CIRA XDR – Terms and Conditions

If Customer has purchased a subscription to the CIRA XDR Service (the “CIRA XDR Service”), then these CIRA XDR Service terms and conditions (the “CIRA XDR Terms and Conditions”) supplement the provisions of, and are made part of, the Agreement and govern the provision and use of the CIRA XDR Service purchased by Customer from CIRA as defined in the Order Form. Capitalized terms that are not defined in these XDR Terms and Conditions have the same meaning as provided elsewhere in the Agreement.

1. Customer account information

Customer shall be provided with account credentials as part of using the CIRA XDR Service. Customer is solely responsible for maintaining the confidentiality of administrator and User (as defined below) login identifications, passwords, and account information. Customer shall be responsible for (i) Customer’s and all Users’ compliance with these XDR Terms and Conditions; (ii) the accuracy, quality, integrity and legality of Customer Data (as defined below) and of the means by which Customer acquired Customer Data; (iii) restraining access to the CIRA XDR Service only to Users; (iv) using the CIRA XDR Service only in accordance with the materials regarding the proper installation and use of the CIRA XDR Service; and (v) using the CIRA XDR Service in compliance with CIRA’s Acceptable Use Policy  set out herein.  

2. Customer Data

“Customer Data” means the data inputted or generated by Customer or the individuals who are authorized by Customer to use the CIRA XDR Service (“Users”) as part of using the CIRA XDR Service.

All rights, title and interest in and to Customer Data are and shall remain the property of Customer and Customer hereby grants to CIRA, any necessary rights and licenses to use Customer Data in order to provide the CIRA XDR Service to Customer and the Users, and to access the CIRA XDR Service to monitor and diagnose performance issues and to improve the CIRA XDR Service. Additionally, Customer agrees that CIRA may use the Customer Data to collect, develop, create, extract or otherwise generate statistics and other information and to otherwise compile, synthesize and analyze blind data, namely, non-personally identifiable system information resulting from Users’ access and use of the CIRA XDR Service, and representing statistics, characteristics and metrics about usage, size and performance, and representing statistics, characteristics and metrics about usage, size and performance, excluding actual Customer/User specific data values.

3. Acceptable Use

Customer represents, warrants and covenants that it will not use, or allow use of the CIRA XDR Service in a manner that is prohibited by any law or regulation, including the “Acceptable Use” policy set out in Section 3 of these CIRA XDR Terms and Conditions. 

Customer agrees to, and shall cause its end users to, use the CIRA XDR Service for lawful purposes only. Customer agrees to, and shall cause its end users to, agree, not use the CIRA XDR  Service for any of the following impermissible purposes (“Abuses”): (a) use of the CIRA XDR Service in a manner that is prohibited by any applicable law or regulation; (b) use of the CIRA XDR Service in a manner that violates the rights of any third party (including but not limited to intellectual property rights); (c) use of the CIRA XDR Service for any invasive, infringing, defamatory or unlawful purpose; or (d) use of the CIRA XDR Service in a manner that, in CIRA’s reasonable discretion, directly or indirectly, produces a negative effect on CIRA’s systems or network (including, without limitation, overloading servers on the CIRA network or causing portions of the CIRA network to be blocked). 

4. Service Levels

The XDR Service Level Agreement attached as Schedule “A” shall form part of these XDR Terms and Conditions.

5. Third Party Products

If Customer decides to send any Customer Data to any third party or otherwise enable, access or use Third-Party Products, including Third-Party Products that integrate directly to Customer’s instance of the Application, CIRA does not warrant, and this Agreement does not cover, such Third-Party Products even if CIRA designates them as certified, approved, or recommended. Customer’s access to and use of such Third-Party Products is governed by the terms of such Third-Party Products, and CIRA does not endorse, is not responsible or liable for, and makes no representations as to any aspect of such Third-Party Products, including, without limitation, their content or the manner in which they handle data or any interaction between Customer and the provider of such Third-Party Products, or any damage or loss caused or alleged to be caused by or in connection with Customer’s enablement, access, or use of any such Third-Party Products. Customer may be required to register for or log into such Third-Party Products on their respective websites. By enabling any Third-Party Products, Customer expressly permits CIRA to disclose Customer’s login and Customer Data to such Third-Party Products as necessary to facilitate Customer’s enablement and use of such Third-Party Products.

6. Third Party Service

If Customer enters into an agreement with a third party for a Third-Party Service, then Customer may allow such Third-Party Service to use the Application provided that (i) as between the Parties, Customer remains responsible for compliance with this Agreement; (ii) such Third-Party Service only uses the Application for Customer’s purposes that do not violate the License Restrictions and not for the benefit any third party, and agrees to this Agreement in providing services to Customer; and (iii) Customer remains liable to CIRA for the Third-Party Service’s use of and access to the Application on Customer’s behalf.

7. Disclaimer

The CIRA XDR Service is subject to the XDR Service Level Agreement set out in Schedule “A”.  Except for this Service Level Agreement, the CIRA XDR Service is provided hereunder on an “as-is” and “as available” basis and CIRA (i) does not make, and hereby expressly disclaims, any and all warranties, whether express or implied, including but not limited to warranties of merchantability, non-infringement, fitness for a particular purpose, title, quality, accuracy, and any warranties arising from course of dealing, usage, or trade practice; (ii) does not warrant that access to the CIRA XDR Service will be uninterrupted, error-free, or secure, or that any information, software, or other material accessible or provided through the CIRA XDR Service is accurate, complete or free of viruses or other harmful contents or components; (iii) shall in no event be liable to Customer or anyone else for any inaccuracy, error, or omission in, or loss, injury or damage (including loss of data) caused in whole or in part by, or failures, delays, or interruptions of the CIRA XDR Service or any application, documentation; or (iv) shall in no event be liable to Customer or anyone else arising from the loss, breach or disclosure of any Customer Data.

CIRA exercises no control over and expressly disclaims any liability arising out of or based upon the results of Customer’s use of the CIRA XDR Service.

8. Termination

Upon the expiry or termination of Customer’s subscription to the CIRA XDR Service, all Customer Data stored in the applicable CIRA XDR Service shall be destroyed by CIRA in such manner as to render it unrecoverable. In the event Customer requires assistance in exporting Customer Data from the applicable CIRA XDR Service due to the expiration of the Agreement, CIRA may agree to provide Professional Services, so long as Customer notifies this request to CIRA in writing ninety (90) days prior to the expiration or termination of the Agreement.

SCHEDULE “A” – CIRA XDR SERVICE LEVEL AGREEMENT (the “CIRA XDR SLA”)

This Service Level Agreement (“SLA”) defines the service levels that CIRA will endeavor to provide for the maintenance and support of the CIRA XDR Service. Capitalized terms not otherwise defined herein have the meaning ascribed to them in the Agreement and the CIRA XDR Terms and Conditions.

CIRA reserves the right to modify this SLA from time to time.

For the purposes of this SLA: “Application” means the web-based service and analysis servers, search engine and visualization platform provided as part of the Services identified in the Order Form.

“Services” means the Application and maintenance services, collectively.

1. Support and Maintenance Services

CIRA will make commercially reasonable efforts to provide the following to Customer:

1.1 Technical Support. Assist Customers during Primary Coverage Hours in identifying, analyzing, and resolving any challenges preventing the Application from operating as it was designed.

1.2 Service Management. Client activation, security monitoring, change control, problem management, and escalation procedures.

1.3 Application Administration. Installation and server setup, support, monitoring, response, repair, tuning and capacity planning.

1.4 Data backup and retention. Backups of Customer Data stored within the Application. Customer is responsible for purchase and maintenance of its own equipment, hardware, and access, including but not limited to network and data connection, to establish a connection to the Internet.

1.5 Support Levels. Support and Maintenance services will be provided by CIRA according to the following levels:

• First-level support – CIRA product support team provides first-level support to Customer and is the initial customer interface. A support case is created for each customer reported issue.
• Second-level support – Any customer reported issues that cannot be resolved by first-level support are assigned to second level support. Issues and alerts generated by CIRA’s service monitoring enter the support process at level two.
• Third-Level support – When necessary, issues not resolved by second level support are escalated to third-level support. Third level support consists of high-level subject matter experts that can respond to more complex issues and concerns.

1.6 Primary Coverage Hours. CIRA will provide Support and Maintenance Services during primary coverage hours as set out below, excluding Canadian holidays:

Monday through Friday

08:00 – 20:00 EST

1.7 After-Hours Emergency Support. Customer may raise an after-hours support request by using the Support Form found at https://www.cira.ca/en/xdr-support/. The case severity must be set to Urgent and the Category must be set to XDR. After-hours support is available for Priority 1 and 2 level issues only as set out below.

Urgent in the subject line of any e-mail sent to xdrsupport@cira.ca will also trigger after hours support.

2. Support Service Scope

2.1 Service Availability. CIRA will make commercially reasonable efforts to ensure the web-based Application is capable of being reasonably accessed during the term.

2.2 Availability. CIRA will make commercially reasonable efforts to maintain the following uptime levels for the Application, excluding scheduled downtime for routine maintenance (not to exceed 4 hours a month) and exclusions as set out in this SLA.

Compliance with the Availability SLA will be measured on a calendar month basis.

2.3 Remedies. A failure of the Application to satisfy the uptime levels specified above for any given calendar month will be considered to be a “Service Outage”.

When Customer becomes aware of a Service Outage, Customer shall notify CIRA Customer Support at support@cira.ca within five (5) calendar days.

If CIRA determines in its reasonable commercial judgment that the Service Outage event lasted for more than one (1) minute, but fewer than four (4) consecutive hours during a calendar month, CIRA, upon Customer’s request, will credit Customer’s account for such month the pro-rated charges for one (1) day’s service.

If CIRA determines in its reasonable commercial judgment that the Service Outage event lasted for four (4) or more consecutive hours during any calendar month, CIRA, upon Customer’s request, will credit Customer’s account for such month the pro-rated charges for one week’s service.

In order to qualify for any credit, Customer must have a current and valid subscription for the CIRA XDR Service and must have an account in good standing with CIRA.

Customer’s sole and exclusive remedy, and CIRA’s sole and exclusive liability, in the event CIRA fails to meet the service levels set forth in this CIRA XDR Service, shall be to receive a credit in accordance with the terms of this CIRA XDR SLA.

2.4 Exclusions from Service Availability. The availability of the Application and CIRA’s obligations with respect to the other service measures set forth herein may be subject to limitations, delays, and other problems inherent to the general use of the Internet and other public networks or caused by Customer, Users, or third parties. CIRA is not responsible for any delays or other damage resulting from problems outside of CIRA’s control. However, CIRA is responsible for the conduct of its third-party agents and contractors. Without limiting the foregoing, the following are exceptions to CIRA’s obligations:

• a failure or malfunction resulting from scripts, data, applications, equipment, or services provided and/or performed by Customer;
• outages initiated by CIRA or its third-party suppliers at the request or direction of Customer for maintenance, back up, or other purposes;
• outages occurring as a result of any actions or omissions taken by CIRA or its third-party suppliers at the request or direction of Customer;
• outages resulting from Customer’s equipment and/or third-party equipment not within the sole control of CIRA or CIRA’s agents or contractors;
• events resulting from an interruption or shut down of the Application due to circumstances reasonably believed by CIRA to be a significant threat to the normal operation of the service, the facility from which the service is provided, or access to or integrity of data (e.g., a hacker or a virus attack);
• outages due to system administration, commands, file transfers performed by Customer representatives;
• other activities Customer directs, denial of service attacks, natural disasters, power and other utility outages, internet service outages, changes resulting from government, political, or other regulatory actions or court orders, strikes or labor disputes, acts of civil disobedience, acts of war, or other events caused by circumstances beyond CIRA’s reasonable control;
• Customer’s negligence or breach of its material obligations under this SLA, or agreement between Customer and CIRA; and
• lack of availability or extemporaneous response time of Customer to incidents that require its participation for source identification and/or resolution.

2.5 Issue Resolution. The inability to access the Application as specified above will be considered an Issue if reported by Customer, and will trigger the resolution procedures set out below to be followed by both CIRA and Customer.

2.5.1 Reporting an Issue. Customer may report an Issue through any one of the following ways:  

• Email to xdrsupport@cira.ca
• Support Form found at https://www.cira.ca/en/xdr-support/
• by telephone +1 (877) 860-1411

When reporting an Issue, Customer will include a detailed description of the Issue. Customer will report each Issue encountered by Customer separately.

2.5.2 Issue Classification. When reporting an Issue, the severity of the Issue will be classified based on the impact to Customer’s business operations in accordance with the severity classification table below. To the extent that CIRA disagrees with any Issue classification provided by Customer, CIRA will promptly inform Customer of the revised classification of any Issue and the parties will resolve through good faith negotiations any disagreement regarding classification.

2.6 Service Downtime. Service Downtime is defined as the unavailability of critical XDR functionalities due to system failure.  The following downtime events shall be excluded from the definition of a Service Downtime: 

• Scheduled maintenance with prior notification
• Force majeure events meaning events and conditions caused by acts of war, terrorism, hurricanes, earthquakes, other acts of God or of nature, strikes or other labor disputes, riots or other acts of civil disorder, embargoes, or other causes beyond CIRA’s control.
• Issues caused by third-party dependencies (e.g. cloud provider outages)
• Customer misconfigurations or misuse of the Application

3. Maintenance

CIRA periodically adds, repairs, and upgrades the data center network, hardware, and the Application and shall use commercially reasonable efforts to accomplish this without affecting the Customer’s access to the Application. However, repairs of an emergency or critical nature may result in the Application not being available for the Customer’s usage during the course of such repairs. CIRA reserves the right to take down the server(s) at the data center in order to conduct routine maintenance to both software and hardware according to the following protocols.

4. Limitations of the SLA

The scope of coverage under this SLA expressly excludes the following:

• Maintenance and support for non-production environments and sand boxes
• Data migration
• Training
• Installation, configuration, and technical support for Customer equipment or operating system
• Technical support, consultation, or problem resolution pertaining to software or applications other than those supplied by CIRA
• Resolution of problems resulting from negligence of users of the Application, including specifically incorrect data entry, use of altered data, and failure to use the Application according to documentation
• Support for development other than assistance with development of new rules and decoders, and new dashboards or custom reports
• Any alterations or additions, performed by parties other than CIRA, except for programs using product interfaces provided by CIRA
• Use of the Application on an operating environment other than that for which such the Application was designed, except as expressly prescribed in the documentation
• Professional Services (Consulting Services).