PREVALENT ADDENDUM

The terms contained in this Addendum shall only apply to the Services for Prevalent (“Prevalent”) on the Order Form between Mitratech and Customer.  In the event of a conflict between the terms of the Agreement, the Order Form, and the remainder of this Addendum, the Addendum shall control.

• Services & Licenses.

1. 1. Redeemed Product License: A product license is considered redeemed for the entity when any one of the following actions below are triggered against an entity within the application:
      1. Survey/schedule sent to an entity
      2. Survey/schedule sent on behalf of the Customer to an entity initiating the collection and analysis processes of the Risk Operations Team
      3. Survey imported against an entity
      4. Risk items are imported against an entity
      5. Risk items created against an entity
      6. Risk items modified against an entity
      7. An agreement is issued to entity
   2. Prevalent Vendor Threat Monitor (VTM) is an offering that enables organizations to continuously monitor key relationship risk areas, including Data Risk, Operational Risk, Financial Risk, Brand Risk, Regulatory Risk and Geographic Risk. Organizations using Prevalent VRM SaaS to assess vendors and service providers can opt to configure VTM to monitor for potential risk areas identified by Prevalent VRM. Prevalent VTM will notify the risk manager associated with the relationship to determine whether the risk poses an actual threat to the organization. Data types that are part of this analysis include external data breach notifications, IP reputation data, malware for known domains, financial analysis, phishing attacks, regulatory issues and other publicly available information. Each VTM license shall allow for the monitoring of threat intelligence and reporting for one third party vendor per license for the license term.
   3. Third-Party Data License. The Software includes access to various confidential and proprietary Third-Party Data that is utilized along with the Service as a comparative data source in processing the Customer Data and generating various reports and reporting data. “Third-Party Data” means data sources provided from public sources or by a third-party license vendor for use with the Service This information is compiled from third party sources, including but not limited to, public records, user submissions, and other commercially available data sources. These sources may not be accurate or complete, or up-to-date and is subject to ongoing and continual change without notice. Neither Prevalent nor its Third-Party Data sources make any representations or warranties regarding the data and assume no responsibility, for the accuracy, completeness, or currency of the data, or any decisions Customer makes based in whole or part on this data or information. This data and information is not a substitute for Customer’s own judgment, professional advice, or the need to seek additional input and research before making any decisions and should NOT be used alone to make decisions. Customer shall use Third-Party Data solely in connection with present or prospective credit, security, financial or risk management decisions regarding the business vendors to which the Customer inquiry relates. Moreover, Customer acknowledges that the Third-Party Data: (i) will not be used in determining personal, family or household eligibility for obtaining credit or insurance; ii) nor shall it be used for employment purposes (but may be used when evaluating an individual as an independent consultant vendor); nor iii) for any other purpose governed by the Fair Credit Reporting Act. Customer will abide by all applicable laws as a condition for continued use of their Third-Party Data. Third-Party Data providers of Prevalent shall be deemed to be 3rd party beneficiaries of this Agreement, solely with regard to their Third-Party Data. Prevalent further represents they will use reasonable commercial efforts to: (i) help ensure the appropriateness of the Third-Party Data before it is selected for use with the Service; (ii) to promptly remove Third-Party Data from the Service that is identified as inaccurate data; and (iii) promptly advise Customer of known or suspected problems and/or concerns with Third-Party Data.
   4. Software License Grant.  Customer is provided a right to: produce reports for Customer’s internal use. For the purpose of clarity, no third party may rely in any manner on the reports, results, recommendation work product provided by or generated through the Service, all work is provided for informational purposes solely for the benefit of the Customer. Customer is granted only the non-exclusive, non-transferable right to use the Services and related user documentation solely on the hosted Prevalent Cloud Service Environment during the term as specified in the Order Form, and does not acquire any rights of ownership in such materials; and to use the reports and documents generated during the term for Customer’s internal historical and compliance purposes, on an “AS IS” without warranty of any kind, stated or implied, and provided all the materials, reports and documents will be treated as Confidential Information. “Prevalent Cloud Services Environment” refers to the combination of hardware and software owned, licensed, subscribed to, or managed by Prevalent to which Prevalent grants the Customer and users access to a portion of the Prevalent Cloud Service Environment as part of the Prevalent Cloud Services that are described in the Order Form.
   5. Customer Data. Customer grants Prevalent the right to use, process, collect, copy, store, transmit, modify and create derivative works of Customer Data, in each case solely to the extent necessary to provide the applicable Service to Customer in accordance with the Agreement, for the duration of the Services period plus any additional post-termination period during which Prevalent provides the Customer with access to retrieve an export file of Customer’s content, not to exceed 60 days. The license granted by the Agreement shall apply only for the number of user id’s, or capacity (i.e. number of vendors etc.) provided for pursuant to the associated Order Form , and shall only be valid for such time as the term stated in the Order Form. Customer shall take reasonable steps, including limiting access to user IDs and passwords, to limit access to the Software to those of its employees who are authorized to use the Software. Except in the case of Prevalent’s negligence or willful misconduct or breach of any of its obligations under this Agreement, Customer remains responsible for any and all actions taken using Customer accounts and passwords, and Customer agrees to immediately notify Prevalent of any unauthorized use of which Customer becomes aware, or reasonably suspect.
2. Restrictions on Transfer, Use, Alteration and Copying. Customer may not, without Prevalent’s prior written consent, conduct, cause or permit the: (i) alteration of any files or libraries in any portion of the Service, or reproduction of the database portion or creation of any tables or reports relating to the database portion; (ii) use of the Service in connection with service bureau, facility management, timeshare, service provider or like activity whereby Customer operates or uses the Service for the benefit of a third party; (iii) use of the Service, including any data, information or reports generated by the Service, by any party other than Customer and its subcontractors and agents acting on Customer’s behalf and subject to the terms of this Agreement; or (iv) falsely imply any sponsorship or association with Prevalent. Any violation of this section shall result in immediate termination of this Agreement, which termination shall not be exclusive of other remedies available.
3. Obligations Upon Termination. Upon termination of this Agreement, Customer shall discontinue use of the Service and extract all Customer Data from the Services within thirty (30) days of the date of termination unless otherwise agreed.
4. Indemnity for Customer Data. Customer shall bear sole responsibility for any information uploaded or supplied by Customer in connection with use of the Service, including but not limited to ensuring that the use of the Services to store, process and transmit Customer Data is compliant with all applicable laws and regulations. IN NO EVENT SHALL PREVALENT BEAR ANY LIABILITY FOR THE USE OR LOSS OF ANY INFORMATION UPLOADED OR SUPPLIED BY CUSTOMER IN CONNECTION WITH USE OF THE SERVICE, UNLESS SUCH LOSS IS CAUSED BY PREVALENT’S NEGLIGENCE OR WILLFUL MISCONDUCT. Prevalent shall not be responsible or liable for the deletion, alteration, destruction, damage, loss or failure to store any Customer Data unless, and only to the extent that, such deletion, alteration, destruction, damage, loss or failure to store any Customer Data is directly and proximately caused by Prevalent’s action or inaction and subject to any limitations set forth in the Agreement.
5. No Advice. Customer should not rely on the Services and the information and resources contained in the Services as a replacement or substitute for any professional, financial, legal or other advice or counsel.
6. Updates/Changes to Services. Due to changes in technology and the marketplace, Prevalent may make modifications to the products or services that comprise Customer’s use of the Services or particular components of such product or service (including but not limited to discontinuing a component) from time to time and will use commercially reasonable efforts to notify Customer of any material modifications. Any such modification shall not be deemed to violate any warranties, and Customer agrees that Prevalent will not be liable to Customer for any such modifications. Prevalent reserves the right to discontinue offering a Customer’s Prevalent Services at the conclusion of Customer’s then current subscription term.
7. Expenses. Travel and expenses are not included in the Service installation and configuration that appears in the Order Form. Prevalent will be reimbursed for those expenses that have been incurred in accordance with the Agreement and itemized on its invoice and accompanied by adequate, supporting documentation. Unless otherwise agreed to in advance, all expenses shall be invoiced in arrears after Prevalent has incurred the expense and after Customer has provided prior written approval for reimbursement.

[End of Prevalent Addendum]