This Service Description describes the Sophos Incident Response Retainer Service (“Service”). All capitalized terms in this Service Description have the meaning ascribed to them in the Agreement (defined below) or in the Definitions section below.
This Service Description is part of and incorporated into, as applicable: (i) Customer’s or Managed Service Provider’s manually or digitally‐signed agreement with Sophos covering the purchase of a Service subscription; (ii) Managed Service Provider’s manually or digitally-signed agreement(s) with Sophos covering its purchase of Offerings of which the Service is a part; or (iii) if no such signed agreement exists, then this Service Description will be governed by the terms of the Sophos End User Terms of Use posted at https://www.sophos.com/legal (collectively referred to as the “Agreement”). To the extent there is a conflict between the terms and conditions of the Agreement and this Service Description, the terms and conditions of this Service Description will take precedence.
Notwithstanding anything to the contrary in the Agreement, Customer/MSP acknowledges and agrees that: (i) Sophos may modify or update the Service from time to time without materially reducing or degrading its overall functionality; and (ii) Sophos may modify or update this Service Description at any time to accurately reflect the Service being provided, and any updated Service Description will become effective upon posting to https://www.sophos.com/legal.
I. DEFINITIONS.
Capitalized terms used in this Service Description, and not otherwise defined in the Agreement, have the meaning given below:
“Approved Device” is any physical or virtual endpoint device or server system that is owned or controlled by Customer/MSP and for which permission is granted to Sophos to perform a Vulnerability Scan.
“Health” is the state of configurations and settings for a Managed Endpoint that affect the efficacy of the security of that Managed Endpoint.
“Health Check” is the act of reviewing Health to identify configurations and settings that may impact the efficacy of the security of a Managed Endpoint.
“Incident” is a suspected or confirmed compromise or unauthorized access of system(s) that poses an imminent threat to Customer/MSP assets, which may include interactive attackers, data encryption or destruction, and exfiltration.
“Managed Endpoint(s)” is any physical or virtual endpoint device or a server system where Sophos Intercept X Advanced with XDR is installed and visible in the Sophos Central console.
“Vulnerability Scan” is a function performed on Approved Devices, which are conducted in order to provide data to Customer regarding the security of such Approved Devices.
II. SCOPE OF SERVICE
The Service allows Customers/MSPs to engage Sophos during an Incident and entitles Customer/MSP to a predefined discount towards the purchase of Sophos Rapid Response services during the Subscription Term.
The Service consists of activities described below:
Onboarding
1.1 Customer/MSP will receive an email confirming their enrollment in the Service after purchase which will include: all relevant information and documentation regarding the Service and instructions for how to access the Service and its components.
1.2 Customer/MSP must provide all requested information and perform all Customer/MSP obligations set forth below to receive full benefit of the Service.
Incident Support
2.1 In the event the Customer/MSP believes they have experienced an Incident and desires to engage Sophos for Rapid Response during the Subscription Term, Customer/MSP must provide a written request for Rapid Response engagement (“Engagement Request”) by emailing Sophos at rapidresponse@sophos.com. Sophos will respond to the Customer/MSP via email or phone call within four (4) hours of its receipt of the Engagement Request.
2.2 Customer/MSP may also contact Sophos at the phone number(s) published at https://www.sophos.com/en-us/products/managed-detection-and-response/rapid-response, in which case, Sophos’ response time may exceed four (4) hours from Customer’s/MSP’s initial contact to Sophos.
2.3 Sophos will quote Rapid Response to Customer’s/MSP’s chosen Partner reflecting the applicable predefined discount.
2.4 If the Customer/MSP purchases Rapid Response for the Incident, Sophos’s provision of Rapid Response will be subject to the Rapid Response Service Description.
Vulnerability Scan
3.1 During the Subscription Term, Customer/MSP may perform the one-time Vulnerability Scan on the maximum number of external IP addresses of the Approved Devices applicable under the SKU-tier purchased by the Customer/MSP. Customers/MSPs will be provided with the report containing results of the Vulnerability Scan.
3.2 Customer/MSP represents that they have necessary permissions to perform the Vulnerability Scan on all Approved Devices.
3.3 Customer/MSP acknowledges and agrees that while Sophos employs industry-standard technologies and methodologies for conducting Vulnerability Scans, these scans may at times yield false positives or negatives. Furthermore, Customer/MSP acknowledges and agrees that Sophos does not guarantee that Vulnerability Scans provide a complete and accurate picture of Customer’s or a Beneficiary’s security flaws, and Customer/MSP agrees not to rely solely on such Vulnerability Scans in developing its security strategy. Sophos is not liable for any errors, omissions, or inaccuracies in the Vulnerability Scan outcomes.
Health Check
4.1 Sophos will run a Health Check on all Managed Endpoints.
4.2 Customer/MSP will be notified of any configurations that could diminish the Customer’s/MSP’s/Beneficiary’s security posture along with the required steps to remediate the issues identified by the Health Check.
Threat Intelligence Webinar. Sophos will provide Customer/MSP with access to the Sophos MDR ThreatCast webinar. During the webinar, Sophos will provide Customers/MSPs insight into observed global threat activity, the actions Sophos has taken for such threat activity and discuss the broader threat landscape.
III. CUSTOMER/MSP RESPONSIBILITIES.
Customer/MSP acknowledges and agrees that, in addition to the actions required of the Customer/MSP in Article I above, Customer/MSP must take the following actions to facilitate and enable delivery of the Service, and Sophos shall have no liability for any degraded, incomplete, or failed Service delivery which may result from Customer’s/MSP’s failure to take the required actions. Failure to complete the required actions after written notice from Sophos shall constitute a material breach by Customer/MSP of the Agreement.
Onboarding. Customer/MSP will perform all required activities during the onboarding process.
Customer/MSP Personnel. Customer/MSP must identify an appropriate number of suitably skilled personnel who will work with Sophos during the provision of the Service. Customer/MSP personnel must have the necessary technical and business knowledge and authority to make decisions concerning the Service.
Timely Response. Customer/MSP must promptly acknowledge receipt of Sophos communications in writing and must timely respond to Sophos’s requests.
Actions Outside the Scope of Service. All activities that are not expressly provided in this Service Description are outside of the scope of the Service. Customer/MSP is solely responsible and liable for: (i) taking any actions that are outside of the scope of the Service (e.g., Sophos’s suggestions regarding on-site response; all litigation and e-Discovery support; and collaboration with law enforcement); and (ii) for any actions undertaken by Sophos that are not provided in this Service Description under Customer’s/MSP’s specific direction.
MSP Additional Responsibilities. MSP is solely responsible for ensuring that any Beneficiary for which MSP performs this Service has agreed to accept all risks described in this Service Description or otherwise inherent in the Service. MSP will indemnify and hold Sophos harmless for any claim brought against Sophos by a Beneficiary if such claim results, in whole or in part, from MSP’s failure to fully perform its obligations under this Service Description or the Agreement with respect to the Service.
IV. ADDITIONAL TERMS.
Service Exclusion. Customer/MSP agrees and acknowledges that Sophos will not be liable or be considered in breach of this Service Description or the Agreement: (i) due to any delay or failure to perform its obligations hereunder as a result of industry or infrastructure wide ransomware, cyberwarfare or other cyberattacks that causes Sophos to be unable to provide resources to address an Incident in a timely manner; (ii) due to unforeseen circumstances or to causes beyond Sophos reasonable control including but not limited war, strike, riot, crime, acts of God, or shortage of resources; (iii) due to legal prohibition, including but not limited to, passing of a statute, decree, regulation, or order; (iv) during any period of Service suspension by Sophos in accordance with the terms of the Agreement; (v) if Customer/MSP is in breach of the Agreement (including without limitation if Customer/MSP has any overdue invoices); or (vi) during any scheduled maintenance windows.
Service Capabilities. Customer/MSP agrees and acknowledges while Sophos has implemented commercially reasonable technologies and process as part of the Service, Sophos makes no guarantee that the Service will detect, prevent, or mitigate all Incidents. Customer/MSP agrees not to represent to anyone that Sophos has provided such a guarantee or warranty.
Revision Date: April 1, 2024