Terms of Service

Per our the terms of our MSA these additional terms apply to our agreements:

MICROSOFT M365 & AZURE

CTN provides Microsoft services as part of our NetCare service agreements and bills for such services on our monthly invoices.   The terms of Microsoft services can be found here:  https://www.microsoft.com/en-us/servicesagreement

Please note that the agreement terms for Microsoft services range from one to three years depending on the Microsoft offering.  The terms are as follows:

M365 (NCE licensing):  1 Year Term

M365 (retail / non-discounted licensing):  Month to Month Term

Azure (hosted servers – resources and data storage):  3 Year Term

The Microsoft agreement term period is often different from the CTN NetCare / IT service period.  In the event that the client terminates the NetCare or IT service agreement with CTN, the NetCare Virtual / Microsoft services shall remain in effect through the end date of the most recent renewal.

SECURECARE

  1. Cyber security incident response and remediation services are not included in the Advanced Services.
  2. Other “non-standard” support services such as remediation and data restoration shall be billed hourly or per a fixed fee statement of work (SOW).
  3. CTN does not guarantee compliance to any insurance policy, law, regulation, or other compliance requirements that Client may be held to.
  4. CTN does not warrant or guarantee that Client will not be negatively impacted by any breach, virus, malware, hack, or any other malicious activity.
  5. Cyber Issue Classification – When a cyber issue is reported, CTN shall analyze the information provided by Client and classify such issue by assigning it an Incident Severity, an Incident Resolution Level, as well as a Generic or Specific SLA (the “ISSUE CLASSIFICATION”). CTN shall share with Client the initial ISSUE CLASSIFICATION and any updated ISSUE CLASSIFICATION in the form of e-mail. CTN shall work on an issue until it is confirmed to Client via e-mail, and Client accepts via e-mail, that the Incident Resolution Level is at level 3 (Complete Resolution). In the event that Client does not confirm acceptance of the complete resolution of the issue in the next three (3) business days following reception of the confirmation from CTN, such issue will be considered automatically closed.
  6. CTN may, from time to time, adjust, amend, and/or enhance the scope of services covered in this Agreement.
  7. SecureCare support is offered for all currently supported Microsoft operating systems as defined by Microsoft as supported operating systems.  Support requested of CTN for non-supported Microsoft operating systems shall not be covered within the Scope of Services.
  8. All other non-Microsoft operating systems will be evaluated on a case by case basis to determine compatibility with SecureCare services.  Unless noted herein, support for non-Microsoft operating systems will not be covered under this agreement.
  9. Client shall maintain current warranties with all hardware and software (including line of business software) installed on the network.  Support requests related to hardware and/or software not covered by a manufacturer’s warranty will not be covered under the SecureCare Service Agreement.
  10. The Client Base Fee will not be reduced regardless of client user count.  Any discounts may be modified if users are decreased based on the user count when the discount was provided.
  11. CTN does not prorate our invoices when service items are added or deleted.  Changes are reflected on the next month invoice.  CTN reserves the right to charge a setup fee when adding new service items.
  12. CTN does not cover support for home networks, firewalls, internet connectivity, or any other non-covered devices or services. Should such support be requested, CTN will evaluate our ability to provide such support and will bill for any support on an hourly basis.
  13. CTN deploys agents that are an integral component for the proper functioning of SecureCare. Removal, disablement, or any other modification of these agents is strictly prohibited.  In the event our agents are disrupted our services provided under this agreement will not function properly.
  14. CTN requires the Client to be in compliance with active NetCare and Master Services Agreements.
  15. Support Issues related to the services – Related to a suspected issue identified and reported by Client, Client shall undertake to (i) analyze the suspected issue to determine if it is the result of Client’s misuse or misunderstanding of the SERVICES or the performance of a third party, and (ii) collect and provide to CTN all relevant information relating to the issue. If a reported issue is directly caused by something that is not part of the SERVICES, then CTN is not obliged to perform support services in respect of such issue.
  16. Custom DNS policies may be defined for an additional fee.

SERVICE LEVEL AGREEMENT

CTN will service and address Client requests within the provisions set in this Service Level Agreement (“SLA”).  This Schedule C document shall be considered part of the Master Services Agreement (MSA) that has been executed by both CTN and Client.  CTN reserves the right to amend our SLA.  Such amendments shall be posted on our website or provided as an updated Schedule C document to Client.

 Definition of NOC and Level 1, 2, 3 Support

Network Operations Center (NOC) – CTN maintains a 24 x 7 NOC team that remotely monitors contractually covered servers with installed agents and is capable of addressing and resolving most automated alerts from such devices.

Level 1 Support – CTN maintains a 24 x7 Service Desk team for remote problem determination and attempted resolution of service requests initiated by the NOC or by the client.  If Level 1 support cannot resolve an issue, it is escalated to Level 2.

Level 2 Support – Network engineers responsible for resolving escalated service requests from Level 1.  The most complex issues that cannot be resolved are escalated to Level 3.

Level 3 Support – Senior engineers / architects who are the final step in resolving a service request.

Note:  Only Level 2 / 3 engineers will be dispatched to a client location.  In the event it is determined that a service request can only be resolved by the hardware or software vendor, escalation will be made to the vendor with CTN providing coordination and support to the vendor.

Prioritization of Service Requests

CTN has developed a way of prioritizing service requests so that depending on the urgency of the issue, requests may be addressed appropriately.  We manage service requests within the following parameters:

NOC Response Time – The NOC responds to alerts within 10 minutes of receiving a device alert.  Be advised that alerts to the NOC are delayed by 15 – 20 minutes to allow for client server reboots.  If you notice a server issue before our NOC does, please report it to our Level 1 Service Desk.

Level 1 Response Time – 95% of calls answered within 5 minutes.  A ticket is escalated to Level 2 if the time taken to resolve it reaches more than 30 minutes unless the Client wants Level 1 to continue work on the ticket.

Level 2 / 3 Response Time –  Response times start at the point when the escalation occurs from the NOC and Level 1.

The table below outlines the response times and severity levels.

 

Severity Level

Service Issue Example

Expected Remote Response Time

Expected Time To Dispatch to Client Site1

Priority 12

Major systems are down; Network-wide impact

Within 15 Minutes

Within 4 hours

Priority 2

Line of business software not functioning; Widespread business functions impeded

Within 2 Hours

Within 8 Business Day Hours

Priority 3

Single user issue

Within 4 Hours

Within 12 Business Day Hours

1 – Starts at the end of the expected remote response time.

2 – Level 2 and 3 will dispatch after business hours upon the direction of the Client.  Charges may be incurred depending on Scope of NetCare Services (Schedule A).

Response / Dispatch Example – A priority 2 service request is received at 2 PM on Tuesday.  Level 1 is allotted up to 30 minutes to attempt resolution.  At 2:30 PM, Level 1 escalates to Level 2.  Level 2 is allotted up to 2 hours to respond / resolve remotely.   At 4:30 PM, the decision is made that services are need at the Client site.  CTN has up to 2:30 PM the next day to dispatch based on our hours of operation listed below.

CTN will determine during the client on-board what client systems constitute a Priority 1 Severity.

Hours of Operation

 

NOC Availability

Level 1 Availability

Level 2 (Priority 1)

Level 2 / 3 Availability

(Priority 2 and 3)

24 x 7

24 x 7

24 x7

8AM – 6PM

Weekdays (excluding holidays)

Note:  CTN may make resources available outside of business hours for certain Priority 2 and 3 services requests.  Such services may be billable to the Client. 

CTN’s normal business hours of operation for Level 2 / 3 services are 8AM – 6PM EST Monday through Friday, excluding holidays. This is a “business day” for the purposes of this SLA.  NOC and Level 1 Service Desk services are available 24 hours a day, 7 days a week, 365 days a year.  Services provided by Level 2 / 3 are either charged against the applicable Service Agreement per the Scope of Services (Schedule B) or billed hourly per the Client Rate Card.

The SLAs above governs CTN’s response and not whether a service request is covered within the NetCare Scope of Services or billable hourly outside of the Scope of Services.

Data Backup Retention

In the event that CTN is offering SafeData backup services, we offer various data retention options for client server, company, and user data.  At a minimum, CTN recommends a minimum of 30-days retention.  Data deleted or changed within the system by the Client after the backup retention period has passed will not be available for restore.  For example, a user deletes a file and needs that file restored.  The Client retention period is 30 days and the file was deleted 45 days ago.  In this situation, the file will not be available for restore.  The backup retention period is defined in the Service Fees and Statement of Work – Schedules A and B.

Email Data Archive / Retention

In the event that CTN is offering Hosted Exchange services, email data is retained for restoration purposes for 7 days only in the event of a need to recover a mailbox due to a disaster.  CTN recommends that the client choose an email archive period of at least 30 days to extend that timeframe.  If a user deletes an email within the retention timeframe it is still available within the archive.  The Email Archive period is defined in the Service Fees and Statement of Work – Schedules A and B.

Service Problems, Outages, and Downtime

In the event that CTN discovers or is notified by Client of Downtime or a Force Majeure Event that results in the unavailability of the NetCare Virtual Cloud, CTN will take all reasonable actions necessary to determine the source of the problem and to resolve the problem as soon as reasonably practicable after determining its source.  CTN will use Commercially Reasonable Efforts to minimize any disruption, inaccessibility and/or inoperability of the NetCare Virtual Cloud during Normal Business Hours in connection with any Downtime or Force Majeure Event.  Downtime means the NetCare Virtual Cloud solution is completely inaccessible.

BARRACUDA COMPLETE SERVICES

CTN’s email security solution will help detect and prevent unwanted or malicious emails from getting to the user’s inbox and provide end-user training. CTN also introducesour cloud-based archiving to service to archive messages, calendars, tasks, contacts, and public folder. This service also provides unlimited Cloud-to-Cloud-Backup for Exchange, email, SharePoint, OneDrive for Business, Teams and Groups data.

Key features of this solution include:

1) Deployment of our spam filtering solution will detect virus infested emails from getting to users email inboxes.

2) Enabling anti-phishing for all users’ mailboxes will prevent phishing emails from getting through to user’s inboxes.

3) Enabling email encryption will allow users to send and receive encrypted emails and also prevent data loss

4) Enabling our cloud archiving service users will be able to archive messages, calendars, tasks, contacts and public folders.

5) Deployment of our Cloud-to-Cloud backup solution provides unlimited storage and retention and the ability to locate and restore files.

Barracuda Email Complete – Included Services

Anti-Spam

  1. CTN implements a cloud-based email security service that protects both inbound and outbound emails against the latest threats.

Enhanced Phishing Protection  

  1. CTN enables this solution to detect threats inside the customers email system that typical security gateways can’t see.

Email Encryption  

  1. CTN creates a policy to allow user to send and receive encrypted emails.
  2. CTN will enable data loss prevention.

Cloud Archiving Service  

  1. CTN enables our cloud-based archiving solution for defined objects.
  2. CTN enables automatic email archiving which will preserve and apply legal holds to emails.
  3. CTN defines and enables Outlook plug-ins

Cloud-to-Cloud-Backup  

  1. CTN deploys our Backup  solution for Exchange, email, SharePoint, OneDrive for Business, Teams and Groups data.
  2. CTN provides unlimited storage and retention for Exchange Online, SharePoint, OneDrive for Business, Teams, and Groups data.
  3. CTN finds and recover files, folders, and mailboxes and restore s to the same account/location or to a different account/location
  4. CTN enables granular restore for Email, SharePoint, and OneDrive.
  5. CTN will restore after corruption, malware, or ransomware.

CTN Responsibilities

  1. Provide the services as defined in the prior section –Email Security – Included Services
  2. CTN will coordinate the onboard process. Client will be provided with an Onboard Process overview with three (3) days of acceptance of this Scope of Services.
  3. Ensure stakeholder approval and customer satisfaction through sign off on relevant deliverables.
  4. Conduct an onboard closeout meeting involving all team members and stakeholders.

CTN 360 PROTECT PROGRAM

The following terms and condition apply to our CTN 360 PROTECT Program.  CTN Is the PRIME SUBSCRIBER and Client is the PARTICIPANT.

  1. Any capitalized terms not otherwise defined herein shall have the meaning set forth in the Solutions Agreement (“Solutions Agreement”) made by and between Participant and PRIME SUBSCRIBER for the delivery of the PRIME SUBSCRIBER solutions.
    1. “BEC Event” means a business email compromise (BEC) that results in funds transfer or invoice fraud;
    2. “Benefit End Date” means the last day of the Enrollment Term as set forth on the Enrollment
    3. “Benefit Start Date” means the first day of the Enrollment Term as set forth on the Enrollment
    4. ”Business Income Event” means a Security
    5. Compliance Event” means a cyber breach that triggers HIPAA, PCI, OSHA, and/or state related violations including, but not limited to data loss, sanctioned non-compliance penalty or fine, or other related expenses;
    6. “Cyber Legal Liability Event” means a suit arising out of a breach of privacy and/or security related to a cyberattack, loss or misuse of data, or media peril related to content on Participant’s website where legal defense expenses and settlement costs are incurred;
    7. “Enrollment Confirmation” means the email issued by PRIME SUBSCRIBER to Participant confirming Participant’s enrollment in the 360 Protect Program upon Participant’s enrollment in the Token Portal and sets forth the Benefit Start Date and Benefit End Date.
    8. “Enrollment Term” means the period within which Participant may receive Recovery Benefits and which begins on the Benefit Start Date as defined in Section 2(a) below and ends on the Benefit End Date as defined in Section 2(b) below.
    9. “Event” means a Ransomware Event, BEC Event, Business Income Event, Compliance Event and Cyber Legal Liability
    10. “Provider” means PRIME SUBSCRIBER’s third-party service provider who has contracted with PRIME SUBSCRIBER to provide Participant with the benefits set forth herein;
    11. “Ransomware Event” means the unauthorized access to at least one Participant endpoint in the form of ransomware which has caused material harm to Participant, whereby “material harm” must include at least one of the following: (i) the unauthorized acquisition of unencrypted digital data that compromises the security, confidentiality, or integrity of personal information or confidential information maintained by Participant; (ii) public disclosure of personal information or confidential information maintained by Participant; or (iii) the compromise of at least one Participant endpoint resulting the blocking of access to such endpoint;
    12. “Recovery Services” means the funds or services provided by Provider to support the repair, remediation, and/or replacement Participant’s environment in which damage was incurred as a result of an Event, including, but not limited to, removing and remediating those elements that caused the Event; and
    13. “Security Breach” means the malicious, intentional, and willful misuse of a Participant’s computer system to deny legitimate users’ access to their network that results in the loss of business income (net profit or loss before income taxes) which would have been earned or incurred had no loss occurred, and/or any reasonable, continuing, and normal operating expenses that were affected by the incident, as calculated in the reasonable discretion of Provider Solutions.
  2. 360 Protect Program
    1. Benefit Start Participant’s Enrollment Term will begin on the Benefit Start Date.
    2. Benefit End Date. Unless otherwise terminated earlier pursuant to Section 9 below, Participant’s Enrollment Term will automatically terminate on the Benefit End Date.
  3. 360 Protect Program Benefits. During the Enrollment Term, Participant may submit a claim by notifying Provider at claims@cysurance.com that one of the Events has occurred during the Enrollment Term:
      1. Ransomware Event
      2. BEC Event;
      3. Compliance Event;
      4. Cyber Legal Liability Event; and/or
      5. Business Income
  4. Should an Event occur, and provided an exclusion set forth in Section 4 below does not apply, Provider will provide Participant with Recovery Services, subject to the following:
    1. Participant may only make one (1) claim during the Enrollment Term;
    2. Participant must have a commercially reasonable belief that damages resulting from the Event will exceed $5,000;
    3. Recovery Services will not exceed Participant’s maximum Program Service Coverage Level as specified within Participant’s enrollment acknowledgement;
    4. Payment of the deductible, if any; and
    5. Recovery Services are provided in accordance with any additional terms and conditions applicable to such Events as specified in the Program Confirmation Summary.

Service Exclusions. Recovery Services may be restricted to the country in which Participant subscribed to the Recovery Services will not be provided if any one or more of the following conditions occur specific to the nature of the loss:

  1. Participant fails to take commercially reasonable measures to undertake preventative maintenance, including patching that is up to date per the software manufacturer’s release cycle;
  2. Participant fails to deploy an offline data backup solution for critical business data;
  3. Participant fails to deploy industry standard and up-to-date anti-virus or comparable prevention tools on its endpoints;
  4. Participant does not have the Solutions actively deployed in the Participant’s environment in which the Event occurred;
  5. Participant’s Solution Agreement has terminated or expired;
  6. Participant is unable to provide proof of the Event or cannot verify the Event through log/event data;
  7. There is a systemic failure of PRIME SUBSCRIBER’s infrastructure that results in an Event;
  8. If a Participant is regulated under HIPAA/PCI/SEC:
  9. Participant has not completed an annual risk assessment and documented risks;
  10. PHI Inventory has not been fully completed and accounted for prior to an incident and claim;

Subject to Participant’s standard historical employment practices related to HIPAA training for new employees, all of Participant’s employees have not completed HIPAA training within the 12 months prior to any incident and claim;

  1. Participant has not adopted and adhered to all privacy and security policies related to the state and/or other federal regulatory requirements to which Participant is subject prior to any Event.
  2. The Event did not occur during the Enrollment Term; and
  3. Participant does not submit the claim during the Enrollment Term


Subject to all terms and conditions in the Subscriber Agreement, the 360 Protect Program provides the following coverage limitations:

Participants enrolled in the $500,000 Level*
 

Program     Service                  Coverage  –

$500,000 level

  

Per Claim

  

Per Participant
Compliance Event

 

Ransomware Event & BEC Event

 A Maximum of $100,000 USD A Maximum of $100,000 USD $100,000 USD

 

$100,000 USD
Cyber Legal Liability Event * Business Income Event A Maximum of $250,000 USD

 

A Maximum of $50,000 USD

(There is a $2,500 USD per-claim deductible that applies to this Event)

 $250,000 USD

 

$ 50,000 USD

* Participant must first exhaust any other service guarantee that would apply to these expenses.

NOTE:  The CTN 360 Protect Program only covers clients with active NetCare AND SecureCare Agreements covering all workstations, servers, and users.  
Skip to content