The Agreement for Entrust's PKI as a Service ("PKIaaS") is made up of these terms of use (the "PKIaaS Schedule"), the Entrust General Terms and Conditions ("General Terms") available at https://www.entrust.com/general-terms.pdf and an Order for PKI as a Service. Capitalized terms not defined herein have the meanings given to them in the General Terms.
You, as the individual accepting the Agreement (as defined in the General Terms), represent and warrant that you are lawfully able to enter into contracts (e.g. you are not a minor). If you are entering into the Agreement on behalf of a legal entity, for example, the company or organization you work for, you represent to us that you have legal authority to bind such legal entity. IF YOU DO NOT ACCEPT THE TERMS AND CONDITIONS OF THE AGREEMENT (OR YOU DO NOT HAVE THE LEGAL AUTHORITY TO ENTER INTO CONTRACTS OR TO BIND THE LEGAL ENTITY ON WHOSE BEHALF YOU ARE PROVIDING SUCH ACCEPTANCE), YOU SHALL NOT ACCESS OR USE THE HOSTED SERVICE. THE CONTINUED RIGHT TO ACCESS AND USE THE HOSTED SERVICE IS CONTINGENT ON CONTINUED COMPLIANCE WITH THE TERMS AND CONDITIONS OF THE AGREEMENT BY YOU (OR BY THE LEGAL ENTITY ON WHOSE BEHALF YOU ARE PROVIDING ACCEPTANCE).
In consideration of the commitments set forth below, the adequacy of which consideration the parties hereby acknowledge, the parties agree as follows.
Definitions.
- "Administration Information" means information in and related to Management Account and information generated by Customer's usage of the Hosted Service, such as Customer's access credentials, contact information for Administrators, license entitlements, and Certificate consumption.
- "Certificate" means a digital document issued by the certification authority ("CA") that, at a minimum: (a) identifies the CA issuing it, (b) names or otherwise identifies a subject, (c) contains a public key of a key pair, (d) identifies its operational period, (e) contains a serial number and (f) is digitally signed by the CA. Certificates issued by a root CA to an issuing CA are "CA Certificates".
- "CPS" means the most recent version of the Entrust PKIaaS Certification Practices Statement identifying the policy/ies, practices, requirements and rules applicable to the Certificates issued by the Hosted Service as posted at http://www.entrust.net/cps.
- "Customer Content" means any data, text or other content that Customer or any User transfers to Entrust for processing, storage or hosting by the Hosted Service and any computational results that Customer or any User derives from the foregoing through its use of the Hosted Service, and includes Administration Information.
- "Device" means an electronic endpoint in a network, system, or application, such as a computer, laptop, terminal, workstation, server, pager, telephone, smartphone, tablet, microservice container, or other physical object enabled through embedded technology to execute functions and collect and exchange data.
- "Hosted Service" means, in this PKIaaS Schedule, the specific public key infrastructure elements and services of PKIaaS that Customer has purchased as specified in the Order, and includes at a minimum one root CA, one issuing CA, and a Management Account.
- "Management Account" means a self-service administration tool hosted by Entrust that identifies Customer by its full legal name in the "Customer Name" field, tracks Customer's entitlements with respect to the Hosted Service and enables Customer, as applicable in accordance with its entitlements, to manage the issuance, revocation, and expiry of one or more Certificate(s) and provision and configure Hosted Service components and functions.
- "Registration Authority" means a Person responsible for verifying the identity of Subscribers.
- "Relying Party" means a Person that relies on a Certificate and/or any digital signatures verified using that Certificate.
- "Subject" means the Person or Device identified in a Certificate, who or which holds the private key associated with the public key given in the Certificate.
- "Subscriber" means the Person who applies for or is issued a Certificate.
- "User" has the meaning set out in the General Terms, and in this PKIaaS Schedule, includes Customer's Affiliates and any Person who is an Administrator (as defined below), or a Subscriber or Subject of any Certificates issued by the Hosted Service.
PKI as a Service Details.
- Hosted Service Provision. Entrust will generate, provide and operate, as applicable, the Hosted Service in accordance with the CPS, the Documentation, and Customer's Order(s) for the Hosted Service.
- Security Measures. Entrust will implement and maintain commercially reasonable physical and procedural security controls for the Hosted Service as detailed in the CPS.
- Hosted Service Revisions. Entrust may modify Hosted Service features and functionality at any time. Additionally, Entrust may add, reduce, eliminate or revise service levels at any time where a third-party service level agreement applicable to the Hosted Service has been changed. Where any such change will cause a material detrimental impact on Customer, Entrust will take commercially reasonable efforts to provide Customer sixty (60) days prior written notice (email or posting notice on Entrust's website constitutes written notice). It will be Customer's responsibility to notify its Users of any such changes.
Grant of Rights. Customer receives no rights to the Hosted Service other than those specifically granted in this Section 3 (Grant of Rights).
- General. Subject to Customer's (and Users') compliance with the Agreement, Entrust grants Customer, during the Offering Term, a personal, worldwide, non-exclusive, non-transferable, non-sub-licensable right to access and use the Hosted Service, and to grant its Users the ability to access and use the Hosted Service, and to distribute Certificates issued by the Hosted Service in each case (a) in accordance with this PKIaaS Schedule and the CPS; (b) in accordance with the Documentation; (b) in accordance with any specifications or limitations set out in the Order or imposed by technological means (such as a license code provided by Entrust) of the capabilities of the Hosted Service that Customer is permitted to use, such as limits associated with subscription levels, on numbers or types of Certificates, identities, Users, signatures or Devices, and on types of deployment (e.g. high availability, test or disaster recovery); and (c) subject to the general restrictions set out in Section 3 of the General Terms (General Restrictions).
- Evaluation. At Entrust's discretion, it may provide Customer with access to and right to use the Hosted Service for evaluation purposes, in which case, notwithstanding anything to the contrary in the Agreement, either this Section 3.2 (Evaluation) or a separate evaluation agreement executed by the parties will apply. Subject to Customer's compliance with all restrictions, conditions and obligations in the General Terms, this PKIaaS Schedule, the CPS, and an applicable Order (if any), for thirty (30) days Customer may, solely as necessary for Customer's evaluation of the Hosted Service, access and use the Hosted Service exclusively in and from a test (non-production) environment (and which environment contains, for clarity, only fictitious non-production data). Entrust may extend the evaluation period in writing at its discretion. Evaluation purposes exclude any purpose from which Customer (or any of its Users) generates revenue. Sections 3.1 (General), 7 (Support), 11.1 (Term) and 14 (Publicity) do not apply to any evaluation of the Hosted Service. Entrust may in its sole discretion suspend or terminate any and all evaluation access and other evaluation rights to the Hosted Service at any time, for any or no reason, without advance notice.
Customer Roles and Responsibilities.
- PKIaaS Participants and Roles. Customer will have one or more roles with respect to the Hosted Service , and will fulfill the responsibilities and functions of such roles as set out in the CPS. In addition, Customer exercises its rights and obligations with respect to the Hosted Service, through individuals that the Customer appoints at its discretion ("Administrators"). The Administrators initially appointed by Customer will be provided to Entrust during enrollment. Such appointment may be modified using means established by Entrust from time to time. Customer agrees that Entrust is entitled to rely on instructions provided by the Administrators with respect to the Hosted Service as if such instructions were provided by the Customer itself.
- Users and Other Third Parties. Customer will make no representations or warranties regarding the Hosted Service or any other matter, to Users, Relying Parties and/or any other third party, for or on behalf of Entrust, and Customer will not create or purport to create any obligations or liabilities on or for Entrust regarding the Hosted Service or any other matter. Entrust may direct any requests or other communications by Users or Relying Parties to Customer.
- Customer-hosted Components. If Customer's Order for a Hosted Service includes on-premise Software components, or if Customer uses any third party products or services in connection with the Hosted Service (collectively, "Customer-hosted Products"), Customer will be responsible for the lifecycle management (patching, upgrades, etc.) of such Customer-hosted Products and the security of the environment where it installs and uses such Customer-hosted Products. Customer will implement commercially reasonable security measures with respect to the Customer-hosted Products and the environment where they are installed. Without limiting the foregoing, Customer will: (i) operate the Customer-hosted Products in an environment with appropriate physical, personnel, and electronic security measures; and (ii) for any Customer-hosted Products that are or include software, always use the current version of such software and promptly install any security patches and any upgrades/updates required for proper functioning of all features of the Hosted Service. Customer understands if it fails to comply with this Section it could create a security risk and/or otherwise negatively impact the operation of the Hosted Service and Entrust may have the right to suspend the Hosted Service in accordance with Section 12 (Suspension). In addition, Customer may not be able to access new features or functions of the Hosted Service if it does not comply with this Section.
- Network Requirements. Customer is responsible for procuring, maintaining, monitoring and supporting its communications infrastructure, network (LAN or WAN), and all components that connect to the Hosted Service(s). Entrust assumes no responsibility for the reliability or performance of any connections as described in this paragraph for any such external infrastructure, nor for any service degradation or failures caused by network connectivity of such external infrastructure.
- Devices. For Certificates issued to Devices, Customer is responsible for ensuring that the relevant Devices support and are interoperable with the Certificates.
- Unauthorized Access. Customer will take reasonable steps to prevent unauthorized access to the Hosted Service, including, without limitation, by securing, protecting and maintaining the confidentiality of its access credentials. Customer is responsible for any access and use of the Hosted Services via Customer's Management Account and for all activity that occurs in Customer's Management Account. Customer will notify Entrust immediately of any known or suspected unauthorized use of the Hosted Service or breach of its security and will use best efforts to stop such breach or unauthorized use. The foregoing shall not reduce Customer's liability for all its Users.
Customer Content.
- Customer Content and Administration Information. Entrust agrees to access and use the Customer Content only to the extent necessary to provide the Hosted Service, or as necessary to comply with law or a binding order of a governmental body. Notwithstanding the foregoing, the Administration Information may be processed for the purposes of billing, providing Support and to investigate fraud, abuse or violations of this Agreement in the United States, Canada and other locations where Entrust maintains its support and investigation personnel.
- Cloud Risks & Data Safeguards. Customer understands that PKIaaS is a cloud-hosted service. Although Customer Content may be encrypted, Customer acknowledges that there are inherent risks in storing, transferring and otherwise processing data in the cloud, and that Entrust will have no liability to Customer for any unavailability of the Hosted Service, or for any damage, theft, unauthorized access, compromise, alteration, or loss occurring to Customer Content or any data stored in, transferred to or from, or otherwise processed by the Hosted Service, including in transit. Customer is responsible for determining whether the Hosted Service offers appropriate safeguards for Customer's intended use of the Hosted Service, including any safeguards required by applicable laws, prior to transmitting or processing, or prior to permitting Users to transmit or process, any data or communications via the Hosted Service.
- Consents. Customer represents and warrants that Customer (and/or Users) will have obtained any requisite rights and consents, and made any requisite disclosures to relevant Users or other third parties, in accordance with all applicable laws, rules or regulations, to enable Customer and its Users to transfer the Customer Content to Entrust. Customer hereby grants Entrust (including any of its applicable Affiliates, subcontractors or hosting service providers) all rights and consents required for the collection, use, and disclosure of the Customer Content in accordance with the Agreement. Customer shall be responsible for the accuracy, quality and legality of Customer Content and the means by which Customer acquired them.
- Non-Disclosure. For the purposes of this PKIaaS Schedule, the definition of "Confidential Information" in the General Terms excludes any Customer Content. Except as otherwise provided in this Section (Customer Content) or in the Agreement, Entrust shall not disclose to any third party any Customer Content that Entrust obtains in its provision of the Hosted Service. However, Entrust may make such information available (i) to courts, law enforcement agencies or other third parties (including release in response to civil discovery) upon receipt of a court order or subpoena or upon the advice of Entrust's legal counsel, (ii) to law enforcement officials and others for the purpose of investigating suspected fraud, misrepresentation, unauthorized access, or potential illegal activity by Customer in the opinion of Entrust and (iii) to third parties as may be necessary for Entrust to perform its responsibilities under this Agreement.
Software. If Entrust provides any Software in connection with the Hosted Service, the Schedule provided with the Software will apply (and not this PKIaaS Schedule). If no more specific Schedule is provided with the Software, the Schedule for the Software is the end user license available at https://www.entrust.com/end-user-license.pdf.
Support. Entrust provides the support commitments set out in the Support Schedule available at https://www.entrust.com/certificatesolutions-identity/support-schedule.pdf for the Hosted Service and any Software provided in connection with the Hosted Service. The "Silver Support Plan", as described in the Support Schedule, is included at no additional charge with a subscription to PKIaaS. Other levels of Support may be available for purchase for an additional fee.
Interoperability. Entrust or third parties may make available plugins, agents or other tools that enable the Hosted Service to interoperate with third party products or services (each, an "Interoperation Tool"). Customer acknowledges and agrees that such Interoperation Tools are not part of the Hosted Service, are licensed separately, and that Entrust grants no rights, warranties or support for any Interoperation Tools or for the interoperability of the Hosted Service with such Interoperation Tools under this PKIaaS Schedule. If Customer uses any Interoperation Tool, Customer has exclusive responsibility to ensure that it has any and all requisite rights to use the Interoperation Tool, including using it to transfer any data from or to the Hosted Service, and to use the product or service with which it connects. The use of an Interoperation Tool does not create any data subprocessor relationship between Entrust and any third party.
Indemnification.
- Claims. In addition to the indemnification obligations in the General Terms, Customer shall defend, indemnify and hold harmless Entrust and its licensors against any damages, settlements, costs and expenses, including court costs and reasonable attorney's fees awarded against Entrust, arising out of or related to any third party claims, demands, suits, proceedings concerning any of the following (each, a "Claim"): (i) Customer's breach of, or errors in providing, the representations and warranties set out in Section 5 (Customer Content); (ii) a violation of applicable law by Customer, Users, or Customer Content; (iii) an allegation that the Customer Content infringes or misappropriates a third party's intellectual property rights; (iv) a dispute between Customer and any User or Relying Party; and (v) the use or reliance of a Relying Party on a Certificate issued for Customer.
- Conditions. The obligations under this Section 9 (Indemnification) will apply only if Entrust (i) gives to Customer prompt written notice of each Claim threatened or received by Entrust, provided that any failure to provide prompt written notice will not relieve Customer of its obligation under this Section unless the failure prejudices the ability to defend the claim; (ii) gives to Customer the exclusive right to control and direct the investigation, defense and settlement of such Claim, and (iii) has not compromised or settled the Claim. In no event will Customer agree to any settlement of any Claim that involves any commitment, other than the payment of money that will be paid by Customer, without the written consent of Entrust.
Fees. Customer will pay the costs and fees for the Hosted Service as set out in the applicable Order, which are payable in accordance with the Order and the General Terms.
Term & Termination.
- Term. The Hosted Service is sold on a subscription basis for the Offering Term set out on the Order.
- Termination. In addition to the termination rights in the General Terms, Entrust may terminate the Agreement for the Hosted Service (i) if Customer commits a material breach of this PKIaaS Schedule and fails to remedy such material breach within 30 days (or such longer period as Entrust may approve in writing) after delivery of the breach notice; and (ii) for any reason by providing Customer advance notice of at least 1 year, unless Entrust discontinues the general commercial availability of the Hosted Service, in which case Entrust may terminate the Agreement upon 180 days' notice to Customer.
- Effects of Termination. Without limiting the generality of the effects of termination set out in the General Terms, upon termination of the Hosted Service, the CAs forming part of the Hosted Service will be inaccessible, Entrust will cease provide status reporting and may revoke the CA Certificates, and Customer's rights to use or access the Hosted Service, including the ability to use the Hosted Service to revoke Certificates, will cease. Customer understands that any use or reliance on unrevoked Certificates is entirely at Customer's own risk.
Suspension. In the event that Entrust suspects any breach of the Agreement or CPS by Customer and/or Users, Entrust may suspend Customer's, and/or such Users' access to and use of the Hosted Service without advanced notice, in addition to such other remedies as Entrust may have pursuant to the Agreement. Nothing in the Agreement requires that Entrust take any action against any Customer, User or other third party for violating the Agreement, but Entrust is free to take any such action at its sole discretion.
Third Party Products. Customer acknowledges and agrees that certain third party vendor ("Vendor") products and services ("Vendor Products") may be made available through or in connection with the Hosted Services. Except as expressly stated in this PKIaaS Schedule, Entrust has no obligation and excludes all liability with respect to Vendor Products, the use of which shall be exclusively subject to the Vendor's terms, conditions and policy documents ("Vendor Terms") embedded in or otherwise delivered with the Vendor Products. In particular, if Customer purchases any Sixscape Vendor Products through Entrust or in connection with PKIaaS, use of the Sixscape Vendor Products shall be subject to the SixScape Vendor Terms embedded in or delivered with the products and those which can be retrieved at www.sixscape.com/product-and-warranty/. Entrust shall provide support in relation to the Sixscape Vendor Products pursuant to the Support Schedule, with the following exceptions: (a) if resolution of any incident requires changes or fixes to the Vendor Products, Entrust's sole obligation will be to escalate such incident to the Vendor; and (b) any time periods set out in the Support Schedule shall exclude any time during which Entrust is required to wait for a response or resolution from Vendor.
Publicity. Customer agrees to participate in Entrust's press announcements, case studies, trade shows, or other marketing reasonably requested by Entrust. During the Term and for thirty (30) days thereafter, Customer grants Entrust the right, free of charge, to use Customer's name and/or logo, worldwide, to identify Customer as such on Entrust's website or other marketing or advertising materials.