Agreements Security Management Terms & Conditions
This section governs Customer’s access to benefits available pursuant to Logically’ s Ransom Remediation Protection Program (the “Program”).
- “BEC Event” means a business email compromise (BEC) that results in funds transfer or invoice fraud.
- “Benefit End Date” means the last day of the Enrollment Term as set forth on the Logically Program Enrollment Confirmation.
- “Benefit Start Date” means the first day of the Enrollment Term as set forth on the Logically Program Enrollment Confirmation.
- “Business Income Event” means a Security Breach.
- “Compliance Event” means a cyber breach that triggers HIPAA, PCI, OSHA, and/or state related violations including, but not limited to data loss, sanctioned non-compliance penalty or fine, or other related expenses;
- “Cyber Legal Liability Event” means a suit arising out of a breach of privacy and/or security related to a cyberattack, loss or misuse of data, or media peril related to content on Customer’s website where legal defense expenses and settlement costs are incurred.
- “Enrollment Confirmation” means the email issued by Logically to Customer confirming Customer’s enrollment in the Program and establishing the Benefit Start Date and Benefit End Date.
- “Enrollment Term” means the period within which Customer may receive benefits and protection of the Program.
- “Event” means a Ransomware Event, BEC Event, Business Income Event, Compliance Event and/or Cyber Legal Liability Event that is confirmed by Logically and accepted by Logically’s third-party Provider (including an insurance carrier) as being covered under Logically’s policy or other coverage arrangements. No circumstances affecting Customer not approved and accepted by Logically and its chosen Provider shall be deemed to constitute an “Event” and trigger Program protection benefits. For avoidance of doubt, in the event that Logically’s Provider does NOT approve a claim based on facts or circumstances that Customer and/or Logically believe to be an Event, Logically will not be responsible for providing any listed Program services.
- “Provider” means any third-party with which Logically has contracted to underwrite cost reimbursement or payments to Logically in rendering services to Customer under the Program.
- “Ransomware Event” means the unauthorized access to at least one Customer endpoint in the form of ransomware which has caused material harm to Customer, whereby “material harm” must include at least one of the following: (i) the unauthorized acquisition of unencrypted digital data that compromises the security, confidentiality, or integrity of personal information or confidential information maintained by Company; (ii) public disclosure of personal information or confidential information maintained by Customer; or (iii) the compromise of at least one Customer endpoint resulting the blocking of access to such endpoint.
- “Recovery Services” means the services rendered by Logically to support the repair, remediation, and/or replacement of Customer’s environment in which damage was incurred as a result of an Event, including, but not limited to, removing and remediating those elements that caused the Event, and for which Logically is compensated by Provider.
- “Security Breach” means the malicious, intentional, and willful misuse of a Participant’s computer system to deny legitimate users’ access to their network that results in the loss of business income (net profit or loss before income taxes) which would have been earned or incurred had no loss occurred, and/or any reasonable, continuing, and normal operating expenses that were affected by the incident, as calculated in the reasonable discretion of Provider Solutions.
B. Program Benefits and Administration
- Benefit Start Date. Customer’s Enrollment Term will begin on the date of first re-occurring invoice pertaining to security services in this agreement..
- Benefit End Date. Unless otherwise terminated as provided herein, Customer’s Enrollment Term will automatically terminate on termination of associated agreement.
- Claims. During the Enrollment Term, Customer may submit a claim under the Program by notifying Logically’s help desk with associated Account Manager in copy. All claims must be submitted within 24 hours of Customer having knowledge the incident or circumstances underlying the claim. The claim by Customer must specify that one of the Events has occurred during the Enrollment Term: a Ransomware Event; BEC Event; Compliance Event; Cyber Legal Liability Event; and/or Business Income Event.
- Event Confirmation. Should an Event occur, and provided an exclusion set forth below does not apply, Logically will provide Customer with Recovery Services, subject to the following: (i) Customer may only make one (1) claim during a 12 month period; and (ii) Logically remaining the exclusive service provider engaged to render the Recovery Services.
- Recovery Services Program Benefits and Limits. Program coverage limits related to the Recovery Services to be rendered by Logically are as follows: $100,000 of Ransomware Event protection; $100,000 of Compliance Event protection; $50,000 of Business Income Event protection; $250,000 of Cyber Legal Liability protection (client must first exhaust any other applicable service guarantee or protections available). Logically expressly reserves the right to modify protection limits and associated fees based on Provider changes. Logically shall be reimbursed directly by its Provider in rendering Recovery Services under the Program.
- Recovery Service Exclusions. Recovery Services may be restricted to the country in which Customer subscribed to the Program. Recovery Services will not be provided if any one or more of the following conditions occur specific to the nature of the loss: (i) Customer fails to take commercially reasonable measures to undertake preventative maintenance, including patching that is up to date per the software manufacturer’s release cycle; (ii) Customer fails to deploy an offline data backup solution for critical business data; (iii) Customer fails to deploy industry standard and up-to-date anti-virus or comparable prevention tools on its endpoints; (iv) Customer does not have Logically’s security services actively deployed in the Customer’s environment in which the Event occurred; (v) Customer’s Services Agreement with Logically has terminated or expired; (vi) Customer is unable to provide proof of the Event or cannot verify the Event through log/event data; (vii) There is a systemic failure of Logically’s infrastructure that results in an Event; (viii)The Event did not occur during the Enrollment Term; (ix) Customer does not submit a claim during the Enrollment Term; and (x) If Customer is regulated under HIPAA/PCI/SEC: Customer has not completed an annual risk assessment and documented risks; PHI Inventory has not been fully completed and accounted for prior to an incident and claim; Subject to Customer’s standard historical employment practices related to HIPAA training for new employees, all of Customer’s employees have not completed HIPAA training within the 12 months prior to any incident and claim; and/or Customer has not adopted and adhered to all privacy and security policies related to the state and/or other federal regulatory requirements to which Customer is subject prior to any Event.