TERMS OF BUSINESS
BSI CYBERSECURITY & INFORMATION RESILIENCE
1.1 These Terms of Business shall apply to the provision of the Services by BSI to the Customer.
2.1 In this Agreement, unless the context otherwise requires, the following expressions shall have the following meanings:
Additional Services: shall have the meaning set out in clause 4.14.
Agreement: the agreement between the Customer and BSI for the purchase of the Services comprising Proposal, these Terms of Business and any other documents expressly included by reference.
Business Day: for BSI Cybersecurity and Information Resilience (UK) Limited a day other than a Saturday, Sunday or public holiday in England, when banks in London are open for business, and for BSI Cybersecurity and Information Resilience (Ireland) Limited a day other than a Saturday, Sunday or public holiday in Ireland, when banks in Dublin are open for business;
BSI: either of BSI Cybersecurity and Information Resilience (UK) Limited or BSI Cybersecurity and Information Resilience (Ireland) Limited (as set out in the Proposal), and BSI Personnel;
BSI Personnel: all officers, employees, agents, consultants and contractors of BSI engaged in the performance the Services.
Charges: the charges payable by the Customer for the Services as set out in the Proposal and payable in accordance with clause 7 (Charges and Payment).
Customer: the person or firm who purchases the Services from BSI.
Customer Data: the data provided by the Customer for the purpose of facilitating the delivery of the Services.
Customer Materials: all documents, information and materials in any form, whether owned by the Customer or a third party, which are provided by the Customer to BSI in connection with the Services, including the items provided pursuant to clause 5.1.2(a).
Data Protection Legislation: means:
(a) the General Data Protection Regulation (GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003; and
(b) any other legislation in force from time to time relating to privacy and/or the Processing of Personal Data and applicable to the provision and receipt of Services under this Agreement; and
(c) any statutory codes of practice issued by the relevant supervisory authority in relation to such legislation.
Deliverables: any output of the Services (excluding the Customer Materials) to be provided by BSI to the Customer as specified in Proposal.
Effective Date: has the meaning set out in clause 3.1.
Intellectual Property Rights: patents, rights to inventions, copyright and related rights, moral rights, trade marks, business names and domain names, rights in get-up, goodwill and the right to sue for passing off, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Nominated Data Protection Officer Services: the provision of services to Customer where BSI acts as its nominated data protection officer.
Parties: the Customer and BSI.
Personal Data: has the meaning given to it in the Data Protection Legislation.
Proposal: the proposal document sent by BSI to the Customer, setting out the details of the Services to be provided and the basis upon which BSI proposes to provide them.
Processing: has the meaning given to it in the Data Protection Legislation.
Service Commencement Date: the date on which the delivery of the Services is due to commence as set out in the Proposal, or otherwise agreed.
Services: the service(s) and / or any associated solutions / products to be provided by BSI to the Customer as set out in the Proposal, including but not limited to Nominated Data Protection Officer Services, Third Party Product Services and Training Services.
Terms of Business: these terms of business governing the supply of Services by BSI to the Customer.
Third Party Products: such third party software products to which BSI gives the Customer access under the Third Party Product Services.
Third Party Product Services: the provision of access to third party software products to Customer.
Training Services: the provision of training to Customer.
2.2 A reference to a statute or statutory provision is a reference to it as amended or re-enacted. A reference to a statute or statutory provision includes all subordinate legislation made under that statute or statutory provision.
3. BASIS OF THIS AGREEMENT
3.1 The Agreement shall be deemed agreed and binding on the parties on the earlier of:
3.1.1 receipt by BSI of an electronic or hard copy of the Proposal signed by the Customer;
3.1.2 commencement of the delivery of the Services (in whole or in part) by BSI and receipt of the Services by the Customer; or
3.1.3 any act by the Customer consistent with receipt of the Services.
(the Effective Date).
3.2 This Agreement shall commence on the Effective Date and shall continue until the last remaining Service is completed, or earlier terminated, in accordance with this Agreement.
3.3 Any descriptive matter or advertising issued by BSI, and any descriptions contained in BSI's catalogues, brochures or on their website, are issued or published for the sole purpose of giving an approximate idea of the Services described in them. They shall not form part of this Agreement nor have any contractual force.
3.4 This Agreement applies to the exclusion of any other terms that the Customer seeks to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.
3.5 Where there is a direct conflict between the terms set out in the Proposal and these Terms & Conditions, the terms in the Proposal shall prevail in respect of such conflict.
3.6 Any Proposal is only valid for acceptance for a period of 20 Business Days from its date of issue.
4. SUPPLY OF THE SERVICES
4.1.1 The following clauses 4.2 to 4.7 shall apply to the provision of all Services.
4.2 So far as is reasonably practicable within any agreed timescale, BSI shall supply the Services to the Customer in accordance with this Agreement in all material respects.
4.3 BSI shall use reasonable endeavours to meet any performance dates specified in the Proposal, but any such dates shall be estimates only and time for performance by BSI shall not be of the essence under this Agreement.
4.4 BSI reserves the right to amend this Agreement if necessary, to comply with any applicable law or regulatory requirement, or if the amendment will not materially affect the nature or quality of the Services, and BSI shall notify the Customer in any such event.
4.5 If BSI's performance of its obligations under this Agreement is prevented or delayed by any act or omission of the Customer, its agents, subcontractors, consultants or employees, then, without prejudice to any other right or remedy it may have, BSI shall be entitled to an extension of time to perform its obligations under this Agreement which is equal to the delay caused by the Customer. In such circumstances BSI shall have no liability in respect of such delay in the provision of the Services and shall invoice Customer for any Charges incurred as a result in accordance with clause 7.
4.6 The Services are for Customer's benefit only and may not be used or relied upon by any other person or for any other purpose, and BSI shall not be liable in either circumstance.
4.7 Notwithstanding the remainder of this Agreement, to the extent the Services include the provision of reports by BSI to the Customer, Customer acknowledges that the purpose of any reports is solely for BSI to highlight any risks that it has identified in performing the Services and to make recommendations. BSI shall not be liable to the extent that Customer does not implement these recommendations.
Third Party Product Services
4.8 To the extent the Services include any Third Party Product Services, this clause 4.8 shall apply and shall prevail in the event of a conflict with the remaining terms of this Agreement. Unless specifically advised to the contrary, BSI does not produce or manufacture the Third Party Product. As such, BSI makes no representations or warranties with respect to the Third Party Products, including but not limited to any warranty of title, quality, condition, access, uptime, state or description of the Third Party Products, non-infringement of the intellectual property rights of any other persons, or their fitness for any purpose, and disclaims any liability therein to the fullest extent it is permitted to do.
Nominated Data Protection Officer Services
4.9 To the extent the Services comprise in whole or in part of any Nominated Data Protection Officer Services, the following clauses 4.9 to 4.13 shall also apply. In the event of a conflict between the following clauses 4.9 to 4.13 and the remaining terms of this Agreement, the following clauses 4.9 to 4.13 shall prevail.
4.10 Customer acknowledges and agrees that its overall compliance with Data Protection Legislation is its responsibility, and that BSI's provision of Nominated Data Protection Officer Services will not absolve Customer of this responsibility or guarantee Customer's overall compliance with Data Protection Legislation.
4.11 The responsibilities and liabilities of BSI and Customer in respect of Nominated Data Protection Officer Services shall be limited to performance only of the specific tasks and activities allocated to it as set out in the Proposal. For the avoidance of doubt, neither party shall be liable under this Agreement for any specific tasks and activities set out in the Proposal as not being its responsibility or any tasks and activities not set out in the Proposal at all.
4.12 Customer acknowledges that its Processing activities, and therefore any associated risks, can frequently change, and that BSI will be dependent on Customer to promptly bring such changes to BSI's attention so that BSI may re-scope the specific tasks and activities allocated to it as necessary in order to perform the Nominated Data Protection Officer Services.
4.13 On the basis of the information provided by Customer to BSI in accordance with Customer's obligations at clause 5.1, and within the volume of Nominated Data Protection Officer Services purchased by Customer, BSI shall in agreement with Customer and by reference to the nature of the Personal Data and the potential impact on data subjects prioritise performance of its specific tasks and activities that present a higher data protection risk for Customer.
4.14 In the event that the Customer has not purchased the requisite volume of the Services for BSI to carry out its responsibilities in accordance with the Data Protection Legislation, BSI shall notify the Customer as soon as possible of this fact and of the additional volume of Services deemed necessary to so carry out its responsibilities (Additional Services). Should the Customer not promptly (taking into account Data Protection Legislation timescales) agree to BSI providing these Additional Services, BSI may either (i) deliver the Additional Services and subsequently invoice the Customer; or (ii) immediately terminate the Agreement.
4.15 BSI shall not be liable to the extent:
4.15.1 it has not been made aware of a circumstance requiring the Additional Services;
4.15.2 a requisite volume of Services was not purchased in order for BSI to carry out its responsibilities in accordance with Data Protection Legislation; or
4.15.3 Customer requests a reduction in any element of the Services and BSI would have been able to deliver the objective of the Services to a fuller extent had they not been reduced at Customer's request.
4.16 From the date of BSI’s notification specified in Clause 4.14 until (i) the date the Customer agrees to the purchase the agreed Additional Services; or (ii) the date on which BSI terminates the Agreement, BSI shall not be liable for such responsibilities which required the purchase of the Additional Services.
Penetration Testing Services
4.17 Penetration Testing Services will be carried out by appropriately skilled and qualified personnel using approved methodology. However, BSI does not guarantee that all conceivable problems will be discovered in the course of the provision of the Penetrating Testing Services. While care will be taken to avoid damage to Customer systems, due to the invasive nature of penetration testing there remains a residual risk of damage to the Customer’s systems.
4.18 The Customer:
4.18.1 confirms that it has the legal permission, and/or has sought any necessary permission required from third-parties, to allow BSI to perform Penetration Testing Services on the applications, hostnames or any other in-scope target, and on any assets which may be directly connected to them (which may be discovered as a result of an assessment);
4.18.2 shall ensure that the assets being tested and all relevant test information will be available during the agreed project period and shall indicate to BSI any production/live assets that are not authorised for potential changes to data in the relevant database(s)
4.18.3 shall ensure that prior to commencement of the Penetration Testing Services a full, back up of data is carried out and verified;
4.18.4 agrees that BSI may carry out the scanning element of the Penetration Testing Services at any time of day and shall arrange the Penetration Testing Services for a time that will have least impact on the business (e.g. out of normal business hours or weekends);
4.18.5 consents to the targeting and exploitation of vulnerabilities identified during the engagement or will clearly indicate to BSI which targets it does not wish exploitation to be carried out on;
4.18.6 acknowledges (i) that BSI uses the same attack payloads (e.g. attack strings and brute-force attempts) as real world attackers (ii) (and shall notify its information and security teams as necessary) that there may be an increase in logging activity and an increase in any intrusion detection or prevention system alerts during the period of provision of the Penetration Testing Services.
4.18.7 confirms that it provides express legal approval (under Computer Misuse Act 1990 and other relevant legislation and/or equivalent legislation in other jurisdictions) for Penetration Testing Services to be provided in respect of the in-scope target assets; and
4.18.8 indemnifies, defends and holds harmless BSI and its officers, agents, employees, from and against any and all third-party claims, demands, losses, liability, damages or expenses (including reasonable solicitor’s fees) arising from the running of Penetration Testing Services.
5. CUSTOMER'S OBLIGATIONS
5.1 The Customer shall:
5.1.1 co-operate with BSI in all matters relating to the Services;
5.1.2 provide BSI, its employees, agents, consultants and subcontractors with:
(a) in a prompt manner, any information, documents or materials which may reasonably be required by BSI in the delivery of the Services and, in relation to any information so provided, ensure that such information is complete and accurate in all material respects;
(b) access to the Customer's premises, equipment, personnel and other facilities as reasonably required by BSI for the delivery of the Services in a timely manner and at no charge to BSI; and
(c) any relevant rules, regulations and policies in respect of Customer's premises and equipment which Customer considers BSI should reasonably comply with in order to deliver the Services;
5.1.3 keep BSI its employees, agents, consultants and subcontractors (as appropriate) informed of any special requirements relating to the delivery or receipt of the Services. If BSI's compliance with such requirements give rise to an increase in the actual cost to BSI of providing the Services the Charges may be increased accordingly; and
5.1.4 obtain and maintain all necessary licences and consents and comply with all relevant legislation as required to enable BSI to provide the Services.
5.2 BSI shall not be liable for its provision of the Services to the extent that Customer has not materially complied with its obligations in this clause 5.
6.1 The Customer shall not, without the prior written consent of BSI, at any time from the Effective Date to the expiry of 2 years after the last of the Services to be provided under this Agreement, solicit or entice away from BSI or employ or attempt to employ any BSI Personnel.
7. CHARGES AND PAYMENT
7.1 In consideration of the provision of the Services by BSI, the Customer shall pay the Charges.
7.2 Unless otherwise stated in the Proposal, the Charges shall be calculated on a per day or per hour basis using the relevant rates for BSI Personnel as set out in the Proposal. Work will be carried out during core office hours (0900 - 1730 Monday to Friday) or as agreed with the Customer.
7.3 BSI shall be entitled to charge an overtime rate for any time worked by BSI Personnel on the Services outside of the hours referred to in clause 7.2 at the following rates
7.3.1 1.5 x rates from 5.30pm – 10pm, 6am – 9am on weekdays and 6am – 10pm Saturday;
7.3.2 2 x rates from 10pm – 6am Monday to Saturday and any time on Sunday.
7.4 BSI shall invoice Customer and Customer shall pay for the Services (to a bank account provided on the invoice or as otherwise directed by BSI) as follows, or as otherwise set out in the Proposal:
7.4.1 in respect of Training Services, BSI shall invoice the Customer on receipt of the Customer’s booking and such invoice shall be payable (i) within 30 days and at least 30 days prior to the Services Commencement Date; or (ii) at the time of the booking if such booking is within 30 days of the Services Commencement Date;
7.4.2 in respect of all other Services, BSI shall invoice the Customer monthly in arrears or, if earlier, on the provision of a draft report to Customer or completion of the relevant Services. Customer shall pay any invoice submitted by BSI within 30 days of the date of the invoice
7.5 The Customer shall pay the reasonable expenses of BSI Personnel, as further detailed in the Proposal, monthly in arrears following submission of an appropriate invoice.
7.6 Failure by the Customer to pay any Charges when they fall due may, at BSI's discretion, result in BSI suspending delivery of the Services.
7.7 Without prejudice to any other right or remedy that it may have, if the Customer fails to pay BSI any sum due under this Agreement on the due date, the Customer shall pay interest on the overdue sum from the due date until payment of the overdue sum, whether before or after judgment. Interest under this clause 7.7 will accrue each day at 4% a year above the European Central Bank’s base rate from time to time.
7.8 All sums payable to BSI under this Agreement:
7.8.1 are exclusive of VAT, and the Customer shall in addition pay an amount equal to any VAT chargeable on those sums on delivery of a VAT invoice; and
7.8.2 shall be paid in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of tax as required by law).
7.9 All Services agreed in the Agreement must be assigned dates on which they shall be delivered within 12 months of the Effective Date (or as specified in the Proposal). Any Services which are not assigned dates to be delivered within 12 months of the Effective Date shall remain payable in full by the Customer.
7.10 If the Customer wishes to cancel or postpone any or all of the Services less than 10 Business Days before the Services Commencement Date or any date for which the Services are scheduled, BSI may charge the Customer a fee as set out in the below table. If the Services are initially postponed but then cancelled, the cancellation will be charged in accordance with the below table, by reference to the later date of cancellation. Any cancellation or postponement fee shall be payable in accordance with this clause 7.
||Postponement/Cancellation Fee (% of Charges)
|4 – 9 Business Days
|3 Business Days or fewer
8. INTELLECTUAL PROPERTY RIGHTS
8.1 All Intellectual Property Rights in or arising out of the Services and/or Deliverables (excluding the Customer Materials) shall be owned by BSI and/or its licensors.
8.2 The Customer shall use its best endeavours to procure that any necessary third party shall promptly execute such documents and perform such acts as may reasonably be required for the purpose of giving full effect to clause 8.1.
8.3 In relation to the Deliverables:
8.3.1 BSI and its licensors shall retain ownership of all Intellectual Property Rights in the Deliverables; and
8.3.2 BSI grants the Customer or shall procure the direct grant to the Customer of, a worldwide, non-exclusive, non-sublicensable, royalty-free licence to copy the Deliverables for the purpose of receiving and using the Services and the Deliverables.
8.4 In relation to Customer Materials:
8.4.1 the Customer and its licensors shall retain ownership of all Intellectual Property Rights in the Customer Materials; and
8.4.2 the Customer grants to BSI a worldwide, non-exclusive, royalty-free, licence to copy and modify the Customer Materials for the purpose of providing the Services to the Customer.
8.5.1 subject to clause 8.5.3, warrants that the receipt and use of the Services and the Deliverables by the Customer and its permitted sub-licensees shall not infringe any Intellectual Property Rights of any third party;
8.5.2 shall, subject to clauses 8.5.3 and 10.2.2, indemnify the Customer in full against all costs, expenses, damages and losses, including any interest, fines, legal and other professional fees and expenses, awarded against or incurred or paid by the Customer as a result of or in connection with any claim brought against the Customer for actual or alleged infringement of a third party's Intellectual Property Rights arising out of, or in connection with, the receipt or use of the Services and/or the Deliverables; and
8.5.3 shall not be in breach of the warranty at clause 8.5.1, and the Customer shall have no claim under the indemnity at clause 8.5.2, to the extent the infringement arises from:
(a) the use of the Customer Materials in the development of, or the inclusion of the Customer Materials in, any Deliverable; or
(b) any modification of the Deliverables or Services, other than by or on behalf of BSI.
8.5.4 The Customer:
(a) warrants that the receipt and use of the Customer Materials in the delivery of the Services by BSI, its agents, subcontractors or consultants shall not infringe any Intellectual Property Rights of any third party; and
(b) shall indemnify BSI in full against all costs, expenses, damages and losses, including any interest, fines, legal and other professional fees and expenses awarded against or incurred or paid by BSI as a result of or in connection with any claim brought against BSI, its agents, subcontractors, consultants or any BSI Personnel for actual or alleged infringement of a third party's Intellectual Property Rights arising out of, or in connection with, the receipt or use of the Customer Materials in the delivery of the Services.
9. CUSTOMER DATA
9.1 As between the Parties, the Customer shall own all right, title and interest in and to all of the Customer Data.
9.2 The Customer grants BSI an irrevocable, unlimited and royalty-free licence to use the Customer Data provided to BSI for the purposes of delivering the Services.
9.3 Each party warrants that for the purposes of this Agreement it:
9.3.1 shall comply with the provisions of the Data Protection Legislation, including without limitation that it:
(a) shall use Personal Data in accordance with the permissions or consents obtained from the data subjects (as defined in the Data Protection Legislation) or otherwise in accordance with the Data Protection Legislation;
(b) shall communicate to the other party the terms of any permissions or consents obtained from the data subjects;
(c) shall have in place appropriate technical and organisational security measures against unauthorised or unlawful Processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data and shall take all reasonable steps to ensure the reliability of its personnel who have access to such Personal Data and to impose obligations of confidentiality upon such personnel and to ensure that such personnel are aware of their responsibilities under the Data Protection Legislation;
(d) shall not transfer Personal Data outside the European Economic Area save in accordance with the Data Protection Legislation;
(e) shall comply with any request or notice it receives from a data subject in its capacity as a data controller;
9.3.2 shall upon request provide such assistance as is reasonably necessary to the other party to enable that party to comply with its obligations as a data controller (as defined in the Data Protection Legislation);
9.3.3 shall inform the other party as soon as reasonably practicable of the discovery of any actual or suspected data-breach relating to the Processing of Personal Data in connection with this Agreement;
9.3.4 shall, except to the extent prohibited by applicable law, inform the other party upon receipt of a complaint from a data subject or if approached by any regulatory body in connection with its compliance with the Data Protection Legislation in connection with this Agreement;
9.3.5 shall, except to the extent prohibited by applicable law, consult the other party in good faith as to the timing, manner and content of any response to a complaint from a data subject or approach by any Regulatory Body in connection with compliance with the Data Protection Legislation in connection with this Agreement.
10. LIMITATION OF LIABILITY
10.1 Nothing in this Agreement limits any liability which cannot legally be limited, including, but not limited to, liability for:
10.1.1 death or personal injury caused by negligence; and
10.1.2 fraud or fraudulent misrepresentation.
10.2 Subject to clause 10.1:
10.2.1 BSI shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising; and
10.2.2 BSI's total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with this Agreement shall be limited to the total Charges paid or payable under this Agreement.
10.3 This clause 10 shall survive termination of this Agreement.
11.1 Each party may be given access to confidential information from the other party in order to perform its obligations under this Agreement. A party's confidential information shall not be deemed to include information that:
11.1.1 is or becomes publicly known other than through any act or omission of the receiving party;
11.1.2 was in the other party's lawful possession before the disclosure;
11.1.3 is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
11.1.4 is independently developed by the other party, which independent development can be shown by written evidence.
11.2 Subject to clause 11.3, each party shall hold the other's confidential information in confidence and not make the other's confidential information available to any third party, or use the other's confidential information for any purpose other than the implementation of this Agreement.
11.3 A party may disclose confidential information to the extent such confidential information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause 11.3, it takes into account the reasonable requests of the other party in relation to the content of such disclosure.
11.4 The Customer acknowledges that its information may be used by BSI on an anonymised basis without limitation including compiling and publishing reports. This clause 11.4 shall survive termination of this Agreement, however arising.
12.1 Without affecting any other right or remedy available to it, either party to this Agreement may terminate them with immediate effect by giving written notice to the other party if:
12.1.1 the other party commits a material breach of any term of this Agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so;
12.1.2 the other party takes any step or action in connection with its entering administration, provisional liquidation, bankruptcy or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business or, if the step or action is taken in another jurisdiction, in connection with any analogous procedure in the relevant jurisdiction; or
12.1.3 the other party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business.
12.2 Without affecting any other right or remedy available to it, BSI may terminate this Agreement with immediate effect by giving written notice to the Customer if the Customer fails to pay any amount due under this Agreement on the due date for payment.
13. CONSEQUENCES OF TERMINATION
13.1 On termination of this Agreement:
13.1.1 the Customer shall immediately pay to BSI all of BSI's outstanding invoices and interest and, in respect of the Services supplied but for which no invoice has been submitted, BSI may submit an invoice, which shall be payable immediately on receipt;
13.1.2 BSI shall on request return all Customer Materials not used up in the provision of the Services;
13.1.3 any provision of this Agreement that expressly or by implication is intended to come into or continue in force on or after termination of this Agreement shall remain in full force and effect.
13.2 Termination of this Agreement shall not affect any of the rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of this Agreement which existed at or before the date of termination.
14. FORCE MAJEURE
BSI shall have no liability to the Customer under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of BSI or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors, provided that the Customer is notified of such an event and its expected duration.
No variation of this Agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Agreement.
18. ENTIRE AGREEMENT
18.1 This Agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
18.2 Each party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement.
19. ASSIGNMENT AND SUBCONTRACTING
19.1 The Customer shall not, without the prior written consent of BSI, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement, such consent may be withheld in BSI's sole discretion.
19.2 BSI may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.
20. NO PARTNERSHIP OR AGENCY
Nothing in this Agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
21. THIRD PARTY RIGHTS
These Agreement does not confer any rights on any person or party (other than the parties to this Agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
22.1 Any notice required to be given under this Agreement shall be in writing and shall be delivered by hand or sent by post or email to the other party at its address set out in this Agreement, or such other address as may have been notified by that party for such purposes.
22.2 A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice sent email shall be deemed to have been received at the time of transmission (as shown by the time sent in respect of an email).
23. GOVERNING LAW
This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with (i) the laws of Ireland where the BSI contracting entity (as set out in the Proposal) is BSI Cybersecurity and Information Resilience (Ireland) Limited, and (ii) with the laws of England and Wales where the BSI contracting entity (as set out in the Proposal) is BSI Cybersecurity and Information Resilience (UK) Limited.
Each party irrevocably agrees that (i) where the BSI contracting entity (as set out in the Proposal) is BSI Cybersecurity and Information Resilience (Ireland) Limited the courts of Ireland shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims); and (ii) where the BSI contracting entity (as set out in the Proposal) is BSI Cybersecurity and Information Resilience (UK) Limited the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).
Form No:67 l Revision Status: 12