INFOSEC SERVICES AGREEMENT


Last Updated: 5/1/2024


This Services Agreement (“Agreement”) is a binding legal agreement between You and Infosec, a division of Cengage Learning, Inc., located at 5191 Natorp Blvd, Mason, OH 45040 (“Infosec”).  “You” means the organization identified in the Statement of Work in which this Agreement is incorporated (the “SOW”) or the individual who accesses the Services. You and Infosec each a “Party” and, together, are the “Parties.”


This Agreement takes effect on the earlier of: (A) the start date specified in the SOW or (B) when You first access the Services (the “Effective Date”). By signing the SOW or by using the Services, You have: (Y) read, understand and accept the terms of this Agreement; and (Z) the authority to enter into this Agreement (and if you are entering into this Agreement for an organization, that You have the legal authority to do so). 


If You do not accept these terms, You must not access or use the Services.

1. Definitions.

  1. “Authorized User” means any individual authorized by You to access and use the Services.

  2. “Your Information” means all data, images, email addresses, target information, and other files or content submitted by or on behalf of You or an Authorized User to the Services but excludes Feedback. 

  3. “Ecommerce Purchase” means Your online purchase of Services through Infosec’s website (https://www.infosecinstitute.com).

  4.  “Feedback” means any information, suggestions, ideas or other feedback about the Services.

  5. "PhishSim Service" means the Infosec IQ Phishing Service for phish-testing Authorized Users.

  6. "Infosec Platform" means the web-based Infosec platform through which Infosec hosts the Services.

  7.  "Services" means the services selected by You in the SOW or during Your Ecommerce Purchase. The Services will be provided in English, unless otherwise agreed in the SOW or during the Ecommerce Purchase.

  8. “Usage Data” means data about the account activity of You and Your Authorized Users.

  9.  “Third-Party Integrations” means products, content, services, information, websites, or other materials that are owned by third parties and are incorporated into or accessible through the Services.

2. Access and Use.

  1. Provision of Access. Subject to Your payment of all Subscription Fees and compliance with this Agreement, Infosec hereby grants You a limited, non-exclusive right to access the Services for Your internal use during the Term. You must not exceed the total number of Authorized Users set forth in the SOW or selected by You during Your Ecommerce Purchase, except as permitted by Section 2(C) below.  Authorized Users must be provisioned on an individual, named-user basis and will be counted against Your number of permitted Authorized Users when a learner profile is created on the Infosec Platform. 

  2. Downloadable Software. Use of the Services may require or include use of downloadable software. Infosec grants you a limited, non-exclusive, non-assignable, non-transferable, right for You and Your Authorized Users to use downloadable software provided by Infosec as part of the Services. 

  3. Changes to Scope of Access. During the Term of this Agreement, the Parties may modify the scope of access by mutual written agreement. Infosec will only add Additional Authorized Users once You pay the Subscription Fees associated with the additional usage. The access by the additional Authorized Users does not extend the Term and the additional Authorized Users will only have access through the end of the then-current Initial Term or Renewal Term. Notwithstanding the foregoing, You may not add additional Authorized Users more than two (2) times during the Term of this Agreement.

  4. Excess Usage. Should You exceed the number of permitted Authorized Users, Infosec will invoice You for each such Authorized User at Infosec’s then-current Subscription Fees. You must pay such invoice in accordance with Section 4. Your failure to pay such invoices in a timely manner may result in Infosec’s suspending Your access to and use of the Services. 

  5. Suspension. Infosec may temporarily suspend Your access to the Services if Infosec reasonably determines that: (i) there is a threat or attack on any of the Services; (ii) You breach Section 3(D) or use the Services in violation of this Agreement or in a way that materially and negatively impacts the Services for others; or (iii) You failed to pay any amounts due in accordance with Section 4 (each, a “Services Suspension”) with or without notice. However, Infosec will try to inform You before implementing a Services Suspension when practical. Infosec will resume providing access to the Services as soon as reasonably possible after the event giving rise to the Services Suspension is cured. Infosec will have no liability for any damage, liabilities, or losses You may incur as a result of a Services Suspension, nor will such Services Suspension relieve You of Your obligation to pay any fees due and owing.

  6. Free Trials. Infosec may offer new customers access to its services on a free trial basis. For such customers, Infosec reserves the right to remove free accounts associated with such trials following extended periods of account inactivity (no less than 90 consecutive days), regardless of whether the applicable trial period has expired.

  7. Support. Infosec will provide technical support, assistance to Authorized Users and troubleshooting in a reasonable capacity in its sole discretion. You are fully responsible for deployment of the Services in Your organization, including installation of any plug-ins associated with the PhishSim Service. Infosec will not enter Your premises to perform any services under this Agreement. 

  8. Usage Data and Feedback. Infosec may collect and analyze Usage Data, and Infosec may freely use Usage Data to maintain, improve, and enhance the Services without restriction or obligation. However, Infosec may only share Usage Data with others if the Usage Data is aggregated and does not identify You or Authorized Users. Additionally, You may give Infosec Feedback, which You give “AS-IS.” Infosec may use Feedback freely without any restriction or obligation.

3. Customer Obligations. 

  1. Account Use. You are responsible for all acts and omissions of Authorized Users, Authorized User’s compliance of this Agreement and for keeping all passwords and access credentials confidential. You will promptly notify Infosec of any unauthorized usage of or access to your passwords or access credentials or other noncompliance with this Agreement.

  2. Third-Party Integrations. The Services may permit access to Third-Party Integrations, which are subject to their own terms and conditions. If you do not agree to abide by the applicable terms for any such Third-Party Integrations, then you should not install, access, or use such Third-Party Integrations.

  3. Use Restrictions. You must not, and must not authorize, facilitate, or encourage any Authorized User or other third party to:
    1. Remove, conceal, or alter any proprietary rights notices (including copyright and trademark notices) contained within the Services;
    2. Extract, copy, modify, reverse engineer, decompile, or otherwise attempt to access or use the source code of the software underlying or otherwise used to provide the Services or any part thereof, except to the extent allowed by law notwithstanding this restriction;
    3. Upload, post, or otherwise transmit any unlawful, threatening, libelous, harassing, defamatory, vulgar, obscene, pornographic, profane, deceptive, or otherwise objectionable content in Your Information;
    4. Upload, post, or otherwise transmit through, to or otherwise using the Services any of Your Information that infringes or violates any intellectual property right, publicity right, privacy right, or other right of any third party;
    5. Upload, post, or otherwise transmit through, to or otherwise using the Services any of Your Information that contains any malware, viruses, spyware, worms, or other malicious code or files;
    6. Interfere with or disrupt the Services or servers or networks connected to the Services, or violate any requirements, procedures, policies, or regulations of networks connected to the Services;
    7. Access (or attempt to access) any part of the Services through any automated means (including use of scrapers, scripts, robots, spiders, or web crawlers), or in any way circumvent the navigational structure or presentation of the Services;
    8. Use any content, data, or text in any form in the Services to text or data mine, or to develop or train any application, software, code, or data models, such as ChatGPT or other similar tools.
    9. Excluding the PhishSim Service, use the Services for any phishing, trolling, or similar activities, or to redirect users to other sites or encourage users to visit other sites; impersonate or attempt to impersonate Infosec or an Infosec employee, another user, or any other person or entity, or post any information that misrepresents the identity, characteristics or qualifications of You or any other person;
    10. Rent, sell, lease, sublicense, transfer, or otherwise assign or grant to third parties any rights in the Services, or use the Services to create any service offering, or perform any services for a fee using the Services;
    11. Access or use the Services or any related documentation or materials to develop a competitive service or product, or copy any feature, technique, function or graphic for competitive purposes; or
    12. Attempt to send simulated phishing emails using any domains other than those (1) owned by You or (2) for which You have express written authorization and consent to conduct simulated phishing attacks.
    13. Use the Service to impersonate any government or governmental agency, or otherwise use the Service in violation of any applicable law or regulation.

4. Fees and Payments.

  1. Subscription Fees. The applicable fees for the Services are identified in the SOW or at the time of Your Ecommerce Purchase (the “Subscription Fees”). All amounts owing to Infosec under this Agreement will be paid in U.S. dollars, unless otherwise specified in the SOW. You must pay Infosec the Subscription Fees for the Initial Term (as well as any applicable taxes) upon the Effective Date and each anniversary thereafter for any Renewal Term. Where Infosec has agreed in the SOW to invoice You, You must pay the invoice for the Subscription Fees (as well as any applicable taxes) within thirty (30) days of the date of the invoice. If You fail to make any payment when due, without limiting Infosec’s other rights and remedies: (i) Infosec may charge interest on the past due amount at the rate of 1.5% per month or the maximum charge permitted by law, whichever is less, and (ii) if such failure continues for 60 days or more, Infosec may suspend Your access to any portion or all of the Services until such amounts are paid in full. Except as otherwise specified herein or in the SOW, (1) payment obligations are non-cancelable and fees paid are non-refundable, and the (2) quantities purchased cannot be decreased during the Term.

  2. Taxes. You are responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by You hereunder, other than any taxes imposed on Infosec’s income.


5. Ownership; Intellectual Property.

  1. Reservation of Rights. Except for the limited rights and licenses expressly granted under this Agreement, You acknowledge that You acquire no right, title or interest in or to the Services or any other software, products, or intellectual property of Infosec. As between the Parties, Infosec will own the Services and retain all rights (including intellectual property) therein.

  2. Your Information. You hereby grant to Infosec a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and otherwise use and display Your Information and perform all acts with respect to Your Information as may be necessary for Infosec to provide the Services to You. You represent and warrant that you have obtained any approvals, consents or licenses necessary, to provide Your Information to Infosec.


6. Term and Termination.

  1. Term. The initial term ("Initial Term") of this Agreement will begin on the Effective Date of this Agreement and continue for the period specified in the applicable SOW or selected by You during Your Ecommerce Purchase, or, if no period is defined, for one (1) year. Upon the conclusion of the Initial Term, this Agreement and Your access to the Services will automatically renew for successive one year renewal periods (each a "Renewal Term"), unless You or Infosec provide the other party with a written cancellation notice thirty (30) days prior to the end of the then current term. The Initial Term and any Renewal Terms are collectively referred to herein as the “Term”.

  2. Termination for Cause. Either Party may terminate this Agreement: (i) if the other Party fails to cure a material breach within thirty (30) days after receiving notice of the breach or (ii) immediately if the other Party ceases to operate or dissolves, becomes insolvent, is unable to pay its debts as they become due, files for or has a petition filed against it for bankruptcy, attempts to make an assignment or offer any rights under this Agreement for the benefit of its creditors, or takes similar actions. In addition, Infosec may terminate this Agreement immediately if, in accordance with Section 2(E) and Section 4(A)(ii), the Services have been suspended for thirty (30) days and payment remains outstanding. 

  3. Early Cancellation. If the Initial Term is two years or more, You may choose to cancel your subscription to the Services following the first anniversary of the Effective Date, provided that you will pay: (i) unpaid Subscription Fees due and owing through the termination date and (ii) 50% of the Subscription Fees payable from the termination date through the remainder of the Initial Term.

  4. Effect of Termination. In the event of termination of this Agreement, You will: (i) cease all use of the Services immediately (including uninstalling any plug-ins or other code associated with the Services), (ii) pay any Subscription Fees due and owing through the termination date. In the event You terminate this Agreement for material breach by Infosec, You are entitled to a prorated refund of Subscription Fees prepaid to Infosec for the corresponding unused period of the Services. Both Parties will destroy all Confidential Information in its possession. 

  5. Survival. All terms of this Agreement which by their nature should reasonably be expected to continue beyond the termination or expiration of this Agreement, will survive.


7. Confidential Information; Data Privacy and Security.

  1. Confidential Information. Each Party (the “Disclosing Party”) may disclose or make available to the other Party (the “Receiving Party”) business, technical or financial information about Disclosing Party’s business (collectively, “Confidential Information”). Confidential Information of Infosec includes nonpublic information about the content, features, functionality and performance of the Services as well as pricing. Your Confidential Information includes Your Information.  Except as permitted by this Agreement, Receiving Party will (i) only use Confidential Information to fulfill its obligations or exercise its rights under this Agreement; and (ii) not disclose Confidential Information to anyone else, except to those employees or contractors who have a need-to-know and are subject to confidentiality obligations. Receiving Party will protect Disclosing Party’s Confidential Information using at least the same protections Receiving Party uses for its own similar information but no less than a reasonable standard of care. Confidential Information does not include information that (w) Receiving Party knew without any obligation of confidentiality before disclosure by Disclosing Party; (x) is or becomes publicly known and generally available through no fault of Receiving Party; (c) Receiving Party receives from someone else who is under no known obligation of confidentiality; or (d) Receiving Party independently developed without use of or reference to Disclosing Party’s Confidential Information. Each Party may disclose Confidential Information to the limited extent require to comply with the law, court order, judgment or subpoena, provided that, if legally permitted, the Receiving Party will provide notice thereof to the Disclosing Party. Each Party’s obligation of confidentiality will continue for three (3) years after termination of this Agreement.

  2. Data Privacy and Security. Each Party agrees to: (i) comply with all applicable laws relating to the collection, storage, use, and disclosure of data, including those laws relating to data privacy, data security, information security, and data safeguarding; and (ii) implement and maintain commercially reasonable and industry standard information security procedures, practices and measures appropriate to the types of information it handles to protect against accidental or unauthorized destruction, loss, alteration, disclosure of, access to, exfiltration, theft or encryption of data.  In the event a Party becomes aware of a known data security incident that impacts the other Party, it will provide the other Party with prompt notice of the data security incident, will take immediate steps to remediate the incident, and will fully cooperate with the other Party so that both Parties can adequately respond to such incident.  To the extent any changes under data privacy, data protection, or information security related laws require or recommend certain contractual provisions to be included or revised in this Agreement, the Parties agree to cooperate in good faith to amend this Agreement, including entering into a Data Processing Agreement. 


8. Limited Warranty and Warranty Disclaimer.

  1. Your Warranty. You warrant that: (i) You own all right, title, and interest, including all intellectual property rights in and to Your Information and (ii) You have relied solely on your own opinion and evaluation of the Services and the results, data, and indications obtained through your use, with regard to their suitability for any purpose.

  2. Infosec Warranty. Infosec warrants that it provides the Services using a commercially reasonable level of care and skill. Your sole remedy for any breach of the foregoing warranty will be for Infosec to re-perform the defective Services, provided that if re-performance or correction in compliance with this warranty is not possible or practical, then You will be entitled to (i) a prorated refund of Subscription Fees paid to Infosec for the defective Services, and (ii) terminate the Agreement and obtain a prorated refund of Subscription Fees prepaid to Infosec for the corresponding unused period of the Services. The foregoing warranty does not apply with respect to any Third-Party Integrations.

  3. Warranty Disclaimer. EXCEPT AS EXPRESSLY SET FORTH IN (B) ABOVE, THE SERVICES ARE PROVIDED “AS-IS” AND INFOSEC DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. INFOSEC SPECIFICALLY DISCLAIMS ANY AND ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, UNINTERRUPTED USE, AND ANY WARRANTIES ARISING FROM CONDUCT OR COURSE OF DEALING. INFOSEC MAKES NO WARRANTIES OF ANY KIND THAT THE SERVICES WILL BE ABLE TO OR ACTUALLY SOLVE, IMPROVE, OR OTHERWISE MITIGATE ANY PROBLEMS YOU MAY EXPERIENCE WITH PHISHING OR ANY OTHER COMPUTER- OR CYBER-ATTACKS. INFOSEC'S INFOSEC PLATFORM (INCLUDING THE PHISHSIM SERVICE AND ANY PLUGINS ASSOCIATED THEREWITH) IS NOT AN ANTIVIRUS, ANTIMALWARE, OR OTHER CYBERSECURITY APPLICATION; INFOSEC WILL HAVE NO OBLIGATION TO UNDERTAKE EFFORTS TO ACTUALLY PREVENT OR MITIGATE ANY POTENTIAL OR REAL ATTACKS.


9. Limitation of Liability.

EXCEPT IN CONNECTION WITH ITS INDEMNITY OBLIGATION, NEITHER PARTY WILL BE LIABLE UNDER OR, IN CONNECTION WITH, THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR ANY LOST PROFITS, LOST DATA, LOSS OF GOOD WILL OR LOSS OF REVENUE, EVEN IF THE OTHER PARTY IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EXCEPT IN CONNECTION WITH ITS INDEMNITY OBLIGATION, IN NO EVENT WILL EITHER PARTY’S LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE EXCEED THE TOTAL AMOUNTS PAID OR PAYABLE TO INFOSEC UNDER THIS AGREEMENT IN THE THREE (3) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM. 


10. Indemnification.

  1. Indemnity. Each Party (“Indemnifying Party”) agrees to defend, indemnify and hold harmless the other Party (“Indemnified Party”), its affiliates and their respective officers, directors, employees, and agents from and against any and all damages, losses, liabilities, actions, judgments, settlements, awards, fees, costs and expenses (including reasonable attorneys’ fees) incurred by the Indemnified Party for a third-party claim arising from: (i) infringement of a third party’s intellectual property rights; (ii) use or provision of Your Information under this Agreement; or (ii) breach of any terms of this Agreement. If such a claim is made or appears possible under 10(A)(i), Infosec, in its sole discretion, may (X) modify or replace the Services, or component or part thereof, to make it non-infringing, (Y) obtain the right for You to continue to use, or (Z) if neither alternative is reasonably available, Infosec may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice and Infosec will provide a prorated refund of Subscription Fees prepaid to Infosec for the corresponding unused period of the Services or the affected component or part.

  2. Process. The Indemnified Party will: (i) promptly notify the Indemnifying Party in writing of the claim, (ii) give the Indemnifying Party sole control of the defense of such claim and all negotiations for the settlement thereof (provided that if any settlement requires any action or admission by the Indemnified party, then the settlement will require the Indemnified Party’s prior consent), and (iii) provide the Indemnifying Party with all reasonable cooperation, information and assistance in connection with such claim. The Indemnified Party may be represented by its own counsel, at its own expense.

  3. Exclusions. Section 10(A) will not apply to the extent that the alleged infringement arises from: (i) use of the Services in combination with data, software, hardware, equipment, or technology not provided by Infosec or authorized by Infosec in writing; (ii) modifications to the Services not made by Infosec; or (iii) Third-Party Integrations.


11. Miscellaneous.

  1. Relationship of the Parties. The Parties hereto are independent contractors and neither Party is an employee, partner or joint venturer of the other. 

  2. No Third-Party Beneficiaries. There are no third-party beneficiaries.

  3. No Assignment. Neither Party may assign this Agreement or any of its rights or obligations, without the prior written consent of the other Party, except in connection with a change of control, reorganization, merger, sale of all or substantially all of a Party’s assets. This Agreement will be binding upon and inure to the benefit of the permitted successors and assigns of the Parties.

  4. Notices. All notices and other communications must be in writing and sent to the addresses set forth on the SOW. Notices will be deemed given upon confirmed delivery if by email, registered or certified mail, or personal delivery. A copy of all notices to Infosec must be sent to legal.notices@cengage.com.

  5. Disputes. This Agreement is governed by and construed in accordance with the laws of the State of New York (without giving effect to any choice of law principles). Any dispute arising under this Agreement which cannot be resolved through informal resolution between the Parties will be resolved by submission to binding arbitration through the American Arbitration Association (“AAA”).  The Party submitting the matter to arbitration shall notify the AAA and the other Party in writing of its desire for arbitration, stating its complaint against the other Party and requesting that the AAA commence the arbitration process in New York, New York. If permitted by applicable law, each Party waives the right to litigate in court or an arbitration proceeding any dispute as a class action, either as a member of a class or as a representative, or to act as a private attorney general.

  6. Injunctive Relief. Notwithstanding 11(E), both Parties agree that money damages may not be a sufficient remedy for a breach or threatened breach of Section 7 and each Party is entitled to seek injunctive relief in the event of such a breach or threatened breach of Section 7.

  7. Force Majeure. Except for the obligation to pay money, neither Party will be liable for any failure or delay in its performance under this Agreement due to any cause beyond its reasonable control, including without limitation acts of God, acts of terrorism, strikes, walkouts, riots, acts of war, epidemics, pandemics, governmental regulations, power failure(s), earthquakes and other natural disasters, hacker attack, virus, or other malware, or failure of the Internet. The Party affected by such an event must: (i) promptly notify the other Party in writing and (ii) take reasonable steps to resume performance with the least possible delay.

  8. Prevailing Terms. In the event of a conflict between the terms set forth in this Agreement and the SOW, the terms of this Agreement will prevail, unless the SOW expressly states the Parties desire to override this Agreement.

  9. Export Regulations. You must comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), that prohibit or restrict the export or re-export of the Services or any of Your Information outside the US.

  10. Use of Name and Logo. You consent to Infosec and its affiliates identifying You as a user of the Services in promotional materials, provided Your logo is used in accordance with any written brand guidelines provided to Infosec.

  11. Entire Agreement. This Agreement, together with the SOW and Your selections made during Your Ecommerce Purchase, represents the entire understanding and agreement between the Parties concerning the subject matter hereof and supersedes all prior agreements and understandings with respect to said subject matter. No amendment to or modification of this Agreement is effective unless it is in writing and signed by an authorized representative of each Party. No waiver by any Party of any of the provisions hereof will be effective unless explicitly set forth in writing and signed by the Party so waiving. If any provision of this Agreement is held by a court of competent jurisdiction to be illegal, invalid, or unenforceable, the remaining provisions will remain in full force and effect.