The Prevalent Legal Vendor Network (PLVN) seeks to provide a shared, legal community-driven Vendor Risk assessment and monitoring service for member law firms. As a member, you will be an active part of what the PLVN is and does for you and for other Members.
- Description of Services. PLVN members (“Members”) are limited to entities authorized to practice law within any state or applicable jurisdiction. . It is intended to identify and provide access to tools, processes and learning that will help identify and mange vendor risk issues the legal community faces. The membership includes a subscription to the Prevalent Vendor Risk Management and Vendor Threat Monitor Service and hosting services; access to shared risk assessment data contributed by the membership; a vehicle for cost sharing regarding collaborative additions for additional vendor risk assessments; and a forum for Members to provide thought leadership regarding vendor risk advice and suggestions; and the service of a dedicated PLVN Project Manager (collectively, “Services”). The Services are provided subject to the terms of the Prevalent SaaS Agreement http://www.prevalent.net/saassubscription/ and this TOU.
- Service Assumptions.
- Member’s will provide internet connectivity. Member’s internet conectivity and Member’s local access equipment, including laptops, tablets, routers, LANs etc are all ouside the scope of this Service.
- Prevalent may choose to utilize qualified subcontractors to perform certain Services.
- Any Services not documented in the VRM and VTM Software Service Description, Attachment A, are considered outside of scope of this SOW
- The parties acknowledge that the Service requires that Members will identify the appropriate third party suppliers and vendors used in the PLVN Service (“Vendors”). Members will ensure vendors cooperate in providing information and data necessary to assess various risks associated with their products and services; moreover Vendors will need to provide updates to that information; and PLVN members (“Member”) are responsible for securing the suppliers and vendors consent. In order to include the Vendor within the Service, Vendors must provide their consent for PLVN and its suppliers to share that data and the results of the Service related to that data.
- PLVN will create a steering committee to help interface with Prevalent on behalf of all Members.
- Members accept and will abide by membership data sharing rules, as approved by Prevalent, Inc as the Service provider on behalf of itself and its 3rd party data providers.
- No Unlawful or Prohibited Use. As a condition of your use of the Services, you will not use the Services for any purpose that is unlawful or prohibited by these terms, conditions and notices; or distribute work products to non-members. You hereby represent and warrant that you have all requisite legal power and authority to enter into this TOU and no further authorization or approval is necessary. You further represent and warrant that your participation or use of the Services will not conflict with or result in any breach of any license, contract, agreement or other instrument or obligation to which you are a party.
- Use of Services. You agree that when participating in or using the Services, you will not:
- Upload, or otherwise make available, files that contain images, photographs, software or other material protected by intellectual property laws, including, by way of example, and not as limitation, copyright or trademark laws (or by rights of privacy or publicity), Third Party Licensed data content unless you own or control the rights thereto or have received all necessary consent to do the same;
- Use any material or information, including images or photographs, which are made available through the Services in any manner that infringes any copyright, trademark, patent, trade secret, or other proprietary right of any party;
- Upload files that contain viruses, Trojan Horses, worms, time bombs, cancelbots, corrupted files, or any other similar software or programs that may damage the operation of another’s computer or property of another;
- Download any file(s) that you know, or reasonably should know, cannot be legally reproduced, displayed, performed, and/or distributed in such manner;
- Restrict or inhibit any other user from using and enjoying the Services;
- Use the Services in connection with contests, pyramid schemes, chain letters, junk email, spamming or any duplicative or unsolicited message (commercial or otherwise);
- Publish, post, upload, distribute or disseminate any inappropriate, profane, defamatory, obscene, indecent or unlawful topic, name, material or information on or through PLVN;
- Harvest or collect information about others, including email addresses, without the authorization or consent of the disclosing party;
- Violate any applicable laws or regulations; and
- Create a false identity for the purpose of misleading others.
- Monitor Rights. PLVN reserves the right at all times to disclose any information about you, your participation in and use of the Services as PLVN deems necessary to satisfy any applicable law, regulation, legal process or governmental request, or to edit, refuse to post or to remove any information or materials, in whole or in part, in PLVN’s sole discretion. While PLVN reserves this right the parties acknowledge they have no duty to monitor content or postings.
- Confidentiality. a. You acknowledge and agree that during your participation in and use of the Services you may be exposed to Confidential Information. “Confidential Information” shall mean all information, in whole or in part, that is disclosed by PLVN, or any participant or user of the Services or any employee, affiliate, or agent thereof, that is nonpublic, confidential or proprietary in nature. Confidential Information also includes, without limitation, information about business, sales, operations, know-how, trade secrets, technology, products, employees, customers, marketing plans, financial information, services, business affairs, any knowledge gained through examination or observation of or access to the facilities, computer systems and/or books and records of PLVN or any analyses, compilations, studies or other documents prepared by PLVN or otherwise derived in any manner from the Confidential Information and any information that you are obligated to keep confidential or know or has reason to know should be treated as confidential.
- Your participation in and/or use of the Services obligates you to: i.) maintain all Confidential Information in confidence using the same measures you use to protect your own like confidential information; ii.) not to disclose Confidential Information to any third parties; and iii.) not to use the Confidential Information in any way directly or indirectly detrimental to PLVN, its suppliers or any Member or user of the Services.
- All Confidential Information remains the sole and exclusive property of Prevalent, Inc. as the Service Provider or the respective disclosing party. You acknowledge and agree that nothing in this TOU or your participation or use of the Services will be construed as granting any rights to you, by license or otherwise, in or to any Confidential Information or any patent, copyright or other intellectual property or proprietary rights of PLVN its suppliers, or any contractor, participant or user of the Services.
- Participation In or Use of Services. You acknowledge that you are participating in or using the Services at your own free will and decision. You acknowledge that PLVN does not have any liability with respect to your access, participation in, use of the Services, or any loss of information resulting from such participation or use and that your use of the Services is subject to the terms of the Prevalent SaaS Agreement http://www.prevalent.net/saassubscription/ and this TOU.
- Disclaimer of Warranties. To the maximum extent permitted by applicable law, and except as otherwise expressly provided under the Prevalent SaaS Subscription Agreement, PLVN provides the Services “as is” and with all faults, and hereby disclaim with respect to the services all warranties and conditions, whether express, implied or statutory, including, but not limited to, any (if any) warranties, duties or conditions of or related to: merchantability, fitness for a particular purpose, lack of viruses, accuracy or completeness of responses, results, workmanlike effort and lack of negligence. Also, there is no warranty, duty or condition of title, uninterrupted use, quiet enjoyment, quiet possession, correspondence to description or non-infringement. The entire risk as to the quality, or arising out of participation in or the use of the Services, remains with you.
- Limitation of Liability and Remedies. PLVN and its suppliers’ liability under this Agreement from any and all causes, including negligence but exclusive of claims for damages arising from bodily injury or loss of tangible property shall be limited to general money damages in an amount not to exceed the total amount of payment due under its Agreement. Such amount shall be the extent of PLVN and its supplier’s liability regardless of the form in which any legal or equitable action may be brought and the foregoing shall constitute damaged party’s sole remedy. In no event will PLVN or their supplier’s be responsible for special, indirect, incidental or consequential damages including but not limited to, loss of data or damage to business reputation, even if previously advised of the possibility of such damages. No legal action regardless of the form, relating in any manner to this Agreement may be brought by either party more than one year after recognition of the event giving rise to the cause of action with the exception of non-payment hereunder, or actions for breach of PLVN or its supplier’s intellectual property rights.
- Termination. PLVN and its suppliers reserves the right to terminate any Service at any time. PLVN and its supplier further reserves the right to suspend or terminate your participation in and use of any Services, immediately and without notice, if you fail to comply with the TOU.
- Indemnification. You release, and hereby agree to indemnify, defend and save harmless PLVN their suppliers, and their past, present and future officers, agents, shareholders, members, representatives, employees, successors and assigns, jointly and individually, from and against all claims, liabilities, losses, damages, costs, expenses, judgments, fines and penalties based upon or arising out of your negligent actions, errors and omissions, willful misconduct and fraud in connection with the participation in or use of the Services. You further agree in the event that you bring a claim or lawsuit in violation of this agreement, you shall be liable for any attorneys’ fees and costs incurred by PLVN its suppliers or its respective officers and agents in connection with the defense of such claim or lawsuit.
- Severability. This TOU is governed by the laws of the State of New York. In the event that any provision or portion of this TOU is determined to be invalid, illegal or unenforceable for any reason, in whole or in part, the remaining provisions of this TOU shall be unaffected thereby and shall remain in full force and effect to the fullest extent permitted by applicable law.
Vendor Risk Manager
Software Service Description
VRM: Prevalent Vendor Risk Manager (VRM) is a Software as a Service (SaaS) offering that automates many of the tasks associated with the vendor risk management process, including evidence collection, evidence risk analysis, email notifications, and scheduling. VRM offers security, compliance, and risk management professionals a platform to manage and automate the vendor risk assessment process. VRM enables organizations to evaluate vendors based on vendor tiers determined by their importance or potential risk to the organization. VRM enables the creation of standard tier structure for the organization, a standardized assessment workflow, Shared Assessment content, evidence collection, risk scoring, and reporting. The VRM SaaS manages each vendor independently, providing the ability to understand the impact of doing business with a particular vendor. Each VRM license shall allow for the assessment, management and reporting for one third party vendor per license for the license term.
Vendor Threat Monitor
Software Service Description
VTM: Prevalent Vendor Threat Monitor (VTM) is a Software as a Service (SaaS) offering that enables organizations to continuously monitor key relationship risk areas, including: Data Risk, Operational Risk, Financial Risk, Brand Risk, Regulatory Risk and Geographic Risk. Organizations using Prevalent VRM SaaS to assess vendors and service providers can opt to configure VTM to monitor for potential risk areas identified by Prevalent VRM. Prevalent VTM will notify the risk manager associated with the relationship to determine whether the risk poses an actual threat to the organization. Data types that are part of this analysis include external data breach notifications, IP reputation data, malware for known domains, financial analysis, phishing attacks, regulatory issues and other publicly available information. Each VTM license shall allow for the monitoring of threat intelligence and reporting for one third party vendor per license for the license term.