Service Level Agreement - Schedule 2

This Service Schedule 2 – Cloud Services Additional Terms applies to the Cloud Services provided by Trellix and Skyhigh Security (respectively) (the “Company,” “We,” “Us,” “Our”) based on the SKU purchased by the Customer (“You” or “Your”). All capitalized terms not defined herein shall have the meaning provided in your underlying cloud services agreement.

  1. Support and Customer Plans for Trellix: We will provide Support to You in accordance with the applicable Trellix Service goals located at Exhibit A.
  2. Support and Customer Plans for Skyhigh Security: We will provide Support to You in accordance with the applicable Skyhigh Security Service Schedule located at Exhibit B.
  3. Definitions:

Business Day means any day other than a Saturday, Sunday, statutory or public holiday in the place where Company Products are provided, or the Professional Services are performed.

Cloud Services means the Cloud Services that We provide to You as specified in one or more Grant Letters and that are subject to the applicable Service Schedule.

Company means:

  • (i) Musarubra US, LLC, with offices located at 6000 Headquarters, Suite 600, Plano, TX 75024 USA, if the Cloud Services are purchased in the United States (except as provided in Subsection (vii) below), Canada, Mexico, Central America, South America, or the Caribbean;
  • (ii) Musarubra Ireland Limited, with its registered offices located at Building 2000, City Gate, Mahon, Cork, Ireland, if the Cloud Services are purchased in Europe, the Middle East or Africa;
  • (iii) Musarubra Singapore Pte Ltd., with a trading address located at 238A Thomson Road, #12-01/05 Novena Square, Tower A, Singapore, 307684, with respect to the provision of all Cloud Services and Support purchased in Asia Pacific, but excluding Japan, China (if the Cloud Services are purchased in RMB) or Australia;
  • (iv) Musarubra Japan KK, with its registered office located at Shibuya Mark City West, 12-1, Dogenzaka 1-chome, Shibuya-ku, Tokyo, 150-0043, Japan, if the Cloud Services are purchased in Japan;
  • (v) McAfee (Beijing) Security Software Co. Ltd., with a trading address located at Room 616, No. 6 North Workers’ Stadium Road, Chaoyang District, Beijing, China, if the Cloud Services are purchased in China (in RMB);
  • (vi) Musarubra Australia Pty Ltd., with offices located at Level 16, 40 Mount Street, North Sydney, NSW 2060, Australia, if the Cloud Services are purchased in Australia; or
  • (vii) Trellix Public Sector LLC, with offices located at 11911 Freedom Drive, Suite 400, Reston, VA, 20190, USA, if the Cloud Services are purchased by the U.S. Government, or by state or local governments, or healthcare or educational institutions in the United States.

Customer means the entity which has purchased Products and to which We provide Support.

Grant Letter means any written (electronic or otherwise) confirmation notice that We issue to You confirming the Products purchased and applicable Product Entitlement. The Grant Letter identifies the SKU number, quantity, Subscription Period or Support Period, and any other access and use details.

Product Entitlement means the license or subscription types set forth in the Grant Letter and defined at https://trellix.com/en-us/assets/docs/legal/trellix-product-entitlement-definitions.pdf.

Data means Your Personal Data, sensitive data or other information about You and Users (including Users’ name, address, e-mail address and payment details), their computers, files stored on their computers, or their computers’ interactions with other computers (including information regarding network, licenses used, hardware type, model, hard disk size, CPU type, disk type, RAM size, 32 or 64 bit architecture, operating system types, versions, locale, BIOS version, BIOS model, total scanners deployed, database size, system telemetry, device ID, IP address, location, content, products installed, components, processes and services information, frequency and details of update of Our components, information about third-party products installed, extracts of logs created by Us, usage patterns of Our products and specific features, etc.

SKUs means A Stock Keeping Unit is a unique identifier for each distinct product and service that can be ordered from Us.

Subscription Period means the period for which You have purchased the right to receive the Cloud Services or the time-period for which You have purchased the right to receive Support, as applicable.

Support means the technical support services that We provide for the support and maintenance of the Cloud Services, as specified in the applicable Service Schedule.

Support Period means the period for which You are entitled to Support, as specified in a Grant Letter.

User means a unique individual whom You have authorized to use the Cloud Services pursuant to Your access rights under this Agreement, including Your employees, Your Affiliates, subcontractors, authorized agents, and Managed Parties.

Exhibit A

Trellix Support Customer Plans

The Trellix Response Service Level Goals (SLG) will provide Support for the Cloud Services in accordance with the following:

Severity Assessment Questions

Through a series of questions, We will determine the business impact of your issue. The impact assessment questions are simplified to allow you to quickly answer and move towards getting resolution to your issue. Select the answer that most closely aligns with the reported issue.

What type of issue is this?

This question will help set the type of Service Request being opened. The options under this question are:

  • Question/Request
  • Installation/Configuration
  • Networking/Performance
  • Product Error
  • Fault/Crash
  • Malware
How much of the organization is affected?
  • None
  • Isolated
  • Scattered
  • Substantial
  • Widespread
What is the impact to Your business?
  • None
  • Partial
  • Major
  • Stopped

Severity Levels

A severity code is associated with Service Requests to indicate the impact and the urgency of the request.

Severity 1: Severe Issue or Business Wide Impact

This would be a very serious issue or business wide impact with the issue. Example: Our ePolicy Orchestrator is down, Web Gateway is blocking all customer traffic. There is no viable workaround.

Severity 2: Major Issues or Large Impact

This is a major issue or where a large number of Users are impacted. Example: Regional office not in a secured posture due to Our ePolicy Orchestrator is not functioning, Data Loss Prevention policy is causing the Executive Staff to be not able to use USB drives. There is no viable workaround.

Severity 3: Minor Issue or Small Impact

This is a minor issue or small number of Users impacted. Example: Few Users unable to authenticate to Drive Encryption, Data Loss Prevention rule requiring justification for a few Users but not stopping business activities.

Severity 4: General Questions

This is a question without impact on business operations. This may be around documentation or Knowledge Base entries. Example: Looking for Best Practices, Reference Configurations, clarification on entries in KB or Product Guide. Product Enhancements Requests

Customer Plans

Support Requests (SR) are assigned a SR number to manage the resolution of the issue. We attempt to resolve every issue on the first interaction. Unresolved customer issues are evaluated based on severity and priority of the reported issue. Based on this information, We assign each SR an impact level value.

The frequency You should be contacted about the status of a Service Request will be agreed between You and the Technical Support Engineer during initial contact and at each communication interval. This will be discussed and agreed based on the individual needs and availability of the Customer, as well as the time it is likely to take to complete the next action.

Based on the Plan purchased by the Customer, either the Business Plan or Premier Success Plans, Enhanced Success Plans and Essential Success Plans, the following response level targets are provided. The response times are target estimates and are not guaranteed.

Service Level Goals Charter - Business
Severity 1 Severity 2 Severity 3 Severity 4

Initial Response

30 Minutes

60 Minutes

8 Hours

1 Business Day

Update Frequency

At least once per hour unless agreed otherwise with the customer

At least twice per day unless agreed otherwise with the customer

Negotiated with the customer

Negotiated with the customer

Service Level Goals Charter – Premier Success Plans, Enhanced Success Plans and Essential Success Plans*
Severity 1 Severity 2 Severity 3 Severity 4

Initial Response

15 Minutes

30 Minutes

4 Hours

1 Business Day

Update Frequency

At least once per hour unless agreed otherwise with the customer

At least twice per day unless agreed otherwise with the customer

Negotiated with the customer

Negotiated with the customer

* Also covers Legacy Enterprise Support programs, Advanced Partner Support, OEM/Embedded Partner Support and Trellix Authorized Support Providers

Business Support Options

The following chart provides a description of the applicable plans for Trellix.

Customer Success Plans
(Add-on Services)

Features & Offerings

Business Support (Standard)

Essential Success Plan

Enhanced Success Plan

Premier Success Plan

Daily product updates (.DATs, engines, etc.)

Product upgrades

24/7/365 Support Web and Phone with Remote Desktop Control

Trellix Labs Malware analysis service and alerts with remediation analysis

Online Experience - KnowledgeBase, Downloads, Case Mgt, Diagnostic & Remediation Tools

Best practice videos and guides

Proactive Notification Service via Support Notification Service (SNS)

Direct Access to Enterprise Level Technical Experts

Service Request Prioritization

Designated Contacts

15 Designated
25 Designated
Unlimited Designated

Account Management

Remote SAM

Designated Customer Success Manager (CSM) for Value Realization (1)

CSM
CSM

Assigned Technical Contact (ATC) for Situation and Escalation Management

ATC

Assigned Cloud ATC (C-ATC) for CASB Support

Add-on Available
Add-on Available
C-ATC

Documented Success Planning with the Customer Success Management (CSM)

Yes
Yes

Quarterly Business Reviews

Yes
Yes

Solution and/or Strategic Advisory Services

One Week of Professional Services
Four Weeks of Professional Services

Professional Services Remote Health Watch Analysis

One per year
Two per year
Four per year

Educational Services Vouchers for Trellix Product education

30
80
280

eLearning Subscriptions

Enterprise Site License

(1) Resident Customer Success Manager option available.
* Subject to Terms & Conditions. Regional variations may apply.

To Contact Us, please reach out using the Quick Reference call provided by your Support Account Manager or Customer Support Manager or through Our Support Service Portal at https://www.trellix.com/en-us/support.html.

Exhibit B

Skyhigh Security Support Customer Plans

We will provide Support for the Cloud Services in accordance with the following:

Support and Maintenance
Support Requests

Phone

1-866-727-8383

Phone & Web

Available 24/7

Technical Support

Office hours (critical and non-critical issues)

Available 24/7

Availability for critical issues

Available 24/7

Response time

(See below)

Service Support

Upgrade notifications

Yes, SNS notification will be provided

Remote diagnostics

Yes, we have the capability to connect to your network

Online Resources

The Parties will jointly use the severity levels below to document and respond to errors or deficiencies that may exist. If You believe that an error or deficiency exists in the programs supported by the subscription fees under this Agreement, You will provide written notification to Us of such error or deficiency, along with supporting data and programs that document such error or deficiency. We will respond in accordance with the following severity levels.

Premium-Care Enterprise-Care Basic-Care

24x7x365 Support

Yes

Yes

Yes

Technical Account Manager

In region

Remote

N/A

Customer Success Manager

Dedicated In-region

Dedicated Remote

Non-Dedicated Remote

On-Site Visit per Year

2-4

1

N/A

Consulting Days

40

20

5

eLearning

Yes

Yes

Yes

Health checks

Yes

Yes

N/A

Webinars

Yes

Yes

N/A

Governance

Operational Service Review

Weekly

Every 2 Weeks

N/A

Monthly Operations Review

Yes

Yes

Digital Report

Executive Business Review

Quarterly

Semi-Annual

N/A

Priority Support

Severity 1 Response

30 min

1 hour

2-4 hours

Severity 2 Response

1 hour

2 hours

4-8 hours

Skyhigh Plan Severity 1 Severity 2 Severity 3 Severity 4

Initial Response

PREMIUM-CARE

30 mins

1 hour

4 hours

1 business day

ENTERPRISE-CARE

1 hour

2 hours

4-8 hours

1 business day

BASIC-CARE

2 hours

4 hours

1 business day

2 business days

Update Frequency

PREMIUM-CARE

At least once per hour unless agreed otherwise with the customer

At least twice per day unless agreed otherwise with the customer

ENTERPRISE-CARE

BASIC-CARE

At least once every two hours unless agreed otherwise with the customer

At least once per day unless agreed otherwise with the customer

Negotiated with the customer

Negotiated with the customer

Customer Support Plans

All Customer care Plans provide direct access to Technical Support Engineers for technical issue resolution.

Skyhigh Security Premier Care Plan –The Premier Care plan will entitle You to elevated support response times, including a maximum 30-minute response for Severity 1 SRs and a 1-hour response for Severity 2 SRs.

Skyhigh Security Enterprise Care Plan The Enterprise Care plan will entitle you to elevated support response times, including a maximum 1-hour response for Severity 1 SRs and a 2-hour response for Severity 2 SRs.

Skyhigh Security Basic Care Plan includes five (5) days of professional services to get the product fully deployed and operational. A non-dedicated remote CSM is assigned to work with the customer as part of this offering. This offering also includes e-learning plus access to webinars.

SKYHIGH PLAN SS-PREMIUM-CARE SS-ENTERPRISE-CARE SS-BASIC-CARE
SLAs (Levels)

Severity Level 1

30 min response

1-hour response

Standard

Severity Level 2

1-hour response

2-hour response

Standard

Severity Levels

Critical - Severity 1 Error:

A “Severity 1 Error” will mean that the Cloud Services is non-operational, and no Users can access the system, or the functionality is significantly decreased, or back-up or other security of data can no longer be performed. The defect affects mission-critical systems or information in the production environment. This may include any defect related to You or personal safety, system availability, overall data integrity or ability to serve You.

“Severity 1 Error” events will require immediate resolution. We must start the correction of “Severity 1 Errors no later than thirty (30) minutes following notification from You. We will work to correct Severity 1 Errors on a 24x7 basis until resolution. Our Support personnel as well as Your personnel may be required to sustain a twenty-four (24) hour per day effort to determine the root cause of the problem or until circumvention or resolution is provided. We will provide regular updates informing You of the progress to remedy the reported problem. For Severity 1 Errors only, telephone support is available to report irregularities twenty-four (24) hours per day seven (7) days per week.

High - Severity 2 Error:

A “Severity 2 Error” will mean that the Cloud Services is operational with functional limitations or restrictions but there is minimal business impact. The error has a large impact on the functionality of the application but does not require immediate release into the production environment.

We must start the correction of “Severity 2 Error” no later than one (1) hour following notification by You. We will work to correct Severity 2 Errors during normal business hours and will provide regular updates informing You of the progress to remedy the reported problem.

Medium - Severity 3 Error:

A “Severity 3 Error” will mean these Cloud Service is operational with functional limitations or restrictions that are not critical to the overall system operation. The error has a moderate impact on the functionality of the application. However, the Service remains usable by all groups.

We will work to correct Severity 3 Errors during normal business hours. We will use reasonable efforts to correct such errors within thirty (30) business days.

Low - Severity 4 Error:

A “Severity 4 Error” will mean the Cloud Service is operational with problems or errors, which have little impact on system operations. Severity 4 Errors will include documentation errors. The error has a minor impact on the functionality of the application.

“Severity 4 Error” events are normally corrected in the next maintenance release of the Cloud Service.

To Contact Us, please reach out to Your Customer Support Manager or through the Skyhigh Support Service Portal at https://www.skyhighsecurity.com/en-us/support.html.