Resilience ARC Addendum

This Resilience Arc Addendum (“Addendum”) sets forth the additional terms and conditions that apply solely to the extent Client elects to use the Resilience Arc Solution made available by the Resilience entity identified in the applicable Software Order Form (“SOF”) . Capitalized terms used but not defined in this Addendum have the meanings set forth in the Master Software as a Service Agreement (“Agreement”).

By executing an SOF that includes the Resilience Arc Solution or references this Addendum, the Client agrees to be bound by the terms herein.  

1. Description of Functionality

The Resilience Arc Solution is part of the Software and provides tools that enable the Client (“Designating Entity” or “Client”) to assess, prioritize, and manage cybersecurity risks associated with other legal entities designated by the Client (each, a “Linked Entity”). The specific scope and features of this functionality will be set forth in the applicable Software Order Form (“SOF”).

2.  Linked Entity Access to Software

a. Access by Linked Entities. Company may, in its sole discretion, grant access to the Software to certain Linked Entities of Client for the purpose of permitting Client to view and access such Linked Entity’s use of the Software. For avoidance of doubt, no Linked Entity shall be deemed a party to the Agreement, and no rights are granted to any Linked Entity under the Agreement. All such access shall be subject to execution of a waiver in a form provided by Company (each, a “Waiver”) that releases and indemnifies Company from any and all claims, liabilities, or damages arising from or related to the Linked Entity’s use of the Software. Company disclaims all responsibility and liability for any such use by Client or Linked Entities, and disclaims all warranties, express or implied, with respect thereto.

b. Suspension or Termination of Access. Company reserves the right to suspend or terminate a Linked Entity’s access to the Software at its sole discretion, including but not limited to instances where the Linked Entity fails to comply with the terms of the applicable Waiver.

3. Designating Entity Authorization and Responsibilities

a. Authority and Consent. Client represents and warrants that it has all rights, consents, and authority necessary to provide Company with information about its Linked Entities, including contact details and other relevant data, and to authorize Company to use such information to deliver the Software to Linked Entities and to contact Linked Entities as necessary, in accordance with the Agreement or applicable SOF. Client further represents that providing such information and authorizations does not violate any confidentiality obligations, contractual restrictions, or applicable laws.

b. Accuracy and Use of Information. Client is solely responsible for the accuracy and completeness of any Linked Entity information it provides or causes to be provided to Company, and for its own evaluation and use of any recommendations, analyses, or other outputs provided through the Software or in connection with the Agreement.  Company shall have no obligation to independently verify the accuracy or completeness of any information provided by or on behalf of a Linked Entity.

4. Linked Entity Responsiveness

Client acknowledges and agrees that Company does not control and is not responsible for the actions or inactions of any Linked Entity, including any failure by a Linked Entity to respond to outreach, access the Software, or otherwise participate in the activities contemplated by the Agreement and applicable Software Order Form. Company has no obligation to notify Client of, or take any action in response to, such Linked Entity failures. Company makes no guarantees regarding Linked Entity cooperation or the completeness, accuracy, or timeliness of information provided by Linked Entities. Company shall have no obligation to enforce the terms of any Waiver, nor shall Company be liable for any disputes, claims, or damages arising between Client and any Linked Entity.

5. Feedback and Intellectual Property

Client acknowledges and agrees that any feedback, suggestions, ideas, or recommendations provided to Company (“Feedback”) may be used by Company without restriction or obligation. For avoidance of doubt, Feedback shall not include any Client Confidential Information, and nothing in this Section shall be construed as granting Company any rights to use or disclose Client Confidential Information except as expressly permitted under the Agreement. Any intellectual property, including inventions, designs, processes, software code, improvements, or other works developed or created by Company that incorporate or result from such Feedback shall be the sole and exclusive property of Company. Client hereby irrevocably assigns all rights, titles, and interests in such developments to Company. Company grants Client a limited, non-exclusive, non-transferable, royalty-free license to use any such developments solely for Client’s internal business purposes during the Term.

6. Limitation of Liability 

The Resilience Arc Solution is designed to support Client’s management of cybersecurity risks associated with its Linked Entities by offering tools, analyses, and related insights derived from available data. While Company endeavors to provide information that is timely, relevant, and useful, the quality and effectiveness of the Resilience Arc Solution may be influenced by factors outside of Company’s control, including the accuracy and completeness of information provided by Client and its Linked Entities.  Due to the nature of cybersecurity risk, no solution can prevent all incidents or anticipate every threat. Given the evolving and unpredictable nature of cybersecurity and third-party risk, Client acknowledges that the Resilience Arc Solution is not intended to guarantee any particular outcome or level of risk reduction. Client is responsible for evaluating and determining how to use the information provided through the Resilience Arc Solution. Except as expressly stated in the Agreement, Company disclaims liability for Client’s use of or reliance on such information.

7. Conflicts

All other terms and conditions of the Agreement apply to the Resilience Arc Solution except to the extent expressly modified by this Addendum. In the event of any conflict between this Addendum and the Agreement, the terms of this Addendum will control solely with respect to the Resilience Arc Solution.