVIVE AND APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. THE LIMITATIONS OF LIABILITY CONTAINED IN THE AGREEMENT WILL APPLY ONLY TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, AND NOTHING IN THE AGREEMENT PURPORTS TO LIMIT EITHER PARTY’S LIABILITY IN A MANNER THAT WOULD BE UNENFORCEABLE OR VOID AS AGAINST PUBLIC POLICY IN THE APPLICABLE JURISDICTION.

10 Indemnification.

(a) SolCyber Indemnification. SolCyber, at its expense, shall defend, indemnify and hold End User harmless from and against any loss, damages, liability, or expenses (including, but not limited to, reasonable attorneys’ fees and expenses) or liability from any claim, suit or proceeding (collectively, a “Claim”), to the extent arising out of, or related to, (i) the use by End User of the Software in strict accordance with these Terms of Service and alleging infringement of a patent or a copyright or trade secret right of any third party; or (ii) SolCyber’s gross negligence or willful misconduct; provided that End User: (1) promptly notifies SolCyber of such Claim; (2) provides SolCyber with full control of the defense and settlement of each such Claim; (3) cooperates with SolCyber in such defense and settlement, and (4) does not settle any such Claim or suit without SolCyber’s prior written consent. End User may participate in the defense and settlement of any Claim with counsel of its choice at its own expense provided that SolCyber shall continue to have sole control of such defense or settlement. If any portion of the Software becomes, or in SolCyber’s opinion is likely to become, the subject of a claim of infringement, SolCyber may, at its option: (A) procure for End User the right to continue using the Software; (B) replace the Terms of Service

Software with non-infringing services which do not materially impair the functionality of the Software; (C) modify the Software so that it becomes non-infringing; or (D) terminate these Terms of Service and refund any unused fees actually paid by End User to SolCyber for the remainder of the term then in effect, and upon such termination, End User will immediately cease all use of the Software. Notwithstanding the foregoing, SolCyber shall have no obligation under this section or otherwise with respect to any infringement claim based upon (I) any use of the Software not in accordance with these Terms of Service or not as specified in the Documentation; (II) any use of the Software in combination with other products, equipment, software or data not supplied by SolCyber if the Software without such combination does not infringe; (III) any modification of the Software by any person other than SolCyber or its authorized agents; (IV) a superseded Software version if a corrective Update has been made available to End User; or (V) a Customization to the extent based on End User-supplied intellectual property, materials, specifications, or information. This Section 10(a) states the sole and exclusive remedy of End User and the entire liability of SolCyber with respect to infringement claims and actions.

(b) End User Indemnification. End User, at its expense, shall defend, indemnify, and hold SolCyber harmless for any Claims to the extent arising out of, or related to: (i) End User’s use of the Software, Services, or Deliverables in breach of these Terms of Service or in violation of any applicable laws, regulations, or ordinances; (ii) SolCyber’s use of the End User Data; (iii) any Modification to a Deliverable not made by or at the direction of SolCyber; or (iv) End User’s gross negligence or willful misconduct, provided that SolCyber: (1) promptly notifies End User of such Claims; (2) provides End User with full control of the defense and settlement of each such Claim; (3) cooperates with End User in such defense and settlement, and (4) does not settle any such Claim without End User’s prior written consent. SolCyber may participate in the defense and settlement of any Claim with counsel of its choice at its own expense provided that End User shall continue to have sole control of such defense or settlement.

11 Fees.

End User shall pay all applicable Services fees in the amount and according to the schedule set forth in the applicable Order Form permitting End User's access to the Services. Unless otherwise provided in the applicable Order Form, End User shall pay the Services fees and/or expenses within thirty (30) days from the invoice date.

12 Term & Termination.

(a) Term. These Terms of Service shall commence upon execution of an order form incorporating these terms and will continue for as long as any order forms incorporating these Terms of Service are in effect unless and until either Party gives notice of termination in accordance with Terms of Service

Section 12(b). Notwithstanding the foregoing, in the event that any Statement of Work remains in effect following such termination or expiration, these Terms of Service shall govern and continue in effect with regard to such Statement of Work until the termination of such Statement of Work.

(b) Termination for Cause. Either Party may terminate these Terms of Service and/or

Statement of Work for cause upon sixty (60) days’ written notice of a material breach by the other Party of its obligations under these Terms of Service or the or Statement of Work, if such breach remains uncured at the expiration of such period.

(c) Effects of Termination. Upon termination of these Terms of Service or expiration of its

Term: (i) the Parties shall work together in good faith to address any and all posttermination issues concerning these Terms of Service, including but not limited to the retrieval or destruction of End User Data and each Party’s Confidential Information, and (ii) all licenses granted to End User hereunder with respect to the Services and Software shall automatically terminate and End User shall immediately discontinue its use thereof. If End User makes no written request regarding treatment of its End User Data after termination or expiration of these Terms of Service within thirty (30) days after the date of termination, SolCyber shall have no obligation to maintain the End User Data, and will have no liability to End User in respect of the same. Any and all unpaid fees and expenses incurred in connection with the Services prior to termination shall become due and payable within thirty (30) days after the date of termination. All subscription fees paid are non-refundable. Sections 1, 5-7, 8(b), 9, 12, and 14 shall survive any termination or expiration of these Terms of Service.

13 Equitable Relief.

The Parties agree that in the event of any breach or threatened breach of these Terms of Service; the non-breaching party may suffer an irreparable injury, such that no remedy at law will afford that party adequate protection against or appropriate compensation for such injury. Accordingly, in addition to remedies available at law, the Parties hereby agrees that the non-breaching party shall be entitled to seek specific performance as well as such injunctive relief as may be granted by a court of competent jurisdiction.

14 Miscellaneous

(a) Assignment. Neither Party may assign or transfer any of its rights or delegate any of its obligations hereunder, in each case whether voluntarily, involuntarily, by operation of law, or otherwise, without the prior written consent of the other Party, which consent shall not be unreasonably withheld, conditioned, or delayed; provided, however, that SolCyber may assign its rights or delegate its obligations, in whole or in part, without such consent to (i) Terms of Service one or more of its affiliates, or (ii) an entity that acquires all or substantially all of the business or assets of such Party to which these Terms of Service pertains, whether by merger, reorganization, acquisition, sale, or otherwise. Any purported assignment, transfer, or delegation in violation of this Section 14(a) will be null and void. No assignment, transfer, or delegation will relieve the assigning or dele- gating Party of any of its obligations hereunder. These Terms of Service are binding upon and inure to the benefit of the Parties hereto and their respective permitted successors and assigns.

(b) Amendment and Modification; Waiver. These Terms of Service may not be amended or modified except in a writing executed by duly authorized representatives of each Party. No waiver by any Party of any of the provisions hereof will be effective unless explicitly set forth in writing and signed by the Party so waiving. Except as otherwise set forth in these Terms of Service, (i) no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from these Terms of Service will operate or be construed as a waiver thereof and (ii) no single or partial exercise of any right, remedy, power, or privilege hereunder will preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.

(c) Entire Terms of Service. These Terms of Service, together with any other documents incorporated herein by reference and all related Exhibits, constitutes the sole and entire agreement of the Parties with respect to the subject matter of these Terms of Service and supersedes all prior and contemporaneous understandings, agreements, and representations and warranties, both written and oral, with respect to such subject matter. In the event of any inconsistency between the statements made in the body of these Terms of Service, the related Exhibits, and any other documents incorporated herein by reference, the terms of these Terms of Service shall control.

(d) Force Majeure. In no event shall either Party be liable to the other Party, or be deemed to have breached these Terms of Service, for any failure or delay in performing its obligations under these Terms of Service, if and to the extent such failure or delay is caused by any circumstances beyond the other Party’s reasonable control, including but not limited to acts of God, flood, fire, earthquake, explosion, pandemic, war, terrorism, invasion, riot or other civil unrest, strikes, labor stoppages or slowdowns or other industrial disturbances, or passage of law or any action taken by a govern- mental or public authority, including imposing an embargo.

(e) Governing Law. These Terms of Service are governed by and construed in accordance with the internal laws of the State of Delaware without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of Delaware. Any legal suit, action, or proceeding arising out of or related to these Terms of Service or the licenses granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the State of Delaware, in each case located in the city of Dover, and each Party irrevocably submits to Terms of Service the exclusive jurisdiction of such courts in any such suit, action, or proceeding. The Parties exclude in its entirety the application to these Terms of Service of the United Nations Convention on Contracts for the International Sale of Goods.

(f) Notices. All notices, requests, consents, claims, demands, waivers, and other communications hereunder (each, a ”Notice”) must be in writing. All Notices to SolCyber must be delivered by nationally recognized overnight courier (with all fees pre-paid) or certified or registered mail (in each case, return receipt requested, postage pre-paid) to the address set forth in the applicable order form, or by email to legal@solcyber.com (with confirmation of transmission). Except as otherwise provided in these Terms of Service, a Notice is effective only: (i) upon receipt by the receiving Party, and (ii) if the Party giving the Notice has complied with the requirements of this Section 14(f).

(g) Relationship of the Parties. The Parties to these Terms of Service are independent contractors and nothing in these Terms of Service will be deemed or construed as creating a joint venture, partnership, agency relationship, franchise, or business opportunity between SolCyber and End User. Neither Party, by virtue of these Terms of Service, will have any right, power, or authority to act or create an obligation, express or implied, on behalf of the other Party.

(h) Severability. If any provision of these Terms of Service are invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect any other term or provision of these Terms of Service or invalidate or render unenforceable such term or provision in any other jurisdiction. These Terms of Service supersede any prior contemporaneous agreements or understandings between the parties hereto. Terms of Service

Exhibit A, Statement of Work, SolCyber Foundational Service This Statement of Work (“Foundational Services SOW”) governs the Services provided by Surefire Cyber Inc. as a permitted reseller ("Reseller") of SolCyber's Services. This SOW is effective as of the date End User executes the SolCyber Terms of Service and the Order Form between Reseller and End User (the “Effective Date”). This Foundational Services SOW is entered into in connection with the Terms of Service accepted by End User pursuant to an applicable order form (the “Terms of Service”). This Foundational Services SOW forms a part of and incorporates by reference all terms of the Terms of Service and all amendments thereto. Capitalized terms used but not defined in this Foundational Services SOW have the same meanings as provided in the Terms of Service. In addition, “you” and “your” as used in this document refer to End User, and “we,” “us,” and “our” refer to SolCyber. SolCyber and End User agree as follows:

I Scope and Description of Services

1 Scope of Services

The SolCyber Foundational Security Services (“Foundational Service”) provides a set of security services to the End User to protect from modern cyber threats via SolCyber’s Security Operations Center (“SOC”). SolCyber and End User shall work together during a discovery phase to develop a mutually agreeable written program plan and schedule to address implementation of the Foundational Services (the “Program Plan”). The Program Plan shall address, among other things:  Project kick-off and preparation for Foundational Service;  SolCyber review of End User’s environment and inventory;  Changes in systems and process to collect telemetry from the End User’s environment;  Schedule for delivery, implementation, or transition (as may be applicable) of each Foundational Service offering; and  End User responsibilities under the Program. Foundational Service includes the following services: 24/7 Monitoring Service The SolCyber 24/7 Monitoring Service (“Monitoring Service”) provides SOC capabilities including cyber security monitoring, advanced threat detection, human-led threat hunting, incident investigation, and response (“SOC Services”). The SOC Services are facilitated by a Exhibit A - Foundational Services

cloud-native, data science driven, co-managed technology platform (“SolCyber SOC”). The SOC Services are delivered by SolCyber with either remote staff or those physically located together, or a combination thereof. Coverage: Monitoring Service covers all technologies provided by Foundational Services, Extended Services and Device Monitoring Service purchased by the End User that are on the supported product list.

1 Log Collection – Logs are collected by the SolCyber SOC and are made available for 365

days before they are deleted from the system. SolCyber reserves the right to adjust fees if such logs collected are more than the logs considered normal for infrastructure of average verbosity.

2 Alert Analysis and Triage – SolCyber will analyze logs on a 24x7x365 basis for signs of

malicious activity. Suspicious alerts will be triaged by SolCyber and escalated as an incident if confirmed.

3 Incident Alerting – Upon confirmation of an incident, SolCyber will create an incident

in the SolCyber SOC and notify the End User within the provided SLA.

4 Portal Access – Incidents will be made available via an online portal or other means at

the discretion of SolCyber. Log Collection Device – SolCyber will provide up to 1 Log Collection Device for log collection if the End User is unable to provide their own computing resource. End Users can purchase additional Log Collection Device as needed. Ownership of the Log Collection Device will be transferred to the End User upon delivery. Alternatively, the End User can purchase their own supported hardware. This is optional and required for all technologies on the supported product list. Advanced Email Protection Service The SolCyber™ Advanced Email Protection (“AEP Service”) provides protection against modern email threats including phishing attacks, business email compromise and email fraud. The AEP Service includes a cloud native, multi-vector detection enabled email solution which is also managed by the SolCyber SOC. Coverage: The AEP Service supports the included email technology or others approved and supported by SolCyber. AEP License: The AEP Service includes licenses for an email solution. The End User can deploy the email solution for up to the number of User licenses purchased for the Foundational Service. Exhibit A - Foundational Services

1 Remote Implementation – SolCyber will work with the End User to remotely

implement the included email technology. End User is expected to support the activities outlined in the AEP on-boarding guide.

2 Policy Configuration and Management – SolCyber will update the email solution’s

configurations based off best practices and input from the End User including black and whitelisting.

3 Quarantine Management – SolCyber will respond to requests to release emails from

quarantine within the provided SLA.

4 System Availability – SolCyber will undertake reasonable measures to ensure that the

AEP Service availability meets or exceeds the provided SLA.

5 Performance and Availability Monitoring – The email solution will be monitored

24x7x365 for anomalies in performance or availability. Upon confirmation of a fault, SolCyber will create an incident in the SolCyber SOC and notify the End User within SLA. Endpoint Protection and Response Service The SolCyber™ Endpoint Protection and Response (“Endpoint Service”) provides protection against endpoint threats including threat detection, remote response and remediation assistance. The Endpoint Service is powered by a bundled endpoint solution. Coverage: The Endpoint Service supports the included bundled or other endpoint protection and endpoint detection and response (“EDR”) technologies approved and supported by SolCyber. Endpoint Licenses: The Endpoint Service includes licenses for bundled endpoint solution. The End User can deploy EDR on any Endpoint up to 1.25 times the User licenses purchased for Foundational Service. An Endpoint is defined to include any host machine running supported versions of Linux, Windows, or MacOS operating systems to include servers, virtual servers, user workstations, and laptops. The End User will be invoiced for additional license capacity as needed based on Section II below.

1 Remote Implementation – SolCyber will work with the End User to remotely

implement the included bundled technology. End User is expected to support the activities outlined in the Endpoint Service on-boarding guide.

2 Policy Configuration and Management – SolCyber will update EDR’s configurations

based off best practices and input from the End User including device blocking.

3 Response – SolCyber will connect to confirmed incidents by remotely connecting to

endpoints with EDR to perform additional triage, containment and response work when possible. Exhibit A - Foundational Services

4 EDR Troubleshooting – SolCyber will respond to requests to troubleshoot issues

related to EDR within the provided SLA.

5 System Availability – SolCyber will undertake reasonable measures to ensure that the

EDR availability meets or exceeds the provided SLA.

6 Performance and Availability Monitoring – The EDR will be monitored 24x7x365 for

anomalies in performance or availability. Upon confirmation of a fault, SolCyber will create an incident in the SolCyber SOC and notify the End User within 4 hours. DNS Protection Service The SolCyber™ DNS Protection Service (“DNS Service”) protects endpoints from web-based threats. The DNS Service is powered by a bundled endpoint solution. Coverage: The DNS Service supports the included bundled or other cloud-based DNS technologies approved and supported by SolCyber. Endpoint Licenses: The DNS Service includes licenses for bundled endpoint solution. The End User can deploy DNS agent on any Endpoint up to 1.25 times the User licenses purchased for Foundational Service. An Endpoint is defined to include any host machine running supported versions of Linux, Windows, or MacOS operating systems to include servers, virtual servers, user workstations, and laptops. The End User will be invoiced for additional license capacity as needed based on Section II below.

1 Remote Implementation – SolCyber will work with the End User to remotely

implement the included bundled technology. End User is expected to support the activities outlined in the DNS Service on-boarding guide.

2 Policy Configuration and Management – SolCyber will update DNS configurations

based off best practices and input from the End User to block access to malicious websites. Content filtering is available to the End User for an additional $0.50/user.

3 Content Filtering – End Users can leverage the platform to restrict user access to

specific types of content including pornography. This is a self-serve service and available as an option at $0.50/user.

4 DNS Troubleshooting – SolCyber will respond to requests to troubleshoot issues

related to EDR within the provided SLA.

5 System Availability – SolCyber will undertake reasonable measures to ensure that the

DNS availability meets or exceeds the provided SLA.

6 Performance and Availability Monitoring – The DNS will be monitored 24x7x365 for

anomalies in performance or availability. Upon confirmation of a fault, SolCyber will create an incident in the SolCyber SOC and notify the End User within 4 hours. Exhibit A - Foundational Services

Practical Vulnerability Management Service The SolCyber™ Practical Vulnerability Management Service (“VM Service”) provides the End User with a prioritize list of vulnerabilities to assist with patch management. Coverage: The VM Service only supports the bundled vulnerability management technology. Endpoint Licenses: The VM Service includes licenses for bundled vulnerability management solution. The End User can deploy the VM Service agent on any Endpoint up to 1.25 times the Standard User licenses purchased for Foundational Service. An Endpoint is defined to include any host machine running supported versions of Linux, Windows, or MacOS operating systems to include servers, virtual servers, user workstations, and laptops. The End User will be invoiced for additional license capacity as needed based on Section II below. Non-endpoint Users are excluded.

1 Remote Implementation – SolCyber will work with the End User to remotely

implement the included bundled technology. End User is expected to support the activities outlined in the Endpoint Service on-boarding guide.

2 Monthly Reporting – SolCyber will provide a monthly report of critical patches to apply

including status of patches from the previous month. Patches not applied within 30 days will be highlighted. End User can opt-in for a monthly report of all vulnerabilities for compliance, but these will not be tracked.

3 Emergency Patch Alerting – SolCyber will alert the End User of new critical and

exploitable vulnerabilities that require out-of-band patching.

4 VM Troubleshooting – SolCyber will respond to requests to troubleshoot issues related

to VM within the provided SLA.

5 System Availability – SolCyber will undertake reasonable measures to ensure that the

VM availability meets or exceeds the provided SLA.

6 Performance and Availability Monitoring – The VM Service will be monitored 24x7x365

for anomalies in performance or availability. Upon confirmation of a fault, SolCyber will create an incident in the SolCyber SOC and notify the End User within 4 hours. Phishing Simulation and Training Service The SolCyber™ Phishing Simulation and Training (“Phishing Service”) increases the security awareness of your employees through a combination of phishing email simulations and security awareness training. The Phishing Service is powered by a phishing and training solution. Coverage: The Phishing Service supports the included phishing training solution or other technologies approved and supported by SolCyber. Exhibit A - Foundational Services

Endpoint Licenses: The Phishing Service includes licenses for the phishing training solution. The End User can deploy up to the number of User licenses purchased for the Foundational Service.

1 Remote Implementation – SolCyber will work with the End User to remotely

implement the included bundled technology. End User is expected to support the activities outlined in the Phishing Service on-boarding guide.

2 Phishing Simulation – SolCyber will perform one phishing simulation exercise for the

End User every quarter via email.

3 Phishing Training – SolCyber will send associated phishing training to every user who

fails the phishing simulation.

4 Portal Access – Training will be made available via an online portal

Ransomware Readiness Assessment Service The SolCyber™ Ransomware Readiness Assessment Service (“Readiness Service”) assessing the End User’s environment to determine the likelihood of a successful ransomware attack.

1 Assessment – SolCyber will work with the End User to assess various security controls

within the environment. End User is expected to support the activities outlined in the Readiness Service on-boarding guide. The assessment will be performed once a year.

2 Report – SolCyber will deliver a report including recommendations on changes to

improve the End User’s security posture. Active Directory Assessment Service The SolCyber™ Active Directory Assessment Service (“ADS Service”) assesses the End User’s Active Directory environment for misconfigurations and vulnerabilities. The AD Service is powered by a bundled Active Directory assessment tool. Coverage: The ADP Service supports the included solution or others as approved and supported by SolCyber. The service is only available for End Users with Active Directory or Azure AD.

1 Assessment – SolCyber will work with the End User to assess various security controls

within Active Directory. End User is expected to support the activities outlined in the ADS Service on-boarding guide. The assessment will be performed up to twice a year.

2 Report – SolCyber will deliver a report including recommendations on changes to

improve the End User’s security posture. Other Security Logs Service The SolCyber™ Other Security Logs Service (“Other Logs Service”) provides support for monitoring of additional log sources. Exhibit A - Foundational Services

Coverage: Monitoring of logs from technologies in the SolCyber Supported Products List (“SPL”) for Other Logs Service are included in the coverage for SolCyber’s 24/7 Monitoring Service (“Monitoring Service”). This is limited to a total of 10 EPS. End Users requiring more than 10 EPS will need to purchase Security Logs Service

2 Term. This Foundational Services SOW shall commence on the Effective Date and continue

for the term set forth in the applicable order form unless and until either Party gives notice of termination, as provided for in the Terms of Service.

3 Substitution. For all services that are included in Foundational Service, SolCyber reserves

the right to substitute a SolCyber approved and supported product and solution, with a minimum of 30 days’ notice of a plan to effect such change in its operations and delivery of Foundational Service.

4 Assumptions. Our pricing assumes that the End User does not require protection for

excessive non-user email addresses, or excessive domains. If there are requirements above a “normal” level of protection, then SolCyber reserves the right to adjust its price, or not cover such addresses or domains. Further, End User agrees that it is responsible for providing all reasonable cooperation and assistance, including timely performance of required tasks identified in the Program Plan. SolCyber will work with End User to monitor delays in the Program Plan and work together to mitigate risks. In no event shall SolCyber be responsible or liable for any delay or failure of performance caused in whole or in part by End User’s delay in performing, or failure to perform, any of its obligations under the Terms of Service (including in any Program Plan).

5 Service Levels Agreement. The purpose of this section is to describe the relevant actions,

expectations, remedies, and exclusions related to the performance of Foundational Service. The Service Level Agreement (“SLA”) is as follows: SolCyber SOC SLAs: SLA Item What It Is Target Uptime

1 SOC Availability Percent of minutes in >=99.5%

a 1-month period The following definitions apply to this SLA:  “Downtime” means End User is not able to log in to SolCyber SOC and view a incident. Exhibit A - Foundational Services

 “Monthly Uptime Percentage” means total number of minutes in a month (calculated as number of days in the applicable month x 24 hours x 60 minutes), minus the number of minutes suffered from Downtime in a month, divided by the total number of minutes in the month excluding periods of Planned Maintenance (Excused Downtime).  “Planned Maintenance” will not count against Uptime and means any unavailability, suspension or termination to the extent caused by: (i) factors outside of SolCyber’s reasonable control, including any force majeure event or Internet access or related problems beyond the demarcation point of SolCyber; (ii) any actions or inactions of End User or any third party; (iii) SolCyber’s suspension and/or termination of End User’s right to use the Service; (iv) any planned downtime or maintenance that SolCyber or its authorized service providers performs on the Service, provided that

(a) End User is notified at least seven days in advance or (b) End User has agreed to the date and time of such non-emergency maintenance; or (v) any periods of shutdown necessitated by emergency maintenance.  SolCyber reserves the right to disable any End User’s rules and/or require them to be tuned to maintain this SLA. End User will be eligible to receive the financial credits described below if SolCyber SOC falls below a Monthly Uptime Percentage of 99.5%. Credits will be calculated once at the end of each month. Monthly Uptime Percentage Monthly Uptime SLA Credit >= 99.5% No Credit 99.1% - < 99.5% $0.40/user < 99.1% $1.20/user Credits are calculated based off the number of subscribed Users to the Foundational Service. SLA Item What It Is Response Time Target

2 Mean Time to Triage - SolCyber will create Within 3 hours when a

Suspicious Entity SLA Security Incident Case Critical/High Severity in SolCyber SOC Suspicious Entity is created/triggered.

3 Mean Time to Escalate SolCyber will escalate Within 1 hour after it is

4 Mean Time to SolCyber will begin Within 3 hours

Troubleshoot – troubleshooting Technical Support SLA “Technical Support Cases” Security Incident Cases are considered escalated when either SolCyber changes the status to “Escalated to End User” in SolCyber SOC or when an equivalent case/incident/ticket is created and linked in End User’s 3rd party case management system that is integrated with SolCyber SOC. Exclusions from coverage under this SLA:  Suspicious Entities generated by one or more newly published Detection rules are excluded from this SLA until 7 days after the rule is published in SolCyber SOC (“Rule Probationary Period”). During the Rule Probationary Period, Suspicious Entities generated by newly published rules will still be monitored, triaged and investigated.  Suspicious Entities generated by any End User rules created by End User in SolCyber SOC  Suspicious Entities discovered during any Rule Probationary Period by newly developed rules and analytical models that are triggered by retroactive scans of existing logs as far back as 31 days.  During the onboarding period following Service Activation (the “Service Adjustment Period”), SLAs will not apply. The End User will receive a notification regarding the transition to maintenance upon the completion of the onboarding period, at which point SLAs will apply.  Should a log collector fail, SLAs will not apply during the period when the collector is unavailable.  SLAs do not apply during maintenance windows or in the event of any End Usercaused service outage that prohibits or otherwise limits SolCyber from providing the Service, including, but not limited to, End User misconduct, Custom rule execution that results in Downtime for SolCyber SOC, negligence, inaccurate or incomplete information, and modifications made to the Service, hardware, or software by End Users, their employees or third parties acting on behalf of End User. Maintenance windows (“Planned Maintenance Windows”) for SolCyber SOC will be limited to a maximum of four hours per week (7-day period) unless communicated in writing by SolCyber. Exhibit A - Foundational Services

 SLAs do not apply in the event End User does not fulfil and comply with responsibilities and conditions set forth in this Foundational Services SOW. The End User will be eligible for a certain amount of credits determined by Reseller per User of Foundational Service for each violation of SLA 2, 3 or 4. End User will be eligible to receive the financial credits described below if SolCyber AEP SLA’s fall below the Target Uptimes specified: SLA Item What It Is Target Uptime

5 Security Portal & API Percent of hours in a 99.95%

Availability rolling 12-month period

6 Security Service Percent of hours in a 99.95%

Availability rolling 12-month period that the security service is operational The following definitions apply to this SLA:  Measurement of the above SLAs will occur on a rolling 12-month basis, at the end of each calendar month.  “Uptime” availability will be measured as the aggregate number of minutes during a year in which the AEP Service was available divided by the total number of minutes in the year (calculated as 365 days x 24 hours x 60 minutes) excluding periods of Planned Maintenance (Excused Downtime).  “Planned Maintenance” will not count against Uptime and means any unavailability, suspension or termination to the extent caused by: (i) factors outside of SolCyber’s reasonable control, including any force majeure event or Internet access or related problems beyond the demarcation point of SolCyber; (ii) any actions or inactions of End User or any third party; (iii) SolCyber’s suspension and/or termination of End User’s right to use the AEP Service; (iv) any planned downtime or maintenance that SolCyber or its authorized service providers performs on the AEP Service, provided that (a) End User is notified at least seven days in advance or (b) End User has agreed to the date and time of such non-emergency maintenance; or (v) any periods of shutdown necessitated by emergency maintenance. The End User will be eligible for a certain amount of credits as determined by Reseller per User of Foundational Service for each 24-hour period the service is unavailable. Exhibit A - Foundational Services

SLA Item What It Is Response Time Target

7 Mean Time to SolCyber will respond Within 4 hours from

Respond – Quarantine to quarantined email receiving an approved Email SLA release request from request the End User (soc@solcyber.com or a ticket request) submitted to the SOC. 8 “Mean Time to SolCyber will respond Within 4 hours from Respond – EDR to troubleshoot receiving an approved Troubleshooting” request from the End request User for the endpoint (soc@solcyber.com or a protection and ticket request) submitted endpoint detection to the SOC. and response technology 9 “Mean Time to SolCyber will respond Within 4 hours from Respond – DNS to troubleshoot receiving an approved Troubleshooting” request from the End request User for the DNS (soc@solcyber.com or a agent. ticket request) submitted to the SOC. 10 “Mean Time to SolCyber will respond Within 4 hours from Respond – VM to troubleshoot receiving an approved Troubleshooting” request from the End request User for the VM agent. (soc@solcyber.com or a ticket request) submitted to the SOC. The End User will be eligible for a certain amount of credits as determined by Reseller per User of Foundational Service for each violation of SLA 7 or 8. Claim For Credit:  End User must submit a Credit request to SolCyber within 30 days of the end of the calendar month in which SolCyber fails to meet the standards provided in this Section.  Said Credit request needs to include details and dates of the relevant anomalies and End User must cooperate with SolCyber’s investigation of the Credit request as may be necessary and reasonably requested by SolCyber. Exhibit A - Foundational Services

 End User must accrue a minimum amount of $100 in Credit before SolCyber will credit back any amounts, and Credits may not be used to set off any outstanding invoices or payments due at the time of request. The parties agree that the above Credits constitute compensation to End User in the form of a credit to the End User’s next invoice or a future invoice, and not a penalty. The parties acknowledge and agree that i) End User's harm caused by SolCyber delayed delivery of the Services would be impossible or very difficult to accurately estimate as of the Effective Date, ii) the Financial Credit amounts set forth above are a reasonable estimate of the anticipated or actual harm that might arise from SolCyber’s breach of its Service availability obligations; and iii) SolCyber’s payment or credit of these amounts constitute SolCyber’s sole liability and entire obligation and End User's exclusive remedy for SolCyber’s breach of its Service availability obligations.

II PRICING & PAYMENT TERMS

While the End User’s actual consumption may be measured to be less than what is invoiced for any month, the End User acknowledges and agrees that it is paying for a fixed consumption of resources provided by SolCyber, and there will not be any credit provided for such difference. Further, End User agrees it may be charged a certain amount by Reseller for excess consumption of the Services as permitted herein. A “User” is defined as a person in the End User's organization with an individually assigned email address and with a device that is applicable for Endpoint service. A ”Non-endpoint User” is defined as a person in the End User's organization with an individually assigned email address and without a device that is applicable for Endpoint or ADP service. If End User exceeds 5% more Non-Endpoint Users than licensed, the End User will be responsible for the difference in Non-endpoint User licenses the following month for a certain dollar amount charged by Reseller per Non-endpoint User or as otherwise stated in the applicable order form. The Monthly Fixed Fee for Foundational Service allows for the End User to use up to an additional 25% more Endpoints if users have more than one device. This applies to both Endpoint, VM and DNS Services. “Endpoint” is defined to include any host machine running a support version of Linux, Windows, or MacOS operating systems to include servers, virtual servers, user workstations, and laptops. If End User exceeds said licenses, the End User will be invoiced for the difference in Endpoint licenses the following month for a certain amount charged by Reseller per Endpoint or as otherwise stated in the applicable order form. Exhibit A - Foundational Services

End Users can purchase additional Log Collection Devices at a certain amount set by Reseller per device as needed to support log collection. The commencement date for each component of the Foundational Services may differ from one another and from the Effective Date of the Foundational Services SOW. Notwithstanding these differences in commencement dates, there shall be no credit or refund provided for any month with one or more elements of services not yet transitioned.

2 Expenses:

The fees noted in Section II, Item 1 do not include any travel or other costs directly authorized by the End User in advance in connection with the provision of services under this Foundational Services SOW. Should the End User authorize SolCyber in writing to incur such additional travel or other costs, then SolCyber shall include in the next monthly invoice such costs following their in Exhibit A - Foundational Services

Exhibit B, Statement of Work, SolCyber Security Logs Add-on Service This Statement of Work (“Security Logs Add-on Service SOW”) is made by and between SolCyber Managed Security Services, Inc., a Delaware corporation, with offices at 3090 Nowitzki Way, Suite 300, Dallas, TX 75219 ("SolCyber"), and the End User executing an order form with SolCyber as of the date of such order form (the “Effective Date”). This Security Logs Add-on Service SOW is entered into in connection with the Terms of Service accepted by End User pursuant to an applicable order form (the “Terms of Service”). This Security Logs Add-on Service SOW forms a part of and incorporates by reference all terms of the Terms of Service and all amendments thereto. Capitalized terms used but not defined in this Security Logs Add-on Service SOW have the same meanings as provided in the Terms of Service. In addition, “you” and “your” as used in this document refer to End User, and “we,” “us,” and “our” refer to SolCyber. SolCyber and End User agree as follows:

I Scope and Description of Services

1 Scope of Services

The SolCyber Security Logs Add-on Service (“Security Logs Service”) provides security monitoring for the supported logging technologies. Security Logs Service is an Extended Service and can only be purchased if the End User is using Foundational Service. Coverage: Monitoring of logs from technologies in the SolCyber Supported Products List (“SPL”) for Security Logs Service are included in the coverage for SolCyber’s 24/7 Monitoring Service (“Monitoring Service”).

2 Term.

This Security Logs Add-on Service SOW shall commence on the Effective Date and continue for the term set forth in the applicable order form unless and until either Party gives notice of termination, as provided for in the Terms of Service.

3 Assumptions

Our pricing assumes that the End User does not require protection for excessive non-user email addresses, or excessive domains. If there are requirements above a “normal” level of protection, then SolCyber reserves the right to adjust its price, or not cover such addresses or domains. Further, End User agrees that it is responsible for providing all reasonable cooperation and assistance, including timely performance of required tasks identified in the Program Plan. SolCyber will work with End User to monitor delays in the Program Plan and work together to mitigate risks. In no event shall SolCyber be responsible or liable for any delay or failure of performance caused in whole or in part by End User’s delay in performing, or failure to perform, any of its obligations under the Terms of Service (including in any Program Plan). Exhibit B, Security Logs Add-on Service

II PRICING & PAYMENT TERMS

1 Fees:

While the End User’s actual consumption may be measured to be less than what is invoiced for any month, the End User acknowledges and agrees that it is paying for a fixed consumption of resources provided by SolCyber, and there will not be any credit provided for such difference. Further, End User agrees it may be charged a certain amount by Reseller for excess consumption of the Services as permitted herein. The Security Logs Service provides the End User can utilize 50 Events Per Second ("EPS") for every bucket of Security Logs Service purchased, or "EPS Bucket". If the End User’s total EPS utilized at the end of each calendar month should exceed the total included number of EPS (number of buckets times 50), an adjustment may be proposed, to increase the EPS Bucket quantity to invoice for additional capacity. End Users can purchase additional Log Collection Devices as needed to support log collection. There shall be no credit or refund provided for any month with one or more elements of services not yet transitioned.

2 Expenses:

The fees and rates noted in Section II, Item 1 do not include any travel or other costs directly authorized by the End User in advance in connection with the provision of services under this Security Logs Add-on Service SOW. Should the End User authorize SolCyber in writing to incur such additional travel or other costs, then End User shall be responsible for such costs in the next monthly invoice such costs following their incurrence. Exhibit B, Security Logs Add-on Service