MASTER SERVICES AGREEMENT (MSA)

 

The following terms and conditions govern the relationship between Computer Networks, Inc. and/or Computer Networks of Roanoke, Inc. (“us,” “our,” “we”) hereinafter known as Provider, and you  ______________________________________________________

________________________________________________________________________________________________

_________________________________________________________________________________hereinafter known as Client, and limits our liability for any services or products that we provide to you. Please read these terms carefully and keep a copy for your records.

 

SCOPE; SERVICES

  1. Scope. This master services agreement (this “Agreement”) governs all services that we perform for you, as well as any licenses, services, or products that we sell or re-sell to you (collectively, the “Services”).
  2. Quotes. The specific Services are not detailed in this Agreement. Instead, we provide them upon request or through a written quote, proposal, or similar document (“Quote”). Each Quote may include one or more attached statements of work or service descriptions, with each Quote serving as a Statement of Services (SOS) that defines the scope, pricing, payment terms, and any applicable auto-renewal provisions. By accepting a Quote, you agree to the terms of that Quote, its Statement of Services, and this Agreement. If you do not agree to these terms, do not accept the Quote. Fees under each Quote include a Minimum Monthly Fee (MMF) as defined in the applicable Statement of Services. The SOS governs technical scope, MMF, and device/user adjustments.
  3. Conflict. In the event of any conflict or ambiguity: (a) the Quote controls over both the MSA and SOS regarding commercial terms specific to that transaction (e.g., quantities, pricing, discounts, dates); (b) the SOS controls over the MSA solely for technical scope, service descriptions, SLAs, FUP, exclusions, assumptions, and MMF/device/user adjustment mechanics; and (c) in all other matters, the MSA controls. If the Quote and SOS conflict, the Quote controls.
  4. Governance & Framework Alignment. The parties acknowledge that the Services are designed and delivered using risk-based practices aligned to widely adopted industry frameworks (such as HIPAA, NIST CSF v2.0 and other applicable security standards). These references guide implementation and governance (e.g., supply-chain risk, roles, and accountability) and do not constitute a warranty of regulatory compliance.

 

GENERAL REQUIREMENTS

 

  1. Environment. As used in this Agreement, “Environment” means, collectively, any computer network (cloud-based or otherwise), computer system, peripheral, or device (virtual or physical) acquired, installed, maintained, monitored, or operated by us under a Quote. To avoid a delay or negative impact on our provision of the Services, during the term of the Services we strongly advise you to refrain from modifying or moving the Environment or installing software in the Environment, unless we expressly authorize such activity. In all situations (including those in which we are co-managing an Environment with your internal IT department), we will not be responsible for changes to the Environment that are not authorized by us or issues that arise from those changes.
  2. Written Approval for Environment Changes. Client shall obtain Provider’s prior written approval before implementing any material change to the managed Environment (including infrastructure topology, security controls, identity stores, or routing). Unapproved changes may be excluded from SLAs and are subject to out-of-scope remediation at Provider’s standard rates.
  3. Requirements. Everything in the Environment must be genuine and licensed including all hardware, software, etc. if we ask for proof of authenticity and/or licensing, you must provide us with such proof. If our Services require certain minimum hardware or software requirements as indicated in a Quote or Service Statement (“Minimum Requirements”), you agree to implement and maintain those Minimum Requirements as an ongoing requirement of us providing the Services to you.
  4. Shared Responsibility (Cloud). For SaaS (Software as a Service, Infrastructure as a Service, or Platform as a Service), the parties will identify Provider-managed and Client-managed controls. Client agrees to enable recommended safeguards (including MFA and logging) in connected cloud applications and to follow Provider’s configuration guidance.
  5. Minimum Security Controls. Client will maintain: (i) Multi-Factor Authentication (MFA) for remote access and administrative accounts; (ii) Endpoint Detection & Response (EDR) on supported endpoints/servers; (iii) vulnerability management with routine scanning and a documented patch cadence; (iv) security logging/monitoring of critical systems and identities; and (v) tested, immutable or tamper-resistant backups with defined RPO (Recovery Point Objectives)/RTO (Recovery Time Objectives) and periodic restore tests.
  6. Updates. Patches and updates to hardware and software (“Updates”) are created and distributed by third parties—such as equipment or software manufacturers—and may be supplied to us from time to time for installation into the Environment. If Updates are provided to you as part of the Services, we will implement and follow the manufacturers’ recommendations for the installation of Updates; however, (i) we do not warrant or guarantee that any Update will perform properly, (ii) we will not be responsible for any downtime or losses arising from or related to the installation, use, or inability to use any Update, (iii) we will not be responsible for the remediation of any device or software that is rendered inoperable or non-functional due to the Update, and (iv) we reserve the right, but not the obligations, to refrain from installing an Update until we have determined, in our reasonable discretion, that the Updates will be compatible with the configuration of the Environment and materially beneficial to the features or functionality of the affected software or hardware.
  7. Unknown Devices. Provider reserves the right to refuse service or remediation for devices, systems, applications, or integrations not previously disclosed or approved (Unknown Devices’). Provider disclaims responsibility for failures or incidents caused by Unknown Devices unless and until they are onboarded to the managed scope pursuant to a written change order.
  8. Moves, Adds, Changes (MACs) Out-of-Scope. Unless expressly included in the Quote or Service Statement, Client-requested Moves, Adds, and Changes (MACs) are out-of-scope and will be performed only upon Client’s approval of a written change order and billed at Provider’s then-current rates.
  9. Software Update Risk Management. Provider will follow vendor guidance for patches/updates and may recommend delay or compensating controls where material compatibility or supply‑chain risks are identified.
  10. Third Party Support. If, in our discretion, a hardware or software issue requires vendor or OEM support, we may contact the vendor or OEM (as applicable) on your behalf and invoice you for all fees and costs involved in that process. If the fees or costs are anticipated in advance or exceed $300, we will obtain your permission before incurring such expenses on your behalf unless exigent circumstances require us to act otherwise.
  11. Advice; Instructions. From time to time, we may provide you with specific advice and directions related to the Services (“Advice”). For example, our Advice may include increasing server or hard drive capacity, increasing CPU power, replacing obsolete equipment, or requesting that you refrain from engaging in acts that disrupt the Environment or that make the Environment less secure. You are strongly advised to promptly follow our advice which, depending on the situation, may require you to make additional purchases or investments in the Environment at your sole cost. We are not responsible for any problems or issues (such as downtime or security-related issues) caused by your failure to promptly follow our Advice. If, in our discretion, your failure to follow our Advice renders part or all of the Services economically or technically unreasonable to provide, then we may terminate the applicable Services for cause by providing notice of termination to you. Unless specifically and expressly stated in writing by us (such as in a Quote), any services required to remediate issues caused by your failure to follow our Advice, or your unauthorized modification of the Environment, as well as any services required to bring the Environment up to or maintain the Minimum Requirements, are out-of-scope.
  12. Security Awareness & MFA Activation. Provider’s advice may include enabling multi-factor authentication (MFA) across cloud and critical business applications, implementing phishing awareness training, and strengthening backup/restore procedures.
  13. Prioritization. All Services will be performed on a schedule, and in a prioritized manner, as we deem reasonable and necessary. Exact commencement / start dates may vary or deviate from the dates we state to you depending on the Service being provided and the extent to which prerequisites (if any), such as transition or onboarding activities, must be completed.
  14. Authorized Contact(s). We will be entitled to rely on any directions or consent provided by your personnel or representatives who are authorized to provide such directions or consent (“Authorized Contacts”). If no Authorized Contact is identified in an applicable Quote or if a previously identified Authorized Contact is no longer available to us, then your Authorized Contact will be the person (i) who accepted the Quote, and/or (ii) who is generally designated by you during the course of our relationship to provide us with direction or guidance. We are entitled to rely upon directions and guidance from your Authorized Contact until we are affirmatively made aware of a change of status of the Authorized Contact. If your change is provided to us in writing (physical document or by email), then the change will be implemented within two (2) business days after the first business day on which we receive your change notice. If your change notice is provided to us in person or by telephone (live calls only), the change will be implemented on the same business day on which the conversation takes place. Do not use a ticketing system or help desk request to notify us about the change of an Authorized Contact; similarly, do not leave a recorded message for us informing us of a change to your Authorized Contact. We reserve the right to delay the Services until we can confirm the Authorized Contact’s authority within your organization.
  15. Insurance. If you are supplied with hardware or accessories on a rental, license or temporary basis (“Computer Networks and/or Computer Networks of Roanoke Equipment”), and the retail value of any such equipment exceeds Two Thousand Five Hundred $2,500.00) United States dollars, then you agree to acquire and maintain, at your sole cost, insurance for the full replacement value of those items. Computer Networks and/or Computer Networks of Roanoke must be listed as an additional insured / loss payee on any policy acquired and maintained by you under this Agreement, and the policy will not be canceled or modified during the term of the applicable Services without prior notification to Computer Networks and Computer Networks of Roanoke. Upon our request, you agree to provide proof of insurance to us, including proof of payment of any applicable premiums or other amounts due under the insurance policy.

FEES; PAYMENT

  1. Fees. You agree to pay the fees, costs, and expenses charged by us for the Services as described in each Quote or Service Statement. You are responsible for sales tax and any other taxes or governmental fees associated with the Services. If you qualify for a tax exemption, you must provide us with a valid certificate of exemption or other appropriate proof of exemption. You are also responsible for all freight, insurance, and taxes (including but not limited to import or export duties, sales, use, value add, and excise taxes). Optional prepaid Incident Response Retainers may be purchased under a separate addendum to secure priority emergency engagement for out-of-scope incidents.
  2. Fee Increase Termination Right: If recurring fees for Services under a Quote increase by more than five percent (5%) over the prior calendar year, Client may terminate the affected Services within sixty (60) days of notice without early termination fees, paying only accrued amounts and any pre-approved, non-mitigable expenses.
  3. Schedule. All fees will be due and payable in advance of the provision of the Services unless otherwise indicated in the Quote or Service Statement. If applicable, recurring payments made by ACH will be deducted from your designated bank account on the first business day of the month in which the Services are to be provided, or if applicable, your designated credit card will be charged on the first business of the month in which the Services are to be provided. Generally, all prices anticipate monthly recurring payment by you via check payment. Payments by any other methods may result in increased fees or costs.
  4. Nonpayment. Fees that remain unpaid for more than thirty (30) days after the date on the applicable invoice will be subject to interest on the unpaid amount(s) until and including the date payment is received, at the lower of either 1% per month or the maximum allowable rate of interest permitted by applicable law. We reserve the right, but not the obligation, to suspend part or all of the Services without prior notice to you in the event that any portion of undisputed fees are not timely received by us. Monthly or recurring charges (if applicable) will continue to accrue during any period of suspension. Notice of disputes related to fees must be received by us within sixty (60) days after the applicable Service is rendered or the date on which you pay an invoice, whichever is later; otherwise, you will waive your right to dispute the fee thereafter. A re-connect fee of up to five percent (5%) may be charged to you if we suspend the Services due to your nonpayment.
  5. Collections Costs. In addition to attorneys’ fees and court costs, Client shall reimburse Provider’s reasonable, documented pre-legal collection costs (e.g., third-party collection agency fees and administrative processing) incurred to recover undisputed past-due amounts.
  6. Suspension for Non-Payment. Provider may immediately suspend part or all of the Services for undisputed non-payment without liability. Recurring charges will continue to accrue during any suspension. Restoration is conditioned on full payment of all past-due amounts and any applicable reinstatement fees.
  7. Setoff / Withholding. Client shall pay all undisputed fees in full when due and shall not withhold, net, or set off any amounts against undisputed invoices. Any bona fide dispute must be raised in writing within the contractual dispute window; Client shall timely pay the undisputed portion while the parties resolve the disputed portion.
  8. Automatic Renewal Transparency (Virginia). If a Quote includes automatic renewal, Provider will: (i) present renewal terms clearly and conspicuously prior to acceptance; (ii) obtain Client’s affirmative consent to renewal terms; (iii) provide an easy‑to‑use cancellation mechanism; and (iv) for initial terms of twelve (12) months or longer, send a renewal reminder 30-90 days before renewal, where required by Virginia law.

ACCESS

  1. Access. You hereby grant to us and our designated third-party vendors the right to monitor, diagnose, manipulate, communicate with, retrieve information from, and otherwise access the Environment solely as necessary to enable us or our vendors, as applicable, to provide the Services. Depending on the Service, we may be required to install one or more software agents into the Environment through which such access may be enabled. It is your responsibility to secure, at your own cost and prior to the commencement of any Services, any necessary rights of entry, licenses (including software licenses), permits or other permissions necessary for Computer Networks and/or Computer Networks of Roanoke or its vendors to provide Services to the Environment and, if applicable, at your designated premises, both physically and virtually. Proper and safe environmental conditions must be provided and assured by you at all times. Computer Networks and Computer Networks of Roanoke shall not be required to engage in any activity or provide any Services under conditions that pose or may pose a safety or health concern to any personnel, or that would require extraordinary or non-industry standard efforts to achieve. Provider’s possession of credentials is custodial only; ownership and ultimate authority remain with Client. Provider uses least-privilege, scope-limited access consistent with industry best practices.
  2. Cloud Admin & Verification. For cloud services, Client authorizes Provider to access administrative portals, configuration, and telemetry necessary to verify Shared Responsibility controls, respond to incidents, and perform managed maintenance.

LIMITED WARRANTIES; LIMITATIONS OF LIABILITY

  1. Hardware / Software Purchased Through Computer Networks, Inc. or Computer Networks of Roanoke, Inc. All equipment, machines, hardware, software, peripherals, or accessories purchased through Computer Networks and/or Computer Networks of Roanoke (“Third Party Products”) are generally nonrefundable once the item is obtained from Computer Networks and Computer Networks of Roanoke’ third party provider or reseller. If you desire to return a Third-Party Product, then the third-party provider’s or reseller’s return policies shall apply. We do not guarantee that purchased Third Party Products will be returnable, exchangeable, or that re-stocking fees can or will be avoided. You will be responsible for the payment of all re-stocking or return-related fees charged by the third-party provider or reseller. We will use reasonable efforts to assign, transfer and facilitate all warranties (if any) and service level commitments (if any) for the Third Party Products to you, but will have no liability whatsoever for the quality, functionality or operability of any Third Party Products, and we will not be held liable as an insurer or guarantor of the performance, uptime or usefulness of any Third Party Products. All Third-Party Products are pro­vided “as is” and without any warranty whatsoever as between Computer Networks and Computer Networks of Roanoke and you (including but not limited to implied warranties).
  2. Liability Limitations. This paragraph limits the liabilities arising from the Services as well as the liabilities arising under this Agreement and any Quote and is a bargained-for and material part of our business relationship with you. You acknowledge and agree that Computer Networks and Computer Networks of Roanoke would not provide any Services, or enter into any Quote or this Agreement, unless Computer Networks and Computer Networks of Roanoke could rely on the limitations described in this paragraph. In no event shall either party be liable for any indirect, special, exemplary, consequential, or punitive damages, such as lost revenue, loss of profits (except for fees due and owing to Computer Networks and Computer Networks of Roanoke), savings, or other indirect or contingent event-based economic loss arising out of or in connection with the Services, this Agreement, any Quote, or for any loss or interruption of data, technology or services, or for any breach hereof or for any damages caused by any delay in furnishing Services under this Agreement or any Quote, even if a party has been advised of the possibility of such damages; however, reasonable attorneys’ fees awarded to a prevailing party (as described below), your indemnification obligations, and any amounts due and payable pursuant to the non-solicitation provision of this Agreement shall not be limited by the foregoing limitation. Except for the foregoing exceptions, a responsible party’s (“Responsible Party’s”) aggregate liability to the other party (“Aggrieved Party”) for damages from any and all claims or causes whatsoever, and regardless of the form of any such action(s), that arise from or relate to this Agreement (collectively, “Claims”), whether in contract, tort, indemnification, or negligence, shall be limited solely to the amount of the Aggrieved Party’s actual and direct damages, not to exceed the amount of fees paid by you (excluding hard costs for licenses, hardware, etc.) to Computer Networks and Computer Networks of Roanoke for the specific Service upon which the applicable claim(s) is/are based during the six (6) month period immediately prior to the date on which the cause of action accrued or $15,000, whichever is greater. The foregoing limitations shall apply even if the remedies listed in this Agreement fail of their essential purpose; however, the limitations shall not apply to the extent that the Claims are caused by a Responsible Party’s willful or intentional misconduct, or gross negligence. Similarly, a Responsible Party’s liability obligation shall be reduced to the extent that a Claim is caused by, or the result of, the Aggrieved Party’s willful or intentional misconduct, gross negligence, or to the extent that the Aggrieved Party failed to reasonably mitigate (or attempt to mitigate, as applicable) the Claims.
  3. No Liability for Vendor Breaches. Provider shall not be liable for security incidents or data breaches attributable to third-party vendors or services used by Client or required by Client, except to the extent caused by Provider’s own willful misconduct or gross negligence.
  4. SaaS/Cloud Outages Disclaimer. Provider is not responsible for outages, degradations, or service failures of upstream SaaS, cloud, or third-party services beyond its reasonable control; SLAs do not apply where performance is impacted solely by such upstream events.
  5. Statutory Carveouts. Nothing in this section limits either party’s liability for gross negligence or willful misconduct or the parties’ obligations under applicable data breach notification laws.

INDEMNIFICATION

  1. Indemnification. Each party (an “Indemnifying Party”) agrees to indemnify, defend and hold the other party (an “Indemnified Party”) harmless from and against any and all losses, damages, costs, expenses or liabilities, including reasonable attorneys’ fees, (collectively, “Damages”) that arise from, or are related to, the Indemnifying Party’s breach of this Agreement. The Indemnified Party will have the right, but not the obligation, to control the intake, defense, and disposition of any claim or cause of action for which indemnity may be sought under this section. The Indemnifying Party shall be permitted to have counsel of its choosing participate in the defense of the applicable claim(s); however, (i) such counsel shall be retained at the Indemnifying Party’s sole cost, and (ii) the Indemnified Party’s counsel shall be the ultimate determiner of the strategy and defense of the claim(s) for which indemnity is provided. No claim for which indemnity is sought by an Indemnified Party will be settled without the Indemnifying Party’s prior written consent, which shall not be unreasonably delayed or withheld.
  2. Incident Response Work Billable. All incident response, forensics, containment, and recovery work outside the contracted scope is billable at Provider’s then-current emergency rates and may require a separate statement of work. Minimum billing increments may apply for after-hours engagements.
  3. Security/Privacy Indemnity. Each party will defend and indemnify the other from third‑party claims to the extent arising from its failure to implement agreed Minimum Security Controls or its violation of data processing instructions under the DPA (Data Processing Addendum) if applicable.

TERM; TERMINATION

  1. Term. This Agreement begins 1) on the date on which we provide a Service to you, or 2) the date you accept a Quote, or 3) the date you execute this Agreement (whichever occurs first) and shall continue for an initial term of three (3) years. Unless otherwise specified in the Quote, this Agreement renews for successive two‑year terms. Non‑renewal requires 90 days’ prior written notice. Quotes may specify different Service Term and renewal lengths (e.g., 12‑month renewals) and different notice windows (e.g., 30–60 days), which shall govern the applicable Services and satisfy Virginia automatic renewal requirements. The termination of Services under one Quote shall not, by itself, cause the termination of (or otherwise impact) this Agreement or the status or progress of any other Services between the parties. All other terms and conditions remain in full force and effect during any renewal term.
  2. Automatic Renewal Compliance. Renewal terms will be presented clearly and conspicuously prior to acceptance, and Client will receive a renewal reminder notice 30–60 days before renewal, as required by Virginia law. Provider will also provide an easy-to-use cancellation mechanism.
  3. Early Termination Option (First 180 Days). Either party may terminate this Agreement for convenience within the first one hundred eighty (180) days of the initial term by providing thirty (30) days prior written notice to the other party. In such event, neither party shall owe any early termination fees, except for payment of undisputed amounts for Services rendered up to the effective termination date.
  4. Termination without Cause. Unless otherwise agreed by the parties in writing or otherwise permitted under this Agreement, no party will terminate this Agreement without cause if, on the date of termination, Services are in progress. In addition, no party will terminate a Quote without cause prior to the Quote’s natural (e., specified) expiration date. Notwithstanding the foregoing, if Computer Networks and Computer Networks of Roanoke decides to cease providing a service to all of its customers generally, then Computer Networks and Computer Networks of Roanoke may terminate an applicable Quote (or the applicable portion of the Quote) without cause by providing no less than one hundred and twenty (120) days prior written notice to you. If you terminate the Services under a Quote without cause and without Computer Networks and Computer Networks of Roanoke’ consent, then you will be responsible for paying the termination fee described in the “Termination for Cause” section, below. If no Services under a Quote are in progress, then either party may terminate this Agreement without cause by providing the other party with five (5) days prior written notice.
  5. Termination for Cause. In the event that one party (a “Defaulting Party”) commits a material breach under a Quote, Service Statement, or under this Agreement, the non-Defaulting Party will have the right, but not the obligation, to terminate immediately the Services under the relevant Quote (a “For Cause” termination) provided that (i) the non-Defaulting Party has notified the Defaulting Party of the specific details of the breach in writing, and (ii) the Defaulting Party has not cured the default within twenty (20) days (ten (10) days for non-payment by Client) following receipt of written notice of breach from the non-Defaulting Party. If Computer Networks and Computer Networks of Roanoke terminates this Agreement or any Quote For Cause, or if you terminate any Services under a Quote without cause prior to such Quote’s expiration date, then Computer Networks and Computer Networks of Roanoke shall be entitled to receive, and you hereby agree to pay to us, all amounts that would have been paid to Computer Networks and Computer Networks of Roanoke had this Agreement or Quote (as applicable) remained in full effect, calculated using the fees and costs in effect as of the date of termination (“Termination Fee”).  If you terminate this Agreement or a Quote for Cause, then you will be responsible for paying only for those Services that were delivered properly and accepted by you up to the effective date of termination.
  6. Client Activity as A Basis for Termination. In the event that you or any of your staff, personnel, contractors, or representatives engages in any unacceptable act or behavior that renders it impracticable, imprudent, or unreasonable to provide the Services to you, then in addition to Computer Networks and Computer Networks of Roanoke’ other rights under this Agreement, Computer Networks and Computer Networks of Roanoke will have the right upon providing you with ten (10) days prior written notice, to terminate this Agreement or the applicable Quote For Cause or, at our discretion and if applicable, amend the applicable Quote to eliminate from coverage any System Malfunction or any equipment or software causing the System Malfunction.
  7. Early Termination Fee (Convenience). If Client terminates subscription Services without Cause prior to the end of the committed term, the early termination fee shall be the remaining term’s recurring charges.
  8. Consent. You and we may mutually consent, in writing, to terminate a Quote or this Agreement at any time.
  9. Equipment / Software Removal. Upon termination of this Agreement or applicable Quote for any reason, you will provide us with access, during normal business hours, to your premises or any other locations at which Computer Networks and Computer Networks of Roanoke Equipment is located to enable us to remove all Computer Networks and Computer Networks of Roanoke Equipment from the premises. If you fail or refuse to grant Computer Networks and Computer Networks of Roanoke access as described herein, or if any of the Computer Networks and Computer Networks of Roanoke Equipment is missing, broken or damaged (normal wear and tear excepted) or any of Computer Networks and Computer Networks of Roanoke-supplied software is missing, we will have the right to invoice you for, and you hereby agree to pay immediately, the full replacement value of any and all missing or damaged items. Certain services may require the installation of software agents in the Environment (“Software Agents”). You agree not to remove, disable, circumvent, or otherwise disrupt any Software Agents unless we explicitly direct you to do so.
  10. Explicit Destruction Schedule. Absent legal holds or written retention instructions, Provider will destroy residual Client data within thirty (30) days after the end of Services. Destruction may include secure deletion, cryptographic erasure, or overwriting consistent with Provider policy.
  11. Payment Before Data Release. As a condition precedent to transition assistance or release of credentials, logs, or configurations, all undisputed fees and costs must be paid in full.

RESPONSE; REPORTING

  1. Response. We respond to any notification received by us of any error, outage, alarm, or alert pertaining to the Environment within fifteen (15) minutes of notification, as a result of the Client creation of a ticket in the ticket system or by the Client leaving an emergency voicemail, during normal business hours (Monday through Friday between 8:00am EST and 5:00pm EST), holidays excepted. In no event will we be responsible for delays in our response or our provision of Services during (i) those periods of time covered under the Transition Exception (defined below), or (ii) periods of delay caused by Client-Side Downtime (defined below), Vendor-Side Downtime (defined below) or (iii) periods in which we are required to suspend the Services to protect the security or integrity of the Environment or our equipment or network, or (iv) delays caused by a force majeure event. For SLA eligibility, Client must open requests via the web ticketing system or toll-free emergency voicemail; emails/texts/direct calls do not qualify.
  2. Scheduled Downtime. For the purposes of this Agreement, Scheduled Downtime will mean those hours, as determined by us but which will not occur between the hours of 9:00 AM and 5:00 PM Eastern Time, Monday through Friday without your authorization or unless exigent circumstances exist, during which time we will perform scheduled maintenance or adjustments to the Environment. We will use our best efforts to provide you with at least twenty-four (24) hours of notice prior to scheduling Scheduled Downtime.
  3. Client-Side Downtime. We will not be responsible under any circumstances for any delays or deficiencies in the provision of, or access to, the Services to the extent that such delays or deficiencies are caused by your actions or omissions (“Client-Side Downtime”). Client-Side Downtime includes, but is not limited to, any period of time during which we require your participation, or we require information, directions, or authorization from you but cannot reach your Authorized Contact(s).
  • Vendor-Side Downtime. We will not be responsible under any circumstances for any delays or deficiencies in the provision of, or access to, the Services to the extent that such delays or deficiencies are caused by third party service providers, third party licensors, or “upstream” service or product vendors.
  1. Transition Exception. You acknowledge and agree that for the first forty-five (45) days following the commencement date of any Service, as well as any period of time during which we are performing off-boarding-related services (g., assisting you in the transition of the Services to another provider, terminating a service, etc.), the response time commitments provided to you will not apply to us, it being understood that there may be unanticipated downtime or delays related to those activities (the “Transition Exception”).
  2. PROVIDER Does Not Determine Reportability. Provider will supply factual, technical information related to an incident; however, Client retains sole responsibility to determine legal reportability and to make regulatory notifications under applicable law and industry rules.
  3. Response & Resolution SLAs; Reporting. Provider will respond to and work on incidents per the Service Statement with defined response and resolution targets by priority (e.g., P1, P2).

CONFIDENTIALITY

  1. Defined. For the purposes of this Agreement, Confidential Information means any and all non-public information provided by one party (a “Discloser”) to the other party (a “Recipient”), including but not limited to customer-related data, customer lists, internal documents, internal communications, proprietary reports and methodologies, and related information. Confidential Information will not include information that: (i) has become part of the public domain through no act or omission of the Recipient, (ii) was developed independently by the Recipient, or (iii) is or was lawfully and independently provided to the Recipient prior to disclosure by the Discloser, from a third party who is not and was not subject to an obligation of confidentiality or otherwise prohibited from transmitting such information.
  2. Use. The Recipient will keep the Confidential Information it receives fully confidential and will not use or disclose such information to any third party for any purpose except (i) as expressly authorized by the Discloser in writing, or (ii) as needed to fulfill its obligations under this Agreement, or (iii) as required by any law, rule, or industry-related regulation.
  3. Due Care. The Recipient will exercise the same degree of care with respect to the Confidential Information it receives from the Discloser as it normally takes to safeguard and preserve its own confidential and proprietary information, which in all cases will be at least a commercially reasonable level of care.
  4. Compelled Disclosure. If a Recipient is legally compelled (whether by deposition, interrogatory, request for documents, subpoena, civil investigation, demand or similar process) to disclose any of the Confidential Information, and provided that it is not prohibited by law from doing so, the Recipient will immediately notify the Discloser in writing of such requirement so that the Recipient may seek a protective Order or other appropriate remedy and/or waive the Discloser’s compliance with the provisions of this Section. The Recipient will use its best efforts, as directed by the Discloser and at the Discloser’s expense, to obtain or assist the Recipient in obtaining any such protective Order. Failing the entry of a protective Order or the receipt of a waiver hereunder, the Recipient may disclose, without liability hereunder, that portion (and only that portion) of the Confidential Information that the Recipient has been advised, by written opinion from its counsel (which shall be shared with the Discloser), that the Recipient is legally compelled to disclose. Client retains final authority over acceptance, rejection, prioritization, and timing of security controls unless expressly delegated in writing.
  5. Written Accept/Decline of Recommendations. Client will provide written acceptance or rejection of Provider’s material security recommendations. Declined recommendations may be excluded from SLAs and warranty claims, and Client assumes related risk.
  6. Data Processing Addendum (DPA). If Provider processes ‘personal data’ on behalf of Client, the parties will execute a Data Processing Addendum identifying roles (controller/processor), processing purposes, instructions, categories of data, retention, and safeguards.
  7. SEC Cyber Disclosure Cooperation. If Client is subject to SEC reporting requirements, Client acknowledges obligations to disclose material cybersecurity incidents and annual risk governance under SEC rules.
  8. Additional NDA. In our provision of the Services, you and we may be required to enter into one or more additional nondisclosure agreements (each an “NDA”) for the protection of a third party’s Confidential Information (such as, for example, a business associate agreement). In that event, the terms of the NDA will be read in conjunction with the terms of the confidentiality provisions of this Agreement, and the terms that protect confidentiality most stringently shall govern the use and destruction of the relevant Confidential Information.

ADDITIONAL TERMS; THIRD PARTY SERVICES

 EULAs. Portions of the Services may require you to accept the terms of one or more third party end user license agreements (“EULAs”). If the acceptance of a EULA is required in a Quote to provide the Services to you, then you hereby grant us permission to accept the EULA on your behalf. EULAs may contain service levels, warranties, and/or liability limitations that are different than those contained in this Agreement. You agree to be bound by the terms of such EULAs and will look only to the applicable third-party provider for the enforcement of the terms of such EULAs. If, while providing the Services, we are required to comply with a third-party EULA and the third-party EULA is modified or amended, we reserve the right to modify or amend any applicable Quote with you to ensure our continued compliance with the terms of the third-party EULA.

  1. Third Party Services. Portions of the Services may be acquired from, resold from, and/or rely upon the services of, third party vendors, manufacturers, or providers (“Third Party Provider”). Third Party Providers may provide services such as data hosting services, help desk services, malware detection services, domain registration services, and data backup/recovery services (each, a “Third Party Service”). Not all Third-Party Services will be expressly identified as being provided by a Third-Party Vendor, and at all times we reserve the right to utilize the services of any Third-Party Provider or to change Third Party Providers in our sole discretion as long as the change does not materially diminish the Services that we are obligated to provide to you. Please note: You understand and agree that Third Party Providers are not our contractors, subcontractors, or otherwise under our managerial or operational control. While we will endeavor to facilitate a workaround for the failure of a Third-Party Service, we will not be responsible, and will be held harmless by you, for any failure of any Third-Party Service as well as the failure of any Third-Party Provider to provide such services to Computer Networks and Computer Networks of Roanoke or to you.
  2. ThirdParty Provider Security & SBOM. Provider may require materially relied‑upon vendors to meet minimum security expectations and, where feasible, to furnish a Software Bill of Materials (SBOM) or component transparency to aid vulnerability management.
  3. Client Vendor Choices. Where Client requires the use of vendors, products, or services outside Provider’s recommended list, Client assumes the associated operational and security risks. Provider’s obligations are limited to reasonable integration efforts; Provider is not liable for failures introduced by such choices.
  4. Data Loss. Under no circumstances will we be responsible for any data lost, corrupted, or rendered unreadable due to (i) communication and/or transmissions errors or related failures, (ii) equipment failures (including but not limited to silent hardware corruption-related issues), or (iii) our failure to backup or secure data from portions of the Environment that were not expressly designated to receive such services in the Quote, nor will we be responsible for the recovery of data due to any of the foregoing. Unless expressly stated in writing by us, we do not warrant or guarantee that any maintained storage device or functionality, data backup device, or functionality, or load balancing functionality will operate in an error-free manner.
  5. BYOD-Bring Your Own Device. You hereby represent and warrant that we are authorized to access all devices, peripherals and/or computer processing units, including mobile devices (such as notebook computers, smart phones and tablet computers) that are connected to the Environment (collectively, “Devices”), regardless of whether such Devices are owned, leased or otherwise controlled by you. Unless otherwise stated in writing by us, Devices will not receive or benefit from the Services while the devices are detached from, or unconnected to, the Environment. Client is strongly advised to refrain from connecting Devices to the Environment where such devices are not previously known to us and are not expressly covered under a managed service plan from us (“Unknown Devices”). We will not be responsible for the diagnosis or remediation of any issues in the Environment caused by the connection or use of Unknown Devices in the Environment, and we will not be obligated to provide the Services to any Unknown Devices.
  6. BYOD Controls. Client will enforce mobile/endpoint management (e.g., MDM, device compliance, encryption) on personal devices that access the Environment.
  7. Equipment. All Computer Networks and Computer Networks of Roanoke Equipment is licensed to you and is neither owned by you nor leased to you. Upon the termination of applicable Services, your license to use the Computer Networks and Computer Networks of Roanoke Equipment shall immediately terminate, and thereafter all Computer Networks and Computer Networks of Roanoke Equipment must be returned to us immediately at your expense. All configurations on the Computer Networks and Computer Networks of Roanoke Equipment are our proprietary information and will not be circumvented, modified, or removed by you without our prior written consent.

OWNERSHIP

  1. Owner. Each party is, and will remain, the owner and/or licensor of all works of authorship, patents, trademarks, copyrights and other intellectual property owned by such party (“Intellectual Property”), and nothing in this Agreement, any Quote or Service Statement, shall be deemed to convey or grant any ownership rights or goodwill in one party’s Intellectual Property to the other party. For the purposes of clarity, you understand and agree that we own any software, codes, algorithms, or other works of authorship that we create while providing the Services to you. If we provide licenses to you for third party software, then you understand and agree that such software is licensed, and not sold, to you. You are allowed to use such third-party software subject to the terms and conditions of (i) this Agreement, (ii) the applicable Quote, (iii) written directions supplied to you by us, and (iv) any applicable EULA; no other uses of such third-party software are permitted. To the maximum extent permitted by applicable law, we make no warranty or representation, either expressed or implied with respect to third party software or its quality, performance, merchantability, or fitness for a particular purpose.
  2. Provider Owns Telemetry & Scripts. Provider retains ownership of monitoring telemetry, analytics, automation scripts, runbooks, and proprietary tooling created or deployed in delivering the Services. Client’s production data and Client-owned content remain Client’s property. Provider has no obligation to disclose or transfer its proprietary tooling at termination.
  3. Component Transparency. Where Provider supplies or manages software, Provider may request SBOMs or equivalent component lists from upstream suppliers to support timely vulnerability identification and remediation.

ARBITRATION

Except for undisputed collections actions to recover fees due to us (“Collections”), any dispute, claim or controversy arising from or related to this Agreement, including the determination of the scope or applicability of this agreement to arbitrate, shall be settled by arbitration before one arbitrator who is mutually agreed upon by the parties. The arbitration shall be administered and conducted by the American Arbitration Association (the “AAA”) or if there is no AAA-certified arbitrator available within a twenty (20) mile radius of our office, then by any arbitration forum as determined by us, pursuant to the selected forum’s arbitration rules for commercial disputes (the “Rules”). In the event of any inconsistency between the Rules and the procedures set forth in this paragraph, the procedures set forth in this paragraph will control. The arbitrator will be experienced in contract, intellectual property, and information technology transactions. If the parties cannot agree on an arbitrator within fifteen (15) days after a demand for arbitration is filed, the arbitration venue shall select the arbitrator. The arbitration shall take place in the office of the Provider entity issuing the applicable Quote, unless we agree to a different venue. The arbitrator will determine the scope of discovery in the matter; however, it is the intent of the parties that any discovery proceedings be limited to the specific issues in the applicable matter, and that discovery be tailored to fulfill that intent. Initially, the cost of the arbitration shall be split evenly between the parties; however, the party prevailing in the arbitration shall be entitled to an award of its reasonable attorneys’ fees and costs.

MISCELLANEOUS

  1. Compliance. Unless otherwise expressly stated in a Quote, the Services are not intended, and will not be used, to bring Client into full regulatory compliance with any rule, regulation, or requirement that may be applicable to Client’s business or operations. Depending on the Services provided, the Services may aid Client’s efforts to fulfill regulatory compliance; however, the Services are not (and should not be used as) a compliance solution.
  2. Framework Alignment; No Compliance Warranty. The Services are designed to assist Client in implementing risk‑based controls aligned to recognized frameworks (e.g., NIST CSF 2.0). The Services do not guarantee regulatory compliance by themselves
  3. Disclosure. You warrant and represent that you know of no law or regulation governing your business that would impede or restrict our provision of the Services, or that would require us to register with, or report our provision of the Services (or the results thereof), to any government or regulatory authority. You agree to promptly notify us if you become subject to any of the foregoing which, in our discretion, may require a modification to the scope or pricing of the Services. Similarly, if you are subject to responsibilities under any applicable privacy law (such as HIPAA), then you agree to identify to us any data or information subject to protection under that law prior to providing such information to us or, as applicable, prior to giving us access to such information.
  4. No Fiduciary. The scope of our relationship with you is limited to the specific Services provided to you; no other relationship, fiduciary or otherwise, exists or will exist between us. If, by operation of law, a fiduciary relationship is imposed or presumed for out-of-scope services, you hereby waive that relationship and any fiduciary obligations thereunder.
  5. Virtual Security. You understand and agree that no security solution is one hundred percent effective, and any security paradigm may be circumvented and/or rendered ineffective by certain malware, such as certain ransomware or rootkits that were unknown to the malware prevention industry at the time of infection, and/or which are downloaded or installed into the Environment. We do not warrant or guarantee that all malware or malicious activity will be capable of being detected, avoided, quarantined, or removed, or that any data deleted, corrupted, or encrypted by such malware (“Impacted Data”) will be recoverable. Unless otherwise expressly stated in a Quote, the recovery of Impacted Data is out-of-scope. Moreover, unless expressly stated in a Quote or Service Statement, we will not be responsible for activating multifactor authentication in any application in or connected to the Environment. You are strongly advised to (i) educate your employees to properly identify and react to “phishing” activity (e., fraudulent attempts to obtain sensitive information or encourage behavior by disguising oneself as a trustworthy entity or person through email), and (ii) obtain insurance against cyberattacks, data loss, malware-related matters, and privacy-related breaches, as such incidents can occur even under a “best practice” scenario. Unless a malware-related incident is caused by our intentionally malicious behavior or our gross negligence, we are held harmless from any costs, expenses, or damages arising from or related to such incidents.
  6. Physical Security. You agree to implement and maintain reasonable physical security for all managed hardware and related devices in your physical possession or control. Such security measures must include (i) physical barriers, such as door and cabinet locks, designed to prevent unauthorized physical access to protected equipment, (ii) an alarm system to mitigate and/or prevent unauthorized access to the premises at which the protected equipment is located, (iii) fire detection and retardant systems, and (iv) periodic reviews of personnel access rights to ensure that access policies are being enforced, and to help ensure that all access rights are correct and promptly updated.
  7. Non-Solicitation. Each party (a “Restricted Party”) acknowledges and agrees that during the term of this Agreement and for a period of one (1) year following the termination of this Agreement, the Restricted Party will not, individually or in conjunction with others, directly or indirectly solicit, induce or influence any of the other party’s employees with whom the Restricted Party worked to discontinue or reduce the scope of their business relationship with the other party, or recruit, solicit or otherwise influence any employee of the other party with whom the Restricted Party worked to discontinue his/her employment or agency relationship with the other party. In the event of a violation of the terms of the restrictive covenants in this section, the parties acknowledge and agree that the damages to the other party would be difficult or impracticable to determine, and in such event, the Restricted Party will pay the other party as liquidated damages and not as a penalty an amount equal to one hundred thousand dollars ($100,000) or the amount that the other party paid to that employee in the one (1) year period immediately preceding the date on which the Restricted Party violated the foregoing restriction, whichever is greater. In addition to and without limitation of the foregoing, any solicitation or attempted solicitation for employment directed to a party’s employees by the Restricted Party will be deemed to be a material breach of this Agreement, in which event the affected party shall have the right, but not the obligation, to terminate this Agreement or any then-current Quote immediately For Cause.
  8. Collections. If we are required to send your account to Collections or to start any Collections-related action to recover undisputed fees, we will be entitled to recover all costs and fees we incur in the Collections process including but not limited to reasonable attorneys’ fees and costs.
  9. Assignment. Neither this Agreement nor any Quote may be assigned or transferred by a party without the prior written consent of the other party. This Agreement will be binding upon and inure to the benefit of the parties hereto, their legal representatives, and permitted successors and assigns. Notwithstanding the foregoing, we may assign our rights and obligations hereunder to a successor in ownership in connection with any merger, consolidation, or sale of substantially all of the assets of our business, or any other transaction in which ownership of more than fifty percent (50%) of our voting securities are transferred; provided, however, that such assignee expressly assumes our obligations hereunder.
  10. Amendment. Unless otherwise expressly permitted under this Agreement, no amendment or modification of this Agreement or any Quote will be valid or binding upon the parties unless such amendment or modification is originated in writing by Computer Networks and/or Computer Networks of Roanoke, specifically refers to this Agreement or the Quote being amended, and is accepted in writing (email or electronic signature is acceptable) by you.
  11. Time Limitations. The parties mutually agree that, unless otherwise prohibited by law, any action for any matter arising out of or related to any Service, this Agreement or any Quote (except for issues of nonpayment by Client) must be commenced within six (6) months after the cause of action accrues or the action is forever barred.
  12. Severability. If any provision hereof or any Quote is declared invalid by a court of competent jurisdiction, such provision will be ineffective only to the extent of such invalidity, illegibility or unenforceability so that the remainder of that provision and all remaining provisions will be valid and enforceable to the fullest extent permitted by applicable law.
  13. Other Terms. We will not be bound by any terms or conditions printed by you on any purchase Quote, invoice, memorandum, or other written communication supplied by you unless we have expressly acknowledged the other terms and, thereafter, expressly, and specifically accepted such other terms in writing.
  14. No Waiver. The failure of either party to enforce or insist upon compliance with any of the terms and conditions of this Agreement, the temporary or recurring waiver of any term or condition of this Agreement, or the granting of an extension of the time for performance, will not constitute an Agreement to waive such terms with respect to any other occurrences.
  15. Merger. This Agreement, together with any and all Quotes and each applicable Service Statement, sets forth the entire understanding of the parties and supersedes any and all prior agreements, arrangements or understandings related to the Services; however, any payment obligations that you have or may have incurred under any prior superseded agreement are not nullified by this Agreement and remain in full force and effect. No representation, promise, inducement, or statement of intention has been made by either party which is not embodied herein. We will not be bound by any of our agents’ or employees’ representations, promises, or inducements if they are not explicitly set forth in this Agreement or any Quote or Service Statement. Any document that is not expressly and specifically incorporated into this Agreement or a Quote will act only to provide illustrations or descriptions of Services to be provided and will not modify this Agreement or provide binding contractual language between the parties. The foregoing sentence shall not apply to any business associate agreement required under HIPAA, which the parties may (if required) enter into after the Effective Date of this Agreement.
  16. Force Majeure. Neither party will be liable to the other party for delays or failures to perform its obligations because of circumstances beyond such party’s reasonable control. Such circumstances include, but will not be limited to, any intentional or negligent act committed by the other party, or any acts or omissions of any governmental authority, natural disaster, act of a public enemy, acts of terrorism, riot, sabotage, disputes or differences with workmen, power failure, communications delays/outages, delays in transportation or deliveries of supplies or materials, cyberwarfare, cyberterrorism, or hacking, malware or virus-related incidents that circumvent then-current anti-virus or anti-malware software, and acts of God.
  17. Survival. The provisions contained in this Agreement that by their context are intended to survive termination or expiration of this Agreement will survive. If any provision in this Agreement is deemed unenforceable by operation of law, then that provision shall be excised from this Agreement, and the balance of this Agreement shall be enforced in full.
  18. Insurance. The Provider entity issuing the applicable Quote and you will each maintain, at each party’s own expense, all insurance reasonably required in connection with this Agreement or any Quote, including but not limited to, workers compensation and general liability. We agree to maintain a general liability policy with a limit of not less than $1,000,000 per occurrence. All of the insurance policies described herein will not be canceled, materially changed or renewal refused until at least thirty (30) calendar days written notice has been given to the other party by certified mail.
  19. Class Action Waiver. To the maximum extent permitted by law, the parties waive any right to bring, participate in, or recover under a class, collective, or representative action related to this Agreement. Claims must be pursued on an individual basis.
  20. Injunctive Relief. Notwithstanding the arbitration requirement, either party may seek temporary, preliminary, or permanent injunctive relief in a court of competent jurisdiction to protect intellectual property or confidentiality obligations.
  21. Not an Insurer. Provider is not an insurer and has no obligation to indemnify or compensate Client beyond the limits and remedies expressly stated in this Agreement. No insurance subrogation rights shall expand Provider’s contractual liability.
  22. Cyber Insurance. Each party will maintain cyber insurance covering network security/privacy liability and incident response costs with limits not less than $1,000,000 per claim and $2,000,000 aggregate, issued by a carrier rated A- or better by A.M. Best. Upon reasonable request, a certificate of insurance will be provided within ten (10) business days. Failure to maintain required coverage constitutes a material breach subject to termination for cause after applicable cure periods.
  23. Governing Law; Venue. This Agreement and all Services will be governed by, and construed according to, the laws of the state of Virginia. You hereby irrevocably consent to the exclusive jurisdiction and venue of Virginia Beach, Virginia, for all claims and causes of action arising from or related to this Agreement.
  24. No Third-Party Beneficiaries. The Parties have entered into this Agreement solely for their own benefit. They intend no third party to be able to rely upon or enforce this Agreement or any part of this Agreement.
  25. Usage in Trade. It is understood and agreed that no industry customs, prior dealings, or trade practices will modify this Agreement.
  26. Business Day. If a time period set forth in this Agreement expires on a day other than a business day in Virginia Beach, Virginia, such period will be extended to and through the next succeeding business day in Virginia Beach, Virginia.
  27. Notices; Writing Requirement. Where notice is required to be provided to a party under this Agreement, such notice may be sent by U.S. mail, overnight courier or email as follows: notice will be deemed delivered three (3) business days after being deposited in the United States Mail, first class mail, certified or return receipt requested, postage prepaid, or one (1) day following delivery when sent by FedEx overnight or other overnight courier, or one (1) day after notice is delivered by email. Notice sent by email will be sufficient only if the message is sent to the last known email address of the recipient or such other email address that is expressly designated by the recipient for the receipt of legal notices. All electronic documents and communications between the parties, including email, will satisfy any “writing” requirement under this Agreement.
  28. Independent Contractor. Computer Networks and Computer Networks of Roanoke is an independent contractor, and is not your employer, employee, partner, or affiliate.
  29. Contractors. Generally, we do not utilize contractors to perform onsite services (such as equipment installation, network wiring, etc.); however, should we elect to contract a portion of those services to a third party, we will guarantee that work as if we performed the work ourselves. For the purposes of clarity, you understand and agree that Third Party Services are not considered to be subcontracted services, and providers of Third-Party Services are not our contractors or subcontractors.
  30. Data & Service Access. No data services that encompass the transport or storage of ePHI (electronic Protected Health Information) will be used by us in the delivery of Services to entities that qualify as Business Associates or Covered Entities.
  31. Renewal & Cancellation Notices. For subscriptions offered online, Provider will provide conspicuous online cancellation options and renewal acknowledgments that include terms, cancellation policy, and instructions, per Virginia law.
  32. HIPAA Risk Analysis Disclaimer. If applicable, Client remains solely responsible for conducting the HIPAA Security Rule risk analysis and risk management (e.g., 45 C.F.R. § 164.308(a)(1)(ii)(A)), and any related privacy/legal determinations. Provider’s role is limited to implementing the technical safeguards expressly contracted for and permitted under the Business Associate Agreement.
  33. HIPAA Business Associate. If applicable, Provider will not create, receive, maintain, or transmit ePHI unless the parties execute a Business Associate Agreement (BAA) and implement safeguards consistent with the HIPAA Security Rule.
  34. Counterparts. The parties intend to sign, accept, and/or deliver any Quote, this Agreement, or any amendment in any number of counterparts, and each of which will be deemed an original and all of which, when taken together, will be deemed to be one agreement. Each party may sign, accept, and/or deliver any Quote, this Agreement, or any amendment electronically (g., by digital signature and/or electronic reproduction of a handwritten signature) or by reference (as applicable).

 

☐Computer Networks, Inc.

☐Computer Networks of Roanoke, Inc.

 

___________________________________________

Signature Authorized Representative (Provider)

 

Print Name: ________________________________

Title: ______________________________________

Date:______________________________________

 

____________________________________________

Client Name:

 

_____________________________________________

Signature Authorized Representative (Client)

 

Print Name: _________________________________

Title: ________________________________________

Date: _______________________________________

 

Master Services Agreement

Key Terms Overview

 

  1. Term & Renewal

– Initial Term: 3 years from the start date.

– Automatic Renewal: Renews for 2-year periods unless either party gives 90 days’ written notice before the current term ends.

– Virginia Compliance: Renewal terms will be clearly disclosed, and reminders sent 30–60 days before renewal. Easy cancellation options provided.

  1. Early Termination

– 180-Day Bailout: Either party may terminate within the first 180 days with 30 days’ written notice—no penalty (only pay for services rendered).

– Convenience Termination: If Client terminates after 180 days without cause, an early termination fee applies (remaining term’s charges). Note: This fee does not apply under the 180-day bailout clause.

  1. Quotes & Service Statements

– Services are defined in Quotes and Service Statements, which include scope, pricing, payment terms, and any auto-renewal details.

– If there’s a conflict: Quote or Service Statement overrides the MSA; Quote overrides Service Statement.

  1. Fees & Payment

– Fees due in advance unless otherwise stated.

– Late payments accrue interest (1% per month or legal max).

– Nonpayment may result in service suspension.

  1. Service Standards

– Response SLA: Critical alerts acknowledged within 15 minutes during business hours.

– Client must maintain minimum security controls (MFA, EDR, backups, etc.).

  1. Liability

– Cap: Greater of $15,000 or six months of fees for direct damages.

– No liability for indirect, consequential damages.

– Exceptions: Willful misconduct or gross negligence.

  1. Confidentiality & Data

– Both parties must protect confidential information.

– Data deletion within 30 days after termination unless otherwise agreed.

  1. Governing Law

– Virginia law applies; venue is Virginia Beach, VA.

  1. Signatures

– Agreement is binding when signed by authorized representatives of both parties.

 

Client Acknowledgment

Addendum to Master Services Agreement

 

 

This Addendum is entered into as of _____ / _____ / _____ and forms part of the Master Services Agreement between Provider and Client. By signing below, Client acknowledges and agrees to the following:

 

  1. Client retains shared responsibility for cybersecurity and risk decisions.

 

  1. Client understands that no guarantee of breach prevention or business continuity is provided.

 

  1. Client agrees that incident response outside contracted scope is billable.

 

  1. Client accepts that declined recommendations shift related risk to Client.

 

☐Computer Networks, Inc.

☐Computer Networks of Roanoke, Inc.

 

______________________________________

Signature Authorized Representative (Provider)

 

Print Name: __________________________

Title: ________________________________

Date: _______________________________

 

 

_____________________________________

Client Name

 

_____________________________________

Signature Authorized Representative (Client)

 

Print Name: __________________________

Title: ________________________________

Date: _______________________________

 

ALIGNMENT WITH STATEMENT OF SERVICES (SOS)

 

This Agreement is intended to be read together with the applicable Statement of Services (SOS) associated with each Quote. The SOS governs technical scope, service descriptions, service levels (SLAs), Fair Usage Policy (FUP), exclusions, assumptions, and pricing mechanics (including Minimum Monthly Fee (MMF) and device/user adjustments). In the event of any ambiguity regarding service scope, SLAs, or FUP, the SOS controls; in all other matters, this Agreement controls.

 

SECURITY INCIDENT (DEFINITION)

For purposes of this Agreement and any SOS, a Security Incident means any unauthorized or impermissible access to or use of the Environment, or any unauthorized or impermissible disclosure of Client’s confidential information (such as user names, passwords, etc.), that (i) compromises the security or privacy of information or applications in, or the structure or integrity of, the Environment, or (ii) prevents normal access to the Environment, or impedes or disrupts the normal functions of the Environment.

 

DATA OWNERSHIP; PROVIDER TOOLING

Client retains ownership of all Client production data and content processed within the managed Environment. Provider retains ownership of monitoring telemetry, analytics, automation scripts, runbooks, and proprietary tooling created or deployed in delivering the Services. Provider has no obligation to disclose or transfer its proprietary tooling at termination; Client data will be handled per the Transition; Data Destruction section.

 

FAIR USAGE POLICY (REFERENCE)

Any Services described or designated as ‘unlimited’ are subject to the Fair Usage Policy defined in the applicable SOS. Unlimited designations mean reasonable use during normal business hours subject to technician availability, prioritization, and exclusions stated in the SOS.

 

PRICING MECHANICS (REFERENCE)

Fees quoted under each Quote include the Minimum Monthly Fee (MMF) as defined in the SOS. Upward fee adjustments for Environment growth (devices/users/components) apply automatically; downward adjustments below the MMF require mutual written agreement. All modifications must be documented in writing and accepted by both parties.

Last updated January 2026