SecOps Service Specific Terms

1. Data

a. Improvements. To respond to the evolving threat landscape and provide current and state-of-the-art cybersecurity, as part of providing the Services we process Customer Data to improve the security, threat detection, prevention, and response capabilities of such Services.

b. Location. In the Order Form or by other means if made available by Google, Customer may select to store Customer Data in a specific Region or Multi-Region as detailed in the SecOps Services Locations Page (“Data Location Selection”), and Google will store that Customer Data at rest only in the selected Region/Multi-Region. If a Data Location Selection is not made by Customer, Google may (subject to the Data Processing and Security Terms) process and store Customer Data anywhere Google or its agents maintain facilities. The Services do not limit the locations from which Customer or Customer End Users may access Customer Data or to which they may move Customer Data. For clarity, Customer Data does not include resource identifiers, attributes, or other data labels.

2. General Software Terms. The following terms apply to all Software:

a. License. Google grants Customer a royalty-free (unless otherwise stated by Google), non-exclusive, non-sublicensable, non-transferable license during the Term to reproduce and use the Software ordered by Customer on systems owned, operated, or managed by or on behalf of Customer in accordance with (i) the Agreement, and (ii) if applicable, the Scope of Use. Customer may authorize its and its Affiliates' employees, agents, and subcontractors (collectively, “Software Users”) to use the Software in accordance with this section (License), so long as Customer remains responsible. Customer may make a reasonable number of copies of the Software for back-up and archival purposes. For clarity, Software does not constitute Services.

b. Documentation. Google may provide Documentation describing the appropriate operation of the Software, including a description of how Software is properly used, and whether and how the Software collects and processes data. Customer will comply with any restrictions in the Documentation regarding Software use.

c. Compliance With Scope of Use. Within 30 days of Google’s reasonable written request, Customer will provide a sufficiently detailed written report describing its usage in accordance with the applicable Scope of Use of each Software product used by Customer and its Software Users during the requested period. If requested, Customer will provide reasonable assistance and access to information to verify the accuracy of Customer’s Software usage report(s).

d. Other Warranties and Compliance. Each party represents and warrants that it will comply with all laws and regulations applicable to its provision or use of the Software, as applicable. Customer will: (i) ensure that Customer and its Software Users' use of the Software complies with the Agreement and the restrictions in the Agreement applying to Customer's use of the Services; (ii) use commercially reasonable efforts to prevent and terminate any unauthorized access to or use of the Software; and (iii) promptly notify Google of any unauthorized access to or use of the Software of which Customer becomes aware. If the Software contains open source or third-party components, those components may be subject to separate license agreements, which Google will make available to Customer. Customer is solely responsible for complying with the terms of any third-party sources from which Customer elects to migrate its workloads onto the Services, and represents and warrants that such third-party sources permit the use of Software to migrate applications away from such sources. If the Agreement terminates or expires, then Customer will stop using all Software and delete it from Customer's systems.

3. Premium Software Terms. The following terms apply only to Premium Software:

a. Introduction. Google makes certain Software available under the Agreement described as “Premium Software” in an Order Form or as otherwise identified as Premium Software by Google (“Premium Software”). Customer will pay applicable Fees for any Premium Software it obtains as described in the applicable Order Form. Premium Software is Google’s Confidential Information.

b. Software Warranty. Google warrants to Customer that for one year from its delivery, Premium Software will perform in material conformance with the applicable Documentation. This warranty will not apply if (i) Customer does not notify Google of the non-conformity within 30 days after Customer first discovers it, (ii) Customer modifies Premium Software or uses it in violation of the Agreement, or (iii) the non-conformity is caused by any third-party hardware, software, services, or other offerings or materials, in each case not provided by Google.

If Google breaches this warranty, then Google will, in its discretion, repair or replace the impacted Premium Software at no additional charge. If Google does not believe that repairing or replacing would be commercially reasonable, then Google will notify Customer and (A) Customer will immediately cease use of the impacted Premium Software and (B) Google will refund or credit any prepaid amounts for the impacted Premium Software and Customer will be relieved of any then-current commitment to pay for future use of the impacted Premium Software. Without limiting the parties’ termination rights, this section (Software Warranty) states Customer’s sole remedy for Google’s breach of the warranty in this section (Software Warranty).

c. Software Indemnification. Google’s indemnity obligations under the Agreement with respect to allegations of infringement of third-party Intellectual Property Rights apply to Premium Software, and Customer’s indemnity obligations under the Agreement with respect to Customer’s use of the Services apply to Customer’s use of Premium Software. In addition to any other indemnity exclusions in the Agreement, Google’s indemnity obligations will not apply to the extent the underlying allegation arises from modifications to Premium Software not made by Google or use of versions of Premium Software that are no longer supported by Google.

d. Technical Support. Unless otherwise specified by Google, Google will make TSS available for Premium Software for an additional charge, in accordance with the TSS Guidelines.

e. Compliance. Premium Software may transmit to Google metering information reasonably necessary to verify that use of the Premium Software complies with the Scope of Use, as described in the applicable Documentation. Customer will not disable or interfere with the transmission of such metering information.

f. Updates and Maintenance. During the Term, Google will make available to Customer copies of all current versions, updates, and upgrades of Premium Software, promptly upon general availability, as described in the Documentation. Unless otherwise stated in the Documentation for the applicable component of Premium Software, Google will maintain the current release of Premium Software and the two versions immediately preceding the current release, including by providing reasonable bug fixes and security patches. Maintenance for any Premium Software may be discontinued with one year’s notice from Google, except Google may eliminate maintenance for a version and require upgrading to a maintained version to address a material security risk or when reasonably necessary to avoid an infringement claim or comply with applicable law.

4. Pre-GA Offerings Terms. Google may make available to Customer pre-general availability features, services or software that are either not yet listed at https://cloud.google.com/terms/secops/services or identified as “Early Access,” “Alpha,” “Beta,” “Preview,” “Experimental,” or a similar designation in related documentation or materials (collectively, “Pre-GA Offerings”). While Pre-GA Offerings are not Services or Software, Customer’s use of Pre-GA Offerings is subject to the terms of the Agreement applicable to Services (or Software, if applicable), as amended by this Section 4.

Customer may provide feedback and suggestions about the Pre-GA Offerings to Google, and Google and its Affiliates may use any feedback or suggestions provided without restriction and without obligation to Customer.

PRE-GA OFFERINGS ARE PROVIDED “AS IS” WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES OR REPRESENTATIONS OF ANY KIND. Pre-GA Offerings (a) may be changed, suspended or discontinued at any time without prior notice to Customer and (b) are not covered by any SLA or Google indemnity. Except as otherwise expressly indicated in a written notice or the documentation for a given Pre-GA Offering, (i) Pre-GA Offerings may not be covered by TSS, (ii) the Data Processing and Security Terms do not apply to Pre-GA Offerings and Customer should not use Pre-GA Offerings to process personal data or other data subject to legal or regulatory compliance requirements, and (iii) Google’s data location commitments set out in these Service Specific Terms will not apply to Pre-GA Offerings. With respect to Pre-GA Offerings, to the maximum extent permitted by applicable law, neither Google nor its suppliers will be liable for any amounts in excess of the lesser of (A) the limitation on the amount of liability stated in the Agreement or (B) $25,000. Nothing in the preceding sentence will affect the remaining terms of the Agreement relating to liability (including any specific exclusions from any limitation of liability). Customer's access to and use of any Pre-GA Offering is subject to any applicable Scope of Use. Either party may terminate Customer's use of a Pre-GA Offering at any time with written notice to the other party. Certain Pre-GA Offerings may be subject to additional terms stated below.

5. Benchmarking. Customer may conduct benchmark tests of the Services (each a "Test"). Customer may only publicly disclose the results of such Tests if it (a) obtains Google's prior written consent, (b) provides Google all necessary information to replicate the Tests, and (c) allows Google to conduct benchmark tests of Customer's publicly available products or services and publicly disclose the results of such tests. Notwithstanding the foregoing, Customer may not do either of the following on behalf of a hyperscale public cloud provider without Google's prior written consent: (i) conduct (directly or through a third party) any Test of the Services or (ii) disclose the results of any such Test.

6. Trials. Certain Services may be made available to Customer on a trial basis. The parameters of each trial, including any Scope of Use, may be presented to Customer either through the Order Form, Documentation, email, or as otherwise communicated by Google. Use of a trial indicates Customer’s acceptance of any such parameters.

7. Additional Definitions.

“Multi-Region” means a defined set of Regions.

“Region” means a region from which a particular Service is offered, as identified at the SecOps Services Locations Page.

“Scope of Use” means any limits on installation or usage of Services or Software presented by Google.

“SecOps Services Locations Page” means https://cloud.google.com/terms/secops/data-residency .

The following terms apply only to the Service(s) indicated in the section title.

1. Chronicle SIEM 

a. Service Models. Chronicle SIEM is available in one of the following two service models, as specified in an Order Form:

i. Data Ingestion. Customers are charged a flat rate based on data ingestion up to the Data Cap. The following terms apply to this service model:

A. Data Limitations. Chronicle SIEM is only to be used for Security Telemetry. Customer agrees that it will not provide any data to Chronicle SIEM that is not Security Telemetry.

B. Overages. If Customer exceeds its Data Cap, then Customer will purchase an increase to its Data Cap. If Customer does not purchase an increase to its Data Cap within fifteen (15) days of notice from Google, then Google may terminate the applicable Order Form(s) upon written notice to Customer.

ii. Covered Personnel. Customers are charged a flat rate per each Covered Personnel. The following terms apply to this service model:

A. Data Limitations. Chronicle SIEM is only to be used for Network Telemetry and Third Party Telemetry. Customer agrees that it will not provide any data to Chronicle SIEM that is not Network Telemetry or Third Party Telemetry. Customer further agrees to work with Google to filter Customer Data that does not constitute Network Telemetry or Third Party Telemetry.

B. Overages. Overages in the number of Covered Personnel are subject to proportional increases in Customer’s Fees during an Order Term based on any ten percent (10%) or more increase in Covered Personnel from the number reported in an Order Form. 

C. Compliance. Within 30 days of Google’s reasonable written request, Customer will provide documentation establishing that the number of Covered Personnel providing Customer Data to Chronicle SIEM does not exceed the number reported in an Order Form plus ten percent (10%).

b. Service Suspension. Google may Suspend Customer’s access to Chronicle SIEM if Customer does not comply with the data limitations provisions in Section 1(a)(i)(A) and Section 1(a)(ii)(A) (as applicable) of these Chronicle SIEM Service Terms, and Customer’s non-compliance is not cured following notice from Google within the Data Limitation Notice Period. If Google Suspends Customer’s access to Chronicle SIEM under this Section, then (i) Google will provide Customer notice of Suspension without undue delay, to the extent legally permitted, and (ii) the Suspension will be to the minimum extent and for the shortest duration required to resolve the cause for Suspension.

c. Data Period. Subject to and in accordance with the Data Processing and Security Terms, (i) Google will maintain Customer Data in Chronicle SIEM for the Data Period, and (ii) Customer instructs Google that it may delete Customer Data that is outside the Data Period.

d. Third-Party Terms. 

i. Third-Party Offerings. Customer must obtain access to any Third-Party Offerings from the respective provider (a “Third-Party Provider”). To the extent Customer provides access to the Customer’s Account to a Third-Party Offering or Third-Party Provider, Customer explicitly consents and instructs Google to allow the Third-Party Provider of any such Third-Party Offerings to access Customer Data as may be required to interact with Chronicle SIEM, including to copy Customer Data into or out of Chronicle SIEM. For clarity, Third-Party Providers are not Subprocessors (as defined in the Data Processing and Security Terms).

A. Disclaimers. The manner in which Third-Party Offerings and Third-Party Providers transmit, use, store, and disclose Customer Data is governed solely by the policies of such Third-Party Offering and Third-Party Provider. To the extent permitted under applicable law, Google will have no liability or responsibility for:

1. Customer’s use of a Third-Party Offering, including any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such Third-Party Offering, actions or the effect of actions that Customer authorizes Google to take with respect to Third-Party Offerings and a Third-Party Provider’s access to and use of Customer Data;

2. the privacy practices or other actions of any Third-Party Offering or Third-Party Provider; or

3. the accuracy, availability, or reliability of any data, information, content, services, advice, or statements made available in connection with such Third-Party Offering.

B. Representations and Warranties. Customer represents and warrants that nothing in the Agreement, or Customer’s use of Chronicle SIEM, will violate any agreement or terms with a third party to which Customer is subject. 

ii. Looker Terms. Google uses Looker and BigQuery with Chronicle SIEM for dashboarding and reporting features. Customer may only use Looker and BigQuery as part of Chronicle SIEM subject to any deployment, configuration, and use limitations provided or described by Google. Google may make Software available to Customer in connection with Customer’s use of Looker, including third-party Software. Some Software may be subject to third-party license terms, which can be found at https://looker.com/trust-center/legal/notices-and-acknowledgements . If Customer stops using Chronicle SIEM or Looker, then Customer will also stop using the Software. Notwithstanding any provision in these Chronicle SIEM Service Terms, the then-current data processing and security terms for Looker described at https://looker.com/trust-center/legal/customers/dpst are incorporated by reference in the Agreement and apply to the storage and processing of Customer Data by Looker. Customer’s access to Looker may be terminated by Google, at any time, if Customer is found to be in breach of the Agreement. Notwithstanding anything to the contrary in the Agreement, as used in this Section 1(d)(ii) in these Chronicle SIEM Service Terms, the term “Customer Data” means (a) all data in Customer’s databases provided to Looker by Customer or End Users via Chronicle SIEM, and (b) all results provided to Customer or End Users for queries executed against such data via Looker. Google’s data location commitments under General Service Terms Section 1 (Data) do not apply to Looker dashboarding and reporting.

e. Build Partners. The following terms apply where Customer purchases Chronicle SIEM as a Build Partner:

i. In the following definitions in Section f (Additional Definitions) in these Chronicle SIEM Service Terms, all references to Customer will be replaced with End User(s): (A) Covered Personnel, (B) Customer Network, (C) Network Telemetry, and (D) Third Party Telemetry; 

ii. Customer may not use Chronicle SIEM for internal purposes, unless Customer has a separate Order Form for internal use; and 

iii. In General Service Terms Section 2 (General Software Terms): (A) End Users are included in the definition of “Software Users”, and (B) Customer may reproduce and use the Software ordered by Customer on systems owned, operated, or managed by or on behalf of End Users in accordance with (Y) the Agreement, and (Z) if applicable, the Scope of Use, provided that Customer will be liable for the acts and omissions of its End Users.

f. Additional Definitions. 

“Covered Personnel” means an employee or contractor of Customer. 

“Customer Network” means the network used by Customer for internal business purposes, and all applications, software, services, and physical devices used for internal business purposes that connect to such network.

“Data Cap” means the amount of Customer Data that Customer is permitted to provide to Chronicle SIEM through the Account on an annual basis starting from the Service(s) Start Date, as specified in an Order Form.

“Data Limitation Notice Period” means either (a) 72 hours after Google’s notice to Customer of non-compliance or (b) 7 days after Google’s notice if Customer reasonably demonstrates to Google that Customer is taking reasonable steps to remedy the non-compliance.

“Data Period” means the length of time that Customer Data will be available in Chronicle SIEM, as specified in an Order Form. The Data Period is calculated on a monthly rolling, lookback basis from the current date using the event date/timestamp of the Customer Data as read by the Chronicle SIEM. If not specified in an Order Form, the Data Period is 12 months.

“Documentation” means the then-current Chronicle SIEM documentation made available by Google to its customers for use with the Services at https://cloud.google.com/chronicle/docs .

“Build Partner” means a Customer that provides its own Customer Applications that complement, enhance, or extend the reach or functionality of Chronicle SIEM for use solely by End Users. This would be applicable to Customer’s participation in the Program under the Build Engagement Model.

“Network Telemetry” means Security Telemetry generated by devices that are part of the Customer Network and does not include Security Telemetry generated by anyone other than Covered Personnel; for example Network Telemetry does not include Security Telemetry generated by Customer’s customers or Customer’s partners.

“Program” means the Google Cloud Partner Advantage Program as described in the then-current Google Cloud Partner Advantage Guide, available at https://www.partneradvantage.goog (as may be updated or modified by Google from time to time).

“Security Telemetry” means the metadata or other data that relates to Customer’s or a Customer End User’s security posture and that is produced by security related features, products, or services.

“Third Party Telemetry” means Security Telemetry Customer has received from a third party that Customer uses for purposes of securing the Customer Network.

2. Chronicle SOAR

a. Cooperation. To facilitate Google’s performance of its obligations under the Agreement and the proper provision of Chronicle SOAR, Customer and its End Users will assist Google to provide and share Performance Information at its disposal. If Customer licensed Premium Software, Customer shall facilitate Google’s remote access to the Premium Software deployed at Customer’s site or premises for the purpose of Google obtaining Performance Information. If Customer uses Chronicle SOAR, Customer will allow Google to access Customer’s account for the purpose of Google obtaining Performance Information. To the extent that Customer fails to provide the foregoing, Google shall be excused from the performance of its obligations hereunder, insofar as such performance is not possible due to Customer’s failure to so provide the foregoing.

b. Output Data. Customer assumes sole and exclusive responsibility: (i) for all acts or omissions, that Customers or others on its behalf engage in, in response to the Output Data; (ii) to thoroughly review the Output Data frequently, check for any alerts or warnings issued by the Premium Software or Services, address the findings specified in the Output Data and determine what actions are appropriate in light thereof; and (iii) to carry out such actions as Customer deems appropriate as a result of the Output Data. To the extent permitted under applicable law, Google has no responsibility or liability, regarding the Customer’s reliance upon, or use of, the Output Data, Customer's actions or omissions in connection with the Output Data, or any consequences resulting therefrom.

c. Related Systems. Customer acknowledges that given the nature of Chronicle SOAR and/or Premium Software, the use, operation and performance of Chronicle SOAR and/or Premium Software relies on the availability and proper configuration of the Related Systems. Customer acknowledges and agrees that in order to use the Services and/or Premium Software, Customer has to acquire and properly manage and configure such Related Systems, at its own responsibility, cost and expense.

d. Additional Definitions.

“Documentation” means the then-current Chronicle SOAR documentation made available by Google to its customers for use with the Services at https://documents.siemplify.co/en .

“Output Data” means the reports, alerts, notices and other types of information and data that Chronicle SOAR and/or Premium Software may generate.

“Performance Information” means the Output Data and any information about Customer’s use of Chronicle SOAR and/or Premium Software, including Chronicle SOAR and/or Premium Software’s performance, compatibility, interoperability, bugs, errors and malfunctions, in connection with Customer’s use of Chronicle SOAR and/or Premium Software, the architecture and layout of the Related Systems and Chronicle SOAR and/or Premium Software’s functions and processes as carried out with respect to the Related Systems.

“Related Systems” means Customer’s IT systems that are directly or indirectly connected with or monitored by Chronicle SOAR and/or Premium Software.

3. Mandiant

    a. Mandiant Solutions

i. Access to Mandiant Solutions. Subject to the Agreement, payment of all Fees, and any applicable Scope of Use, Customer may access and use the Mandiant Solutions in accordance with the Agreement and any Documentation, solely for its internal business purposes. 

1. Mandiant Security Validation Solutions. The Security Validation Solutions may only be used up to the purchased license entitlement listed on the Order Form. Customers purchasing the Validation on Demand version of the Security Validation Solutions are licensed to use 1 actor to conduct 1 assessment, as set forth in the Documentation, and such use must occur within 1 year from the date of the applicable Order Form. The term of the license will begin on or shortly after the Order Form Effective Date (as determined by Google).

2. Mandiant Automated Defense. Customers may only use Mandiant Automated Defense solely for the purpose of analyzing Customer Data and rendering reports of the results of such analysis to Customer.

3. Mandiant Attack Surface Management (ASM). Customers may only use Mandiant ASM up to the purchased license entitlements on the Order Form for the purpose of assessing the security of Customer’s internet-facing assets.   

4. Intelligence Subscriptions. Customer may purchase different Intelligence Subscriptions, as set forth in the Documentation. Customer’s access to the Intelligence Subscription(s) is provided through access keys or login credentials, which may not be shared between Customer’s End Users. Customer may not establish group accounts. Google reserves the right to limit the number and/or frequency of requests through the Intelligence Subscriptions, as set forth in the Documentation. In addition to any other rights under the Agreement, Google may use technical measures to prevent over-usage or to stop usage after any limitations are exceeded.

ii. Security Content. 

1. License. Mandiant Solutions may include access to certain defined files, URLs, IP addresses, file hashes, commands, network traffic samples and other artifacts that can be malicious and/or represent real attacker behavior (“Security Content”). Google grants to Customer a limited, non-transferable, non-exclusive license to use the Security Content solely in connection with the applicable Mandiant Solutions and for no other purpose. Any Security Content obtained or licensed from a third party and furnished through Google or which Customer procures on its own will be deemed a Third Party Offering under the Agreement. Google does not warrant that any Security Content made available through Mandiant Solutions will continue to be available throughout the entire Term, and Google may add or remove Security Content from time to time in its sole discretion.

2. Disclaimer. Customer understands that Security Content includes live malware, including ransomware, and that use of the Security Content in ways not strictly described in the Documentation may cause damage to Customer’s environment. Security Content is provided “as-is” and Google makes no representations or warranties regarding the Security Content and does not guarantee or warrant that the Security Content will cover all possible conditions, environments or controls. Security Content is obtained from a variety of sources, which may include known threat actors. To the maximum extent permitted by applicable law, Customer assumes all risk associated with use of the Security Content, and acknowledges that Google has no obligation to ensure Security Content will operate as intended.

3. Submission of Security Content. Mandiant Solutions may allow Customer to submit Security Content or other malware to Google. Customer acknowledges that any Security Content or other malware provided by Customer through the Mandiant Solutions is not Customer Data, and may be used, aggregated, analyzed and shared by Google to enhance the products and services Google provides to its customers.

    b. Mandiant Managed Services

i. Managed Services. During the Order Term, Google will provide Managed Services as set forth in the Documentation, according to the volume of entitlements or licenses purchased by Customer set forth in the applicable Order Form. Any services Customer requests that are not described in the Documentation will be performed at mutually agreed upon rates. If the number of entitlements or licenses exceeds the purchased volume reflected in the Order Form, Google will notify Customer in writing, and will issue an invoice for the next higher count at Google’s then-current rates prorated for the remaining portion of the then-current Order Term. 

ii. Reseller and Partner Purchases. If Customer receives Managed Services via a Google authorized partner (a “Partner”), Customer agrees that the Managed Services and any output of the Managed Services, including reports, may be delivered to Customer through the Partner. Notwithstanding anything to the contrary in the Agreement, Customer authorizes Google to disclose information related to the Managed Services and Customer Data to Partner. 

iii. Customer Responsibilities. Customer acknowledges and agrees that (i) Managed Services are not an alternative to an incident response engagement for an environment that is compromised prior to the start of the Managed Services Order Term, and (ii) Google’s ability to successfully deliver the Managed Services is dependent on the Customer’s ability to meet its responsibilities as outlined in this Section 3(b)(iii). To the maximum extent permitted by applicable law, Google will have no liability for any failure to deliver the Managed Services that may arise due to Customer’s refusal or failure to perform its responsibilities: 

1. Installation Requirements. Customer will be responsible for the following: (i) providing network architecture diagrams, physical, and logical access to Customer’s environment for the sole purpose of deploying and configuring any Managed Services supported technology (as may be defined in the Documentation); (ii) upgrading pre-existing technology to the minimum software version as referenced within the Documentation; (iii) providing confirmation that all technology within the Customer’s environment has been successfully configured and connected to its network according to the individual product’s system administration guide and the configurations supported as noted in the relevant product’s support terms; and (iv) providing the ability to establish a persistent connection to the Customer’s network within the designated port range corresponding to the country from which the Managed Services will be delivered.

2. Credential Security. Customer will be responsible for the following: (i) providing accurate information to Google for provisioning access to (and removal of) Customer personnel access to any portals associated with the Managed Services; (ii) implementing and adhering to strong password standards; (iii) providing accurate information to Google for domain whitelisting; and (iv) reporting any security issues related to the Managed Services (including any available portals) to Google immediately.

3. Network Segment Exclusion. Customer will notify Google if specific network segments will not require managed defense monitoring. Customer must provide detailed information regarding the specific network segment range when possible (e.g. guest networks, testing environments).

4. Remediating Known Compromises. Customer will make a reasonable effort to remediate any known compromises reported by Google or third party vendors. Google may choose to suppress alerts generated by known compromised systems until such time as the compromise is remediated.

5. Time and Date Settings. Customers will ensure that all supported technology has accurate time and date settings, to help ensure that time-supported alerts are accurately categorized. Google will not be responsible for reporting on alerts generated by supported technology that does not have up to date time and date settings.

iv. Exclusions. Notwithstanding anything to the contrary in the Agreement, Google will have no obligation to provide the Managed Services for (i) products or services that have been declared end of support or that are not currently supported; (ii) products or services that have no active support in place; (iii) products or services for which updates have not been applied; (iv) products or services that have not been installed and deployed; or (v) products or services that are misconfigured or incorrectly deployed, which prevents the Managed Services from monitoring. Customer acknowledges that to facilitate Google’s efficient performance of the Managed Services, Google may control some features and functionality of the underlying products and services, including by applying updates, and such features or functionality may not be available for Customer’s independent use during the Order Term of the Managed Services.

v. Protection of Customer Data. For clarity, the Data Processing Addendum applies to Mandiant Managed Services described in this Section 3(b), in lieu of the Data Processing and Security Terms applicable to Mandiant Solutions.

   c. Mandiant Consulting Services

i. Provision of Services. Google will provide Consulting Services, including Deliverables, to Customer, subject to Customer fulfilling its obligations under Section 3(c)(v) (Customer Obligations) below.

ii. Invoices and Payment. Customer will pay all Fees for Consulting Services and some Fees may be non-cancellable, as specified in the Order Form.

iii. Personnel. Google will determine which Personnel will perform the Consulting Services. If Customer requests a change of Personnel and provides a reasonable and lawful basis for such request, then Google will use commercially reasonable efforts to replace the assigned Personnel with alternative Personnel.

iv. Compliance with Customer’s Onsite Policies and Procedures. Google Personnel performing Consulting Services at Customer’s facilities will comply with Customer’s reasonable onsite policies and procedures made known to Google in writing in advance.

v. Customer Obligations.

1. Cooperation. Customer will provide reasonable and timely cooperation in connection with Google’s provision of the Consulting Services. Google will not be responsible for a delay caused by Customer’s failure to provide Google with the information, materials, consents, or access to Customer facilities, networks, or systems required for Google to perform the Consulting Services. If Google informs Customer of such failure and Customer does not cure the failure within 30 days, then Google may terminate any incomplete Consulting Services and Customer will pay actual costs incurred by Google for the canceled Consulting Services.

2. Expenses. 

a. General. Customer will reimburse expenses as specified in the applicable Order Form.  

b. Litigation Expenses. If Google is required by applicable law, legal process or government action to produce information, documents or personnel as witnesses with respect to the Consulting Services or the Agreement, Customer will reimburse Google for any time and expenses (including reasonable external and internal legal costs) incurred to respond to the request, unless Google is itself a party to the proceeding or the subject of the investigation.

vi. Protection of Customer Data. For clarity, the Data Processing Addendum applies to Mandiant Consulting Services described in this Section 3(c), in lieu of the Data Processing and Security Terms applicable to Mandiant Solutions.

vii. Intellectual Property.

1. Background IP. Customer owns all rights, title, and interest in Customer’s Background IP. Google owns all rights, title, and interest in Google’s Background IP. Customer grants Google a license to use Customer’s Background IP to perform the Consulting Services (with a right to sublicense to Google Affiliates and subcontractors). Except for the license rights under Sections 3(c)(vii)(2) (Google Technology) and 3(c)(vii)(3) (Deliverables) below, neither party will acquire any right, title, or interest in the other party’s Background IP under the Agreement. For clarity, Background IP is included in the definition of “Indemnified Materials” for each party. 

2. Google Technology. Google owns all rights, title, and interest in Google Technology. To the extent Google Technology is incorporated into Deliverables, Google grants Customer a limited, worldwide, non-exclusive, non-transferable license (with the right to sublicense to Affiliates), for the maximum term permitted by applicable law, to use the Google Technology in connection with the Deliverables for Customer’s internal business purposes. The Agreement (including these Service Specific Terms) does not grant Customer any right to use materials, products, or services that are made available to Google customers under a separate agreement.

3. Deliverables. Google grants Customer a limited, worldwide, non-exclusive, fully-paid, non-transferable license (with the right to sublicense to Affiliates), for the maximum term permitted by applicable law, to use and reproduce the Deliverables for Customer’s internal business purposes.

viii. Warranties and Remedies.

1. Google Warranty. Google will perform the Consulting Services in a professional and workmanlike manner, in accordance with practices used by other service providers performing services similar to the Consulting Services. Google will use Personnel with requisite skills, experience, and qualifications to perform the Consulting Services.

2. Remedies. Google’s entire liability and Customer’s sole remedy for Google’s failure to provide Consulting Services that conform with Section 3(c)(viii)(1) (Google Warranty) will be for Google to, at its option, (a) use commercially reasonable efforts to re-perform the Consulting Services or (b) terminate the Order Form and refund any applicable Fees received for the nonconforming Consulting Services. Any claim that Google has breached the warranty as described in Section 3(c)(viii)(1) (Google Warranty) must be made within 30 days following the date that Google has performed the applicable Consulting Services.

ix. Indemnification.

1. Indemnification Exclusions. General Terms Sections 9.1 (Google Indemnification Obligations) and 9.2 (Customer Indemnification Obligations) will not apply to the extent the underlying allegation arises from (a) modifications to the Google Indemnified Materials or Customer Indemnified Materials (as applicable) by anyone other than the indemnifying party or (b) compliance with the indemnified party’s instructions, design, or request for customized features. 

2. Infringement Remedies. The remedies described in General Terms Section 9.5 (Remedies) also apply to Deliverables.

x. Survival. If the Agreement or applicable Order Form expires or terminates, then the following Sections of these Service Specific Terms will survive for purposes of Consulting Services: 3(c)(vii) (Intellectual Property), 3(c)(ix) (Indemnification), 3(c)(x) (Survival), and 3(f) (Additional Definitions).

xi. Insurance. During the term of the Agreement, each party will maintain, at its own expense, appropriate insurance coverage applicable to performance of the party’s respective obligations under the Agreement, including general commercial liability, workers’ compensation, automobile liability, and professional liability.

xii. No Publicity. Notwithstanding anything in the Agreement to the contrary, including Sections 6 (Marketing and Publicity) and 12.16 (Conflicting Terms) of the General Terms, neither party will publicly disclose that Google is providing Mandiant Consulting Services to Customer without the other party's prior written consent in each instance.

    d. Expertise On Demand.

i. Expertise On-Demand. Google will provide Customer with the most current version of the Documentation that will describe the Services that are available through the Expertise On-Demand Subscription (“Expertise on Demand Services” or “EOD”). Customer may order any of the Expertise on Demand Services described in the Documentation during the twelve month period beginning on the Order Form Effective Date (the “Covered Period”). All Expertise on Demand Services must commence within the Covered Period, and must be requested within the time frames set forth in the Documentation to allow for scheduling so that Expertise on Demand Services may commence prior to the end of the Covered Period. 

ii. Units. Customer will pay a fixed fee (the “Package Fixed Fee”) that entitles Customer to a specific number of Expertise On Demand Units (“Units”), all as set forth on the applicable Order Form (“Unit Package”). The total Package Fixed Fee will be invoiced on or about the Order Form Effective Date. Each Expertise on Demand Service will draw down the number of Expertise on Demand Units listed for that Expertise on Demand Service in the Documentation. Customer will make each request for Expertise on Demand Services in writing as described in the Documentation. Customer may purchase additional Units (“Additional Units”) during the Covered Period. Additional Units must be used during the Covered Period, and are non-cancelable and non-refundable. Units may not be used for any Services not listed in the EOD Documentation. Any technology fees and expenses will be invoiced separately as set forth in the Documentation. Units may be used to pay for such expenses.

iii. Updates to Expertise on Demand Services. Customer acknowledges that Google may update the Documentation from time to time, and that the most current version of the Documentation (including listings of Expertise on Demand Services and Unit values) will apply to the Expertise on Demand Services. Notwithstanding the foregoing, Google will notify Customer at least twelve months in advance of discontinuing any Expertise on Demand Service or increasing the number of Units required for any Expertise on Demand Service.

iv. Incident Response Retainer. Subject to the terms governing Consulting Services, Google will provide incident response services (“Incident Response Services”) during the Covered Period, as set forth in the Documentation. Incident Response Services may include:

1. Computer security incident response support.

2. Forensics, log and advanced malware analysis.

3. Advanced threat actor response support.

4. Advanced threat/incident remediation assistance.

    e. Training Services

i. Training Services. Subject to any Training Terms, Customer may order Training Services for use in connection with Mandiant products and services. The parties will mutually agree upon delivery dates and location for Training Services. All Training Services (including rescheduled Training Services) must be scheduled and conducted within one year from the date of the Order Form on which the applicable Training Services were purchased. 

1. Private Training. Customer will request rescheduling of private Training Services no less than two weeks in advance of the scheduled start date. Google will use reasonable efforts to reschedule Training Services, subject to availability, and Customer will pay any expenses associated with the rescheduling, including changing of travel plans. 

2. Public Training. If Customer cancels attendance at any public Training Services, Customer will notify Google no later than two (2) weeks before the date of the public Training Services, and Google will issue Customer a credit for the amount paid for the public Training Services. Customer will notify Google of any substitution of a named attendee for public Training Services. Google reserves the right to refuse admittance to public Training Services to any person, for any reason. If Google refuses admittance, Google will refund the amount paid for that person’s public Training Services. Google does not refund or credit Fees paid for attendees who do not attend Training Services or who leave before Training Services conclude. Google reserves the right to cancel public Training Services and provide a refund for any reason. Customer may not record Training. 

3. On Demand Training. On-demand Training Services must be completed within ninety days of the date of purchase. Customer may not share or transfer Access credentials for on-demand Training services.

    f. Additional Definitions.

“Background IP” means all Intellectual Property Rights owned or licensed by a party (a) before the effective date of the applicable Order Form or (b) independent of the Services.

“Data Processing Addendum” means then-current terms describing data processing and security obligations with respect to Mandiant Managed Defense and Mandiant Consulting Services, as described at https://cloud.google.com/terms/secops/data-processing-addendum .

“Deliverables” means written reports that are created specifically for Customer as a result of the Consulting Services provided under the Agreement.

“Documentation” means the then-current Mandiant documentation made available by Google to its customers for use with the Services, as provided by Google upon Customer request. 

“Google Technology” means (a) Google Background IP; (b) all Intellectual Property and know-how applicable to Google products and services; (c) Indicators of Compromise; and (d) tools, code, algorithms, modules, materials, documentation, reports, and technology developed in connection with the Services that have general application to Google’s other customers, including derivatives of and improvements to Google’s Background IP. Google Technology does not include Customer Background IP or Customer Confidential Information.

"Indicators of Compromise" or "Indicators" means specifications of anomalies, configurations, or other  conditions that Google can identify within an information technology infrastructure, used by  Google in performing the Services.

“Mandiant Consulting Services” or “Consulting Services” means the then-current advisory and implementation services described at https://cloud.google.com/terms/secops/services or in an applicable Order Form. Mandiant Consulting Services do not include Training Services.

“Mandiant Managed Services” or “Managed Services” means the then-current managed detection and response services described at https://cloud.google.com/terms/secops/services or in the applicable Order Form. 

“Mandiant Solutions” means the then-current software or cloud-based services described at https://cloud.google.com/terms/secops/services or in the applicable Order Form.

“Order Form” means an order form, statement of work, or other document issued by Google under the Agreement, including data sheets associated with Services described in the order form, and executed by Customer and Google, specifying the Services Google will provide to Customer.

“Personnel” means a party’s and its Affiliates’ respective directors, officers, employees, agents, and subcontractors.

“Services” means the then-current Mandiant Solutions, Mandiant Managed Services, and/or Mandiant Consulting Services, as described at https://cloud.google.com/terms/secops/services or in the applicable Order Form. Services do not include Training Services.

“Training Services” means education and certification services related to Mandiant products and services for individual users, as more fully described in an applicable Order Form. Training Services do not include Deliverables.

“Training Terms” means the then-current terms applicable to Training Services provided to Customer by Google.