ACCENTURE INCIDENT RESPONSE SERVICES RETAINER

ACCENTURE INCIDENT RESPONSE SERVICES RETAINER Revision Date: November 2023

This Service Description, together with any documents incorporated by reference ("Service Description") describes the service features and terms for Accenture's Incident Response Services Retainer (the "Services"). In order to purchase Incident Response Retainer Services, Client must enter into a separate order confirmation, statement of work, or similar document to confirm the details and pricing for the Service ("Order Confirmation").

1. SERVICE SCOPE

1.1. Incident Response Retainer

Client Authorized Personnel (defined below) will have access to a 24/7 hotline to contact Accenture to request incident response and security investigation services ("Services"). Accenture will respond in accordance with the service level agreements ("SLAs") set forth below. The Order Confirmation details the countries in scope for support, the initial Client Authorized Personnel, the fees for the Services (including the prepaid amount and the applicable time and materials rates), the term of the retainer ("Term"), and any other Service specific parameters not otherwise addressed below.

1.2. Requesting Services Under the Retainer

To request Services in connection with a security incident, Client Authorized Personnel will contact Accenture via the hotline. Accenture will then schedule an initial triage call to gather information and discuss next steps. Following the call, Accenture will document the agreed plan and provide it to Client Authorized Personnel for confirmation (via email confirmation or, if preferred, a signed work order, each a "Work Order") prior to commencing work.

1.3. Scope of Incident Response Services

Accenture will use different strategies and methodologies to complete the Services depending on the nature of the incident. Accenture will consult with Client Authorized Personnel at the outset of the investigation to identify initial objectives and regularly thereafter throughout the engagement to discuss updates to those objectives and other investigation decisions. Client will make any material decisions on investigation strategy. Accenture's Services may include Accenture conducting the activities below, however Client acknowledges and agrees that in providing the Services, Accenture may modify its approach as appropriate to assist Client in investigating a potential security incident:

? Analysis of pertinent data, logs, snapshots, or forensics images ? Operation of tools to collect network or log data ? Malware / binary analysis ? Client security team discussions ? Incident timeline analysis ? Post-incident briefing for executives and stakeholders

To the extent that an incident involves or impacts Client's OT Environment (as defined below) and/or the systems (including Industrial Control Systems, or "ICS") that reside within that environment, Accenture's Services may also include remote or on-site observation, investigation and/or analysis of, or interaction with, OT Environments or assets as part of the investigation and response. All activities with respect to OT Environment and/or ICS will be conducted in accordance with, and subject to, the terms attached as Exhibit 2 to this Service Description.

1.4. Written Reports and Presentations

In connection with an incident investigation, if and as requested by Client or Client's legal counsel, Accenture will deliver one or more of the following documents:

? Periodic Status Report summarizing work done during the period.

? Remediation Plan documenting recommended actions for remediating findings uncovered during the incident investigation.

? Incident Response Report documenting pertinent data uncovered during the incident investigation, identifying systems compromised, and characterizing data breach-related activity and root causes if known.

? Management Briefings summarizing pertinent information for use in briefing senior executive staff or Client board of directors.

ACCENTURE CONFIDENTIAL AND PROPRIETARY

Page 1

Accenture will discuss with Client or Client's legal counsel the proposed content of any documented reports in advance of production or sharing. Such reports typically require up to ten business days for production and review. The reports will be provided to the Client Authorized Personnel and/or Client's legal counsel, as applicable, and Accenture will not be required to provide reports or documentation (or copies of them) to any other party or individual.

During the Term, Accenture may provide threat intelligence information and research that has been collected, obtained, and/or analyzed by Accenture ("Threat Intelligence"), either during the course of Services or outside of the Services. All such Threat Intelligence constitutes Accenture intellectual property and Confidential Information.

1.5. IR Consulting Services

If the Retainer Fee is not exhausted during the applicable Term, Client may request to use remaining amounts to purchase IR-related consulting services from Accenture, such as (but not limited to):

? Incident Response Readiness Assessment Services

? Incident Response Plan Assessment Services

? Incident Response Plan and Playbook Development Services

? Incident Response Tabletop Exercises

Such consulting services will not include technical assessment services, including adversary simulation or penetration testing, as such service would need to be provided under a separate arrangement.

Delivery of any such consulting services are subject to mutual agreement of the Parties with respect to the scope of services and timing of delivery. Accenture will provide Client with a corresponding Work Order describing the agreed services, and Client must sign and return the Work Order to Accenture prior to the commencement of any such service. The Service Level Agreements shall not apply to IR Consulting Services.

1.6. Out of Scope

Accenture will perform the Services in a good and workmanlike manner; however, nothing in the Agreement serves as a guarantee that the Services will detect or identify all security or network threats, vulnerabilities or intrusions, decrypt or recover data, restore operations or return control of Client Property (as defined below) where unauthorized access or control has occurred. Applicable law or regulation(s) of the country in which Services will be performed may limit or alter the scope of the Services that can be provided in that country, in which case the parties will work collaboratively to determine the best course of action.

The following are not in scope for the Services:

? Expert testimony or litigation assistance or support services.

? Provision of any regulated service or activities. Accenture is not licensed or certified in any country, state, or province as a private investigator, legal advisor, auditor or licensed or certified engineer and is not being retained to provide investigatory services, legal advice, audit or internal control advisory services or engineering services that would require a license or certification.

? Implementation of any remediation plan and post implementation monitoring of systems and networks is out of scope of these Services; however, Client can contract for such support separately.

2. HARDWARE AND SOFTWARE

2.1. Hardware; Software.

If the Parties jointly determine that the installation of hardware and/or software will be necessary to gain additional visibility into Client's systems, networks, facilities, or equipment, Accenture will work with Client to install servers on Client's network and/or will set up capacity in Accenture or its vendor's cloud-based environment and connect to Client's network to collect endpoint, network, and log data, and will provide Client with the hardware and software components required to be installed on Client's network and endpoint devices. Any hardware or software provided by Accenture for installation on Client's Property ("Accenture Tools") remains the property of Accenture or its licensors and is subject to the additional terms set forth in Exhibit 1.

ACCENTURE CONFIDENTIAL AND PROPRIETARY

Page 2

Client will:

? Obtain any certificates (or modify any certificates) required to enable installation of the devices or software on any network, device or endpoint.

? Perform testing on each of Client's classes of devices to determine and/or confirm that the software agents do not affect safety, reliability, or availability of the devices.

? Install the software agents on the agreed upon number of Client's endpoint devices and network in accordance with Accenture's instructions.

? Ensure that Client or Client's personnel and contractors do not interfere with or damage any hardware or software installed on Client's network or endpoint devices for purposes of the Services, or otherwise attempt to compromise such hardware or software.

Client shall cooperate with Accenture to remove, or upon request of Accenture,Client will promptly return, any of Accenture's physical devices installed on Cient's premises, systems or networks and confirm removal of any Accenture software from Client's devices. This includes removal from devices not connected to Client's network at the conclusion of the Services and therefore not subject to a bulk removal activity by Accenture.

3. CLIENT RESPONSIBILITIES

3.1. Client Property, Systems, Materials

a) Client will ensure the availability of Client resources as necessary for Accenture's performance of the Services, including the timely provision of information, access to systems, delivery of systems and logs, "out of band" communications systems, forensic imaging, data restoration, and backup of Client's systems (unless Accenture has agreed to perform or provide any of these resources). If Accenture is required to use Client's tools during an engagement, Client will enable Accenture to with appropriate access to such tools, including any necessary licenses.

b) Client will procure any applicable consents and authorizations that may be necessary under law or Client's agreements with third parties for Accenture to perform the Services (onsite or remotely, as applicable). In particular, unauthorized access to computer systems or data, or intrusion into hosts and network access points, may be prohibited by applicable law if not properly authorized by the system or data owners. Such consents and authorizations must allow Accenture to take all actions necessary to access and process any and all Client Property related to the Services, including without limitation, if applicable, consent to connect to Client's computer network, install software and/or hardware, collect and analyze host and network based data such as memory, disk, logs, data, and historic or real time network traffic as well as any malware ("Forensics Data"), and archive, analyze, and retain all Forensics Data captured or obtained as part of Services. Client is solely responsible for providing instructions or obtaining any necessary consents for Accenture to provide the Services in compliance with laws, including without limitation, any laws relating to network integrity or security or to data privacy or data protection. If Client fails to obtain any such consents, Client agrees to be solely and fully responsible for any related claims or liabilities (notwithstanding any contrary terms in the Agreement).

c) Client will work with Accenture to help reduce the risk of damage to Client Property or impact to Client's operations resulting from incident investigation activities. There is inherent risk in incident response activities, which may lead to operational degradation, performance impact, incidents of non-compliance with internal policies or industry standards, or other impairment to Client Property, or downstream effects. As long as Accenture is using reasonable care in the performance of Services, Accenture will not be liable for any such damage or impacts arising out of the Services.

d) Client will notify Accenture of any applicable export control requirements related to Client Property and obtain any required licenses with respect to the export of any such Client Property in connection with the Services.

e) Client will make any decisions required of Client promptly and without delay and Accenture shall be entitled to rely on all decisions and approvals from Client's Authorized Personnel.

f) Where applicable, Client will provide support for Accenture to obtain any required visas and/or travel authorizations.

ACCENTURE CONFIDENTIAL AND PROPRIETARY

Page 3

4. SERVICE LEVELS

The applicable Services Levels will be as described in the Order Confirmation.

In the event of a systemic cyber event that impacts more than five organizations or businesses within a 48 hour period (for example a widespread malware outbreak or a distributed denial of service attack that impacts multiple organizations or geographic regions), Accenture will not be able to provide dedicated on-site IR support to all retained clients. In such event, Accenture will make reasonable efforts to provide remote centrally-coordinated support across multiple clients, where logistically possible either via technical remote access or simply via telephone communication, and any on-site support SLA shall not apply.

Accenture will not be responsible for any delay or inability to perform Services (including meeting the SLAs) in whole or in part: (i) due to unforeseen circumstances or to causes beyond Accenture's reasonable control including but not limited to war, strike, riot, crime, government travel restrictions, acts of God, or shortages of resources; (ii) legal prohibition, including but not limited to, passing of a statute, decree, regulation or order; (iii) during any period of suspension of Service by Accenture in accordance with the terms of the Agreement; (iv) where Client is in breach of the Agreement; or (v) if Accenture resources are required to obtain visas prior to performing work in Client's country.

5. SERVICE SPECIFIC TERMS

5.1. Legal Privilege. If any of Accenture's Services under this Agreement are requested by Client's legal counsel for the purpose of providing legal advice to Client, the parties will note such requirement in the applicable Work Order. In such case, Accenture will provide those Services solely under the direction and control of Client's legal counsel listed in the applicable Work Order. In such case, all information requested or obtained by Accenture from Client or prepared for Client under such Work Order will be deemed to be requested or obtained by Client's legal counsel for the purpose of it providing legal advice to Client. Accenture will use its best efforts to adhere to Client"s legal counsel instructions regarding: (a) Marking documents selected and identified by Client's legal counsel as "Attorney Client Privileged"; and (b) Communicating information Client's legal counsel deems Attorney Client Privileged, including limiting recipients and utilizing requested markings. Accenture will provide results of such Services and any related findings or reports to Client's legal counsel, or its designee, as instructed by Client's legal counsel.

5.2. Conflict of Interest. Client acknowledges that Accenture may be providing separate services to Client that may in some way relate to an incident investigation performed under this Agreement. Provided that Accenture implements reasonable procedures to mitigate any potential conflict of interest, Client will not make claims against Accenture on the basis of conflict of interest.

5.3. Reporting. While delivering the Services, we may become aware of issues such as data breaches, network intrusions, or the presence of malware, and that such issues may give rise to regulatory reporting obligations which Client may be subject to in one of more territories in which Client operates. Client will remain solely responsible for all such reporting requirements and Accenture shall not have an obligation to report unless applicable legal or regulatory obligations require Accenture to do so. If Accenture is required to report any Client information to law enforcement or regulatory authorities, Accenture will use reasonable endeavors to notify Client in advance of responding to any such requirements and, if possible, will allow Client the opportunity to raise an objection with such authorities. Subject to the foregoing, notwithstanding anything to the contrary in the Agreement, Client hereby gives Accenture explicit permission to comply with requirements of law enforcement authorities or regulatory authorities in connection with the Services.

5.4. Metadata. Accenture may retain and use for its business purposes any indicators of compromise, malware, anomalies, or other metadata found as part of, or related to, the performance of the Services ("Metadata"). Accenture may analyze, copy, store, and use such Metadata in a de-identified manner to improve its offerings and services, including for purposes of developing threat intelligence resources aimed at improving security.

5.5. Third Party Claims. The Services are provided for Client (and, if applicable, its legal counsel), and not for the benefit of any third parties. If a third party includes Accenture on any lawsuit or similar claim related to a Client security incident for which Accenture provided Services hereunder, Client will defend and hold harmless Accenture against such claims, including any related costs and liabilities.

ACCENTURE CONFIDENTIAL AND PROPRIETARY

Page 4

5.6. Termination of an Incident Investigation. Notwithstanding anything in the Agreement to the contrary, either party can terminate any incident investigation (but not this Agreement in whole) by providing five (5) days' notice to the other party hereunder.

6. CLIENT PERSONAL DATA

The Services may necessitate Accenture gaining incidental access to and processing Client Personal Data, as it might be included in Forensics Data, on behalf of the Client. Annex A describes the Parties' responsibilities with respect to the processing of Client Personal Data as part of the Services .

7. DEFINITIONS

Capitalized terms used in this Service Description, and not otherwise defined in the Agreement, have the meaning given below:

"Accenture" means the Accenture entity named in the Order Confirmation and/or its affiliates.

"Agreement" means collectively the Work Order, the Order Confirmation, this Service Description, and the Terms and Conditions (as defined below) in that order of precedence.

"Client" shall mean the Client identified in the Order Confirmation.

"Client Authorized Personnel" means the Client contact(s) who are authorized by Client to invoke the Services, as initially set forth in the Order Confirmation or as may be updated by Client by providing written notice to Accenture from time to time, or, for purposes of an incident investigation, such other Client contacts who may be listed in an individual Work Order for that incident investigation.

"Client Personal Data" means Client-owned or controlled personal data provided by or on behalf of Client to Accenture or an Accenture Affiliate or subcontractor for processing in connection with the Services.

"Client Property" means computer systems; servers; technology infrastructures; telecommunications or electronic communications systems and associated communications; confidential information; data (including Client Personal Data, employee identification, authentication or credential data user details and other sensitive information); assets; devices; intellectual property; and/or physical premises, that are used by the Client, its employees, clients, or suppliers, whether owned or otherwise controlled by the Client or owned by a third party.

"Industrial Control Systems" or "ICS" means the hardware and software dedicated to detecting or causing changes in physical processes through direct monitoring and/or assisted or automated control of physical assets or devices, such as motors, valves, pumps and other electronic actuators.

"OT Environments" include, without limitation, the hardware and software for the mechanical systems, physical processes and networked electronic systems with automation or control capabilities involved in the operation, production or delivery of goods and services.

"Terms and Conditions" means the terms and conditions published by Accenture at (or succesor URL), unless otherwise specified in the Order Confirmation.

"Work Order" means the form Accenture provides to Client pursuant to which Client authorizes and acknowledges the location, contact information, IR Consulting services and/or estimated effort and/or other details for Incident Investigation(s).

ACCENTURE CONFIDENTIAL AND PROPRIETARY

Page 5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download