Hadrian Terms & Conditions
IMPORTANT - READ CAREFULLY:
This EULA applies between Hadrian and the Customer named on the Order Form hereinafter together referred to as “Parties” and each a “Party”. By signing the Order Form or otherwise accessing or using the Hadrian Services, Customer acknowledges that Customer has read, understands and agrees to be bound by the terms and conditions of the EULA. Where a reseller, service provider, consultant, contractor, or other permitted third party uses the Hadrian Services on Customer’s behalf, such party will be deemed to be Customer’s agent and Customer will be deemed to have accepted all of the terms and conditions as if the Customer had directly accessed the Hadrian Platform and used the Hadrian Services. If the Customer does not agree with the terms and conditions of this EULA, the Customer is not authorised to access the Hadrian Platform nor use the Hadrian Services for any purposes whatsoever.
IT IS AGREED AS FOLLOWS:
- Definitions
- In this EULA, capitalized words, phrases and acronyms shall have the following meaning:
- Appendix: any Appendix to this EULA.
- Authorized User: an individual who is authorized in accordance with this EULA by Customer to use the Hadrian Platform. Customer is only allowed to designate employees or contractors of Customer as an Authorized User.
- Digital Asset: any online artefact, as established by Hadrian through discovery or provided by Customer to Hadrian, belonging to Customer’s digital infrastructure, including, but not limited to, web servers, cloud applications, cloud buckets, Kubernetes, VPN services, IP addresses and ASN’s, domain names, subdomains, social media accounts, Github accounts, API endpoint, mobile applications, certificates, etc.
- Effective Date: the date on the first page of the Order Form.
- EULA: this End User License Agreement, including the recitals and Appendices.
- Hadrian Platform: the online hosted software solution, such as, but not limited to a platform and dashboard provided by Hadrian which Customer and its Authorized Users may access to consult the results of the Services;
- License: License to access and use the Hadrian Platform, subject to the terms of this EULA.
- Order Form: the Order Form describing the applicable Modules and Services, as agreed between Customer and Hadrian or Hadrian’s Partner.
- Partner: a reseller of the Services, under a Partner Agreement with Hadrian.
- Services: the Software as a Service subscription services to be provided by Hadrian to Customer, including license to access and use the Hadrian Platform, the provision of the Hadrian Platform. asset discovery & contextualization, monitoring & (pen)testing, and interpretation & intelligent risk assessment as described in Appendix A Subscription Service Description to this EULA.
- Subscription Fee: The fee to be paid by Customer for the Services, as specified in an Order Form.
- Subject and scope
- This EULA sets out the terms for the delivery of the Services by Hadrian to Customer for the benefit of mapping Customer’s digital infrastructure and providing security insights, as further described in Appendix A (Subscription Service Description).
- The following Appendices form a part of this EULA. In the event of any conflict between the provisions in the body of this EULA and any of the Appendices, the provisions contained in a document listed higher will prevail over one listed lower, unless Parties have explicitly departed from such provision in writing: This EULA
- Appendix A: Subscription Service Description
- Appendix B: Service Availability
- Appendix C: Hadrian’s Hosted Software Information Security Framework
- Start, duration
- This EULA will start on the Effective Date and will stay in force for an initial period as agreed in the Order Form (“Initial Subscription Term”), unless expired or terminated. At the end of the Initial Subscription Term, this EULA shall be automatically renewed for additional periods of one year (each a “Renewal Term”; the Initial Subscription Term and each Renewal Term collectively referred to as the “Term”) unless otherwise terminated or otherwise agreed in a separate Order Form.
- Delivery of the Services
- Hadrian shall deliver the Services to Customer and its Authorized Users in accordance with this EULA and Appendices thereto. The Services are described in greater detail in Appendix A Subscription Service Description. The Services shall start within a reasonable term following the conclusion of the Order Form where time will not be of the essence.
- The Hadrian Platform may be used only by Authorized Users.
- Hadrian shall use reasonable endeavours to perform its responsibilities under the Order Form and this EULA and deliver the Services to Customer in accordance with the terms of this EULA. The Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Hadrian or by third-party providers, or because of other causes beyond Hadrian’s reasonable control. Hadrian shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled disruption of the Services. When notified by Customer, Hadrian shall use reasonable endeavours to resolve errors, omissions or bugs.
- Responsibilities of Customer
- Customer and its Authorized Users shall:
- timely co-operate with Hadrian in all matters relating to the delivery of the Services;
- provide to Hadrian, in a timely manner, access, documents, information, items, Digital Assets and materials in any form, required under this EULA or otherwise reasonably required by Hadrian for the delivery of the Services, and ensure that they are accurate and complete;
- use the Hadrian Platform in compliance with all applicable laws and regulations, and not use the Hadrian Platform in any other way than permitted by this EULA;
- if contractually or statutory required, be responsible for notifying any third party that might be affected by the Services of the delivery of the Services by Hadrian; and
- not allow any person other than a representative of Hadrian to modify, repair or maintain any part of the Hadrian Platform.
- WARRANTY AND INDEMNIFICATION: ****IF CUSTOMER PROVIDES (INFORMATION RELATED TO) DIGITAL ASSETS TO HADRIAN, CUSTOMER REPRESENTS, COVENANTS, AND WARRANTS THAT IT OWNS SUCH DIGITAL ASSETS AND/OR IS ENTITLED TO PROVIDE SUCH DIGITAL ASSETS TO HADRIAN. IF CUSTOMER IS UNDER AN OBLIGATION EITHER BY STATUTE AND/OR BY AGREEMENT TO NOTIFY A THIRD PARTY ABOUT THE DELIVERY OF THE SERVICES, CUSTOMER REPRESENTS, COVENANTS AND WARRANTS THAT IT HAS DULY NOTIFIED SUCH THIRD PARTY.
- THE SERVICES, INCLUDING ANY (PEN)TESTS, ARE DELIVERED AT THE EXPRESS REQUEST AND WITH EXPLICIT CONSENT OF THE CUSTOMER. CUSTOMER HEREBY AGREES TO INDEMNIFY AND HOLD HARMLESS HADRIAN AGAINST ANY DAMAGES, LOSSES, LIABILITIES, CRIMINAL INVESTIGATIONS – INCLUDING, BUT NOT LIMITED TO, INVESTIGATIONS IN CONNECTION WITH CHARGES OF COMPUTER INTRUSION, SYSTEM INTERFERENCE, ILLEGAL INTERCEPTION, COMPUTER SABOTAGE AND/OR DATA INTERFERENCE, SETTLEMENTS AND EXPENSES (INCLUDING WITHOUT LIMITATION COSTS AND ATTORNEYS’ FEES) IN CONNECTION WITH ANY CLAIM OR ACTION THAT ARISES FROM AN ALLEGED VIOLATION OF THE FOREGOING OR OTHERWISE FROM THE DELIVERY OF THE SERVICES BY HADRIAN TO CUSTOMER.
- Customer and its Authorized Users shall:
- Fees and payment
- Customer agrees to pay the prices as agreed in the applicable Order Form. All prices are exclusive of turnover tax (VAT) and other (service-specific) levies imposed by the authorities.
- All prices stated by Hadrian are in euros (EUR) and the Customer must make all payments in euros, unless otherwise agreed in the applicable Order Form.
- Hadrian or Hadrian’s partner shall invoice the Customer the fee for the activities agreed on with the Customer, including the Subscription Fee, in advance and on an annual basis.
- Unless indicated otherwise on the invoice or as agreed between Hadrian or Hadrian’s partner and the Customer, any sums due are paid by the Customer within thirty days of the date of the invoice.
- The Customer may neither suspend any payments nor set off any of the sums due. If the Customer fails to pay sums due or fails to do so on time, the Customer shall owe default interest of 1% per month on the outstanding sum without a demand for payment or a notice of default being required.
- If the Customer fails to pay the amount due after a demand for payment or a notice of default has been issued, Hadrian or Hadrian’s partner shall be entitled to refer the debt for collection, in which case the Customer must pay all judicial and extrajudicial costs, including all costs charged by external experts. The foregoing shall be without prejudice to Hadrian’s or Hadrian’s partner other legal and contractual rights.
- All payments made under this EULA or the Order Form for the provision of services are non-refundable, except as specifically provided in this EULA.
- Information from Hadrian or Hadrian’s partner’s records and administration shall count as full conclusive evidence with respect to the activities performed by Hadrian or Hadrian’s partner and the sums due by the Customer for these activities, without prejudice to the Customer’s right to produce evidence to the contrary.
- If it should be apparent from this EULA or the Order Form that the Customer consists of several natural persons and/or legal entities, each of these natural persons and/or legal entities shall be jointly and severally liable towards Hadrian or Hadrian’s partner for the performance of this EULA or the Order Form.
- For any periodic payment obligations, Hadrian or Hadrian’s partner may adjust the applicable prices and rates in writing with due observance of a period of thirty days . If the Customer does not agree to the adjustment, the Customer shall be entitled to terminate this EULA or the applicable Order Form in writing within thirty days following notice of the adjustment, which termination shall take effect on the date on which the new prices and/or rates would take effect.
- Confidentiality
- The Customer and Hadrian ensure that strict secrecy is observed with respect to all information received from the other party, as required to perform the activities under this EULA or otherwise, or encountered while performing such activities, that the receiving party knows or should reasonably know is confidential, and that reasonable safeguards are put into place and maintained throughout the term of this EULA to protect such confidential information against misuse, leakage, unauthorised access, and theft etc.
- The duty of confidentiality shall not apply to Hadrian if and insofar as Hadrian is required to provide the information concerned to a third party in accordance with a court decision or a statutory requirement, or if and insofar as doing so is necessary for the proper performance of this EULA by Hadrian, provided Hadrian notifies the Customer prior to such disclosure (where such disclosure is permitted by law).
- The party that receives the confidential information may only use it for the purpose for which it was provided and shall not sell this information or otherwise make it available or disclose it to third parties, fully or partially.
- Information shall in any case be deemed to be confidential if it has been qualified as such by one of the parties. The Customer acknowledges that software originating from the Hadrian is always confidential in nature and that this software contains trade secrets of the Hadrian and its suppliers or the producer of the software.
- Non-solicitation of employees
- During the term of the agreement and for six (6) months following its termination, each of the parties shall not employ or otherwise directly or indirectly engage, for the purpose of performing work, employees of the other party who are or were involved in the performance of the agreement unless the other party has given express prior written permission. Conditions may be attached to this permission, including the conditions that a reasonable compensation must be paid.
- Privacy and data processing
- During the performance of the activities or while providing the services under this EULA, Hadrian may encounter, or otherwise process, information belonging to Customer which qualifies as personal data in the sense of Regulation (EU) 2016/679 (the General Data Protection Regulation or’ GDPR’)(‘Personal Data’). With regard to Personal Data, Hadrian qualifies as data processor, and Customer as data controller. Each party (Customer as data controller and Hadrian as data processor) will comply with applicable data protection legislation as defined in this article, among which the GDPR, and process Personal Data in accordance with this provision.
- If necessary for the performance of this EULA, the Customer shall on request inform the Hadrian in writing about the way in which the Customer performs its legal obligations regarding the protection of personal data.
- Obligations of Customer as data controller: Customer shall: (a) comply with all its obligations as data controller under applicable data protection laws and regulations, including the GDPR (‘Privacy Laws’); (b) timely in advance of the start of the performance of this EULA instruct Hadrian to process Personal Data on the Customer’s behalf; and (c) ensure that such instructions are issued in writing, are consistent with the terms of this EULA, reasonable and in accordance with applicable Privacy Laws and, to the extent that this is reasonably possible, describe the subject matter and duration of the processing by Hadrian, the nature and purpose of the processing, the types of Personal Data and categories of data subjects.
- Obligations of Hadrian as data processor: ****Hadrian shall: (a) comply with applicable Privacy Laws as far as applicable to Hadrian’ s service as a data processor; (b) process, and shall ensure that its staff and personnel processes, Personal Data only on documented instructions from Customer and only for the purposes authorised by Customer and insofar as necessary for the performance of this EULA, except if Hadrian is required to do so by applicable EU or EU Member State law. In such case, Hadrian shall inform Customer thereof before processing, unless that law prohibits Hadrian from providing such information; (c) ensure that Hadrian’s staff and personnel authorised to process the Personal Data has signed a confidentiality agreement or is otherwise bound by an obligation of confidentiality; (d) implement appropriate technical and organisational measures to protect the Personal Data against security risks consistent with applicable Privacy Laws; (e) inform Customer without delay in case of a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data; (f) taking into account the nature of the processing and the information available to Hadrian, cooperate with Customer where this is necessary for the performance of Customer’s privacy impact assessments, prior consultation obligations or personal data breach notification obligations under applicable Privacy Laws; (g) in so far as possible and taking into account the nature of the processing, assist Customer by appropriate technical and organisational measures to respond to requests for exercising the rights of data subjects pursuant to applicable Privacy Laws the costs associated with this support are not included in the agreed prices and payments and shall be borne by the Customer; (h) only engage sub-processors by way of a written agreement which imposes at least the same obligations on the sub-processor as are imposed on Hadrian under this article. Customer authorises Hadrian to use the sub-processors notified by Hadrian to Customer before the start of the performance of this EULA. During the term of this EULA, Hadrian may appoint one or more additional sub-processors if Hadrian notifies Customer of the identity of the sub-processor, and Customer does not object within 15 calendar days of notification to the use of this sub-processor based on reasonable grounds relating to applicable Privacy Laws; (i) delete or return all Personal Data after termination or expiration of this EULA, unless applicable EU or EU Member State law requires storage of the Personal Data or permitted otherwise in this EULA; (j) make available to Customer all information necessary to demonstrate compliance with the obligations laid down in this article; (k) allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer. In such cases, Customer shall (i) give Hadrian reasonable notice of the intention to perform an audit or have an audit performed; (ii) ensure that the audit is performed in compliance with Hadrian’s reasonable confidentiality and business requirements; (iii) ensure that reasonable efforts are made to minimise any disruption to Hadrian’s business caused by the performance of the audit; (iv) bear Hadrian’s costs relating to such audit, unless the audit shows non-compliance with this article, in which case Hadrian will bear its own costs. Hadrian shall immediately inform Customer if it believes that an instruction in relation to an audit violates EU or Member State laws.
- Customer indemnifies Hadrian against any claims by persons whose Personal Data are or have been processed and for which processing Customer is responsible pursuant to the Privacy Laws, unless Customer proves that the facts on which a claim is based are attributable to Hadrian.
- Security
- Hadrian provides the information security as described in Appendix C: Hadrian’s Hosted Software Information Security Framework. Hadrian does not guarantee that the information security provided is effective under all circumstances. Hadrian is entitled to adapt the security measures from time to time if this should be required as a result of a change in circumstances.
- The access or identification codes and certificates provided by or on behalf of Hadrian to the Customer are confidential and must be treated as such by the Customer and may only be made known to authorised personnel in the Customer’s own organisation. Hadrian is entitled to change the access or identification codes and certificates. The Customer is responsible for managing these authorisations and for providing and duly revoking access and identification codes.
- The Customer must adequately secure its systems and infrastructure and always have active antivirus software protection.
- Hadrian may give the Customer instructions about security features intended to prevent or to minimise incidents, or the consequences of incidents, that may affect security. To the extent that the implementation of an instruction results in costs for Hadrian, Hadrian will first inform the Customer about such costs. Only after the Customer’s confirmation to bear such costs for the implementation of an instruction, Hadrian is required to implement such instruction. If the Customer should fail or follow the instructions issued by the Hadrian or by a relevant public authority, or should fail to follow these in time, Hadrian is not liable and the Customer indemnifies Hadrian against any damage that may arise as a result.
- Hadrian is at any time permitted to install technical and organisational facilities to protect hardware, data files websites, software made available, software or other works to which the Customer has been granted access, whether directly or indirectly, also in connection with a restriction agreed on in the content or the duration of the right to use these objects. The Customer may not remove or circumvent any of such technical facilities or have these removed or circumvented.
- Grant of License, retention of title, reservation of rights and suspension
- Hadrian grants Customer the right to use the Services, subject to the conditions of this EULA and as described in the Order Form. Where applicable, rights are granted or transferred to the Customer subject to the condition that the Customer has paid all sums due under the Order Form and this EULA.
- Hadrian may retain all information, documents, software and/or data files received or created in the context of this EULA in spite of an existing obligation to hand over or transfer until the Customer has paid all amounts owed.
- Risk transfer
- The risk of loss, theft, misappropriation or damage of items, information (including usernames, codes, and passwords), documents, software or data files that are created, supplied or used in the context of performing this EULA shall pass to the Customer at the time at which the Customer or an auxiliary person of the Customer comes into actual possession of the items and information referred to.
- Intellectual property
- All intellectual property rights to the software, websites, data files, databases, hardware, training, testing and examination materials, as well as other materials such as analyses, designs, documentation, reports, offers, including preparatory materials for these materials, developed or made available to the Customer under this EULA are and remain held exclusively by Hadrian, its licensors or its suppliers. Nothing in this EULA is, nor shall be deemed to be, any transfer of intellectual property rights owned by Hadrian to the Customer. The Customer is solely granted the rights of use laid down in these general terms, in this EULA entered into by parties in writing and in the applicable mandatory legal provisions. A right of use accorded to the Customer is non-exclusive, non-transferable, non-pledgeable and non- sublicensable.
- If Hadrian is prepared to undertake to transfer an intellectual property right, such commitment may only be undertaken expressly and in writing. If the parties agree in writing that an intellectual property right with respect to software, websites, data files, equipment or other materials specifically developed for the Customer shall transfer to the Customer, this shall be without prejudice to Hadrian’s right or option to use and/or operate, either for itself or for third parties and without any restriction, the parts, general principles, ideas, designs, algorithms, documentation, works, programming languages, protocols, standards and the like on which the developments referred to are based for other purposes. Hadrian is also entitled to use and/or exploit, either for itself or for third parties and without any restrictions, the general principles, ideas and programming languages that have been used as a basis to create or develop any work for other purposes. The transfer of an intellectual property right shall likewise be without prejudice to Hadrian’s right to continue developing and/or complete (software) developments, either for itself or for a third party, that are similar to or derived from (software) developments that were or are being completed for the Customer.
- The Customer may not remove or change any indication concerning the confidential nature of the software, websites, data files, hardware or materials or with respect to copyrights, brands, trade names or any other intellectual property right pertaining to the software, websites, data files, hardware or materials, or have any such indication removed or changed.
- Third party IP Indemnity
- Hadrian indemnifies the Customer against any claim of a third party based on the allegation that software, websites, data files, equipment or other materials developed by Hadrian itself infringe an intellectual property right of that third party, subject to the condition that the Customer immediately informs Hadrian in writing about the existence and content of the claim and leaves the settlement of the claim, including any arrangements made in this regard, entirely to Hadrian. The Customer shall provide the powers of attorney and information required to the Hadrian and assist the Hadrian to defend itself against such claims. This obligation to indemnity shall not apply if the alleged infringement concerns (i) materials made available to Hadrian by the Customer for use, modification, processing or maintenance or (ii) changes made or commissioned by the Customer in the software, website, data files, equipment or other materials without Hadrian’s written permission. If it is irrevocably established in court that software, websites, data files, equipment or other materials developed by Hadrian itself is or are infringing any intellectual property right held by a third party, or if, in the opinion of Hadrian, there is a good chance that such an infringement is occurring, Hadrian shall if possible ensure that the Customer can continue to use, or use functional equivalents of, the software, websites, data files, equipment or materials supplied. In case such continued use is not possible, as sole remedy, Hadrian shall refund any applicable prepaid amounts for the remaining term of this EULA (if any). Any other or further obligation to indemnify on the part of the Hadrian due to infringement of a third party’s intellectual property right is excluded.
- The Customer guarantees that making equipment, software, material intended for websites, data files and/or other materials and/or designs available to Hadrian for the purpose of use, maintenance, processing, installation or integration does not infringe any rights of third parties. The Customer indemnifies Hadrian against any claim of a third party based on the allegation that such making available, use, maintenance, processing, installation or integration infringes a right of that third party.
- Hadrian is entitled to use the Customer’s figurative mark, logo or name in its external communication.
- Performance of services
- Hadrian performs its services, which shall be delivered on a Software-as-a Service (‘SaaS’) basis, with care to the best of its ability, where applicable in accordance with the arrangements and procedures agreed on with the Customer in writing. All services provided by Hadrian are performed on a best-efforts obligation basis unless and insofar as Hadrian has expressly promised a result in the written agreement and the result concerned has also been defined with sufficient determinability in this EULA.
- Hadrian provides the SaaS on the instructions of the Customer. Hadrian, however, is in no event obliged to follow the Customer’s instructions when performing the services, more particularly not if these instructions change or add to the content or scope of the services agreed on. If such instructions are followed, however, the activities performed are charged at the Hadrian’s applicable rates.
- Hadrian may adjust the content or scope of the SaaS without prior notice. If such adjustments are substantive and result in a change in the Customer’s current procedures, Hadrian informs the Customer about this as soon as possible and the costs of this adjustment are borne by the Customer. In this case the Customer may serve notice of termination of this EULA , which termination takes effect on the date on which the adjustment takes effect, unless the adjustment is related to amendments in relevant legislation or other instructions issued by public authorities, or the adjustment is at Hadrian’s expense.
- Hadrian may continue to provide SaaS using a new or modified version of the software. Hadrian is not obliged to maintain, modify or add certain features or functionalities of the service or software specifically for the Customer.
- Hadrian may temporarily put all or part of the SaaS out of operation for preventive, corrective or adaptive maintenance or other forms of service. Hadrian shall not allow the period during which the service is out of operation to last longer than necessary and shall ensure if possible that this period occurs outside office hours.
- Hadrian is never obliged to provide a physical carrier to the Customer that contains the software provided to and held by the Customer in the context of the SaaS.
- The Customer may only use the SaaS for its own organisation or company and only insofar as required for the use intended by supplies. The Customer may not allow third parties (except its affiliated companies as long as they are affiliates) to make use of the services provided by Hadrian in the field of SaaS.
- Hadrian is not liable for any damage suffered or costs incurred as a result of the use or misuse that is made of access or identification codes or certificates or any other security means unless the misuse is the direct result of any intent or deliberate recklessness on the part of Hadrian’s management.
- Disclaimer of warranties
- HADRIAN DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO COMPLETENESS, ACCURACY, AVAILABILITY, OR TIMELINESS OF (THE RESULTS OF) THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THIS EULA, THE SERVICES ARE PROVIDED “AS IS” AND HADRIAN DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. HADRIAN DOES NOT WARRANT THAT THE SOFTWARE MADE AVAILABLE AND HELD IN THE CONTEXT OF THE SERVICES SHALL BE ADAPTED TO CHANGES IN RELEVANT LEGISLATION AND REGULATIONS ON TIME. HADRIAN DOES NOT WARRANT THAT DEFECTS IN SOFTWARE THAT IT HAS NOT DEVELOPED ITSELF SHALL BE FIXED.
- Hadrian shall make efforts to fix errors in the software within a reasonable period if and insofar as the matter concerns software developed by Hadrian itself and the Customer has provided a detailed, written description of the defects concerned to Hadrian. Where there are grounds for doing so, Hadrian may postpone the fixing of defects until a new version of the software is put into operation. Hadrian is entitled to install temporary solutions, program bypasses or problem-avoiding limitations in the software. If the software, or part of it, has been developed on the instructions of the Customer, Hadrian may charge the Customer for the costs incurred by repairing the error(s) at Hadrian’s applicable rates.
- Based on the information provided by Hadrian concerning measures to prevent and limit the effects of malfunctions, defects in the services, corruption or loss of data or other incidents, the Customer shall identify and list the risks to its organization and take additional measures if necessary. Hadrian declares that it is prepared to provide assistance, at the Customer’s request, to the extent reasonable and according to the financial and other conditions set by Hadrian, with respect to further measures to be taken by the Customer. Hadrian is never obliged to recover data that has been corrupted or lost.
- Obligations to cooperate and provide information
- Hadrian and the Customer agree that to enable proper performance of this EULA by Hadrian, proper and timely cooperation of parties is of the essence. The Customer undertakes to always cooperate fully, within reason, and in time and shall always provide all information reasonably required in a timely manner.
- The Customer guarantees that the data, information, designs and specifications provided by or on behalf of the Customer to the Hadrian is or are accurate and complete. If the data, information, designs or specifications provided by the Customer contain inaccuracies apparent to the Hadrian, the Hadrian shall contact the Customer to make enquiries about the matter.
- To ensure continuity, the Customer shall designate a contact person or contact persons who shall act in that capacity for the time Hadrian provides services to the Customer. Such contact person(s) shall have the required experience, specific knowledge of the subject matter as well as a proper understanding of the objectives to which end the Customer engages Hadrian.
- Hadrian shall in such form and manner as agreed by the parties in writing periodically provide information to the Customer via the contact person(s) about the performance of the services.
- The Customer bears the risk of selecting the services to be provided by Hadrian and shall exercise the utmost care to guarantee that the requirements that Hadrian’s performance must meet are accurate and complete.
- If, in connection with Hadrian’s services and products, the Customer makes software, equipment or other resources available to Hadrian, the Customer guarantees that all licences or approvals that Hadrian may require in relation to these resources shall be obtained.
- The Customer is responsible for the management, including checking parameters and settings, and use of the services provided by Hadrian, and the way in which the results of the services are used. The Customer also carries responsibility for i) appropriately instructing users; and ii) the use made by users of the results of the services provided by Hadrian
- Unless expressly indicated otherwise in writing, the Customer shall itself install, organise, parameterize, and tune the software and support software required on its own equipment and, if necessary, modify the equipment, other software and support software and operating environment used in this regard, and effect the interoperability that it desires.
- Terms and deadlines
- Hadrian makes reasonable efforts, within reason, to comply to the greatest extent possible with the terms and delivery periods and/or dates and delivery dates, whether or not these are deadlines and/or strict dates, that it has specified or that have been agreed on by parties. The interim dates and delivery dates specified by Hadrian or agreed on by parties always apply as target dates, do not bind the Hadrian and are always indicative. Parties acknowledge that time is not of the essence in performing the Services.
- If a term or period of time is likely to be exceeded, Hadrian and the Customer consult as to discuss the consequences of the term being exceeded in relation to further planning.
- In any event, Hadrian is only in default because of a term or period of time being exceeded after the Customer has served Hadrian with a written notice of default and has set a reasonable period of time for Hadrian to remedy the failure to meet its obligations and this reasonable term has passed. The notice of default must describe Hadrian’s breach to meet its obligations as comprehensively and in as much detail as possible so that Hadrian has the opportunity to respond adequately.
- If it has been agreed that the activities to be performed under this EULA must be performed in phases, Hadrian is entitled to postpone the start of the activities for a next phase until the Customer has approved the results of the preceding phase in writing.
- Hadrian is not bound by a date or delivery date or term or delivery period, whether or not these are deadlines and/or strict dates, if parties have agreed on an adjustment in the content or scope of this EULA (additional work, a change of specifications, etc.) or a change in approach with respect to the performance of this EULA, or if the Customer fails to fulfil its obligations under this EULA or fails to do so on time or in full. If additional work should be required during the performance of this EULA, this never constitutes a reason for the Customer to give notice of termination of this EULA or to terminate this EULA for breach.
- Termination
- On termination or expiry of this EULA:
- Hadrian shall cease to deliver the Services to the Customer;
- Customer has 7 days to download all information from the Hadrian Platform it needs and stored this in a secure location of its own;
- Customer shall pay to Hadrian all of Hadrian’s outstanding unpaid invoices (and interest) and, in respect of the Services supplied but for which no invoice has been submitted, Hadrian may submit an invoice, which shall be payable immediately on receipt;
- the licences granted to the Customer shall terminate and the licences of the Hadrian Platform to each Authorised User shall also terminate;
- Customer shall return or destroy all copies of the (confidential) information, data, materials and documentation provided by Hadrian; and
- the Customer shall cease all use of the Hadrian Platform.
- Each party shall only be authorised to terminate this EULA for breach due to an attributable failure of the other party to meet its obligations under this EULA if the other party, in all cases after a written notice of default that is as detailed as possible and that grants a reasonable term to the other party to remedy the breach has been issued, is still attributably failing to fulfil any of its material obligations under this EULA. The Customer’s payment obligations and all obligations of the Customer or a third party engaged by the Customer to cooperate and/or provide information apply in all cases as material obligations under this EULA.
- If, at the time of the termination for breach, the Customer has already received services under this EULA, these services and the relevant payment obligations shall not be undone unless the Customer proves that Hadrian is in default with respect to the material part of the services provided. With due regard to the stipulation of the preceding sentence, sums invoiced by Hadrian prior to the termination for breach in connection with what it already properly performed or delivered in the performance of this EULA shall remain payable in full and shall become immediately due and payable at the time of termination for breach.
- Each party may terminate this EULA for cause in writing, in whole or in part, without notice of default being required and with immediate effect, if the other party is granted a suspension of payments, whether or not provisional, a petition for bankruptcy is filed against the other party or the company of the other party is liquidated or dissolved other than for restructuring, for a merger of companies or found to be in breach of applicable laws.
- Hadrian may also terminate this EULA for cause , in whole or in part, without notice of default being required and with immediate effect, if a direct or indirect change occurs in the decisive control of the Customer’s company. Hadrian is never obliged to repay any amount in money already received or pay any amount in compensation due to termination as referred to in this paragraph. Neither Hadrian nor the Customer are liable with respect to the termination mentioned in this clause. If the Customer goes irrevocably bankrupt, its right to use the software, websites and the like made available to it shall end, as shall its right to access and/or use Hadrian’s services, without termination by Hadrian being required.
- On termination or expiry of this EULA:
- Liability
- HADRIAN’S TOTAL LIABILITY FOR AN ATTRIBUTABLE FAILURE IN THE PERFORMANCE OF THIS EULA OR ARISING FROM ANY OTHER LEGAL BASIS WHATSOEVER, EXPRESSLY INCLUDING FAILURES TO MEET A WARRANTY OR INDEMNIFICATION OBLIGATION AGREED BETWEEN THE PARTIES, IS LIMITED TO THE COMPENSATION OF DAMAGES AS DESCRIBED IN MORE DETAIL IN THIS ARTICLE.
- HADRIAN’S MAXIMUM LIABILITY FOR DIRECT DAMAGES IS LIMITED TO THE AGGREGATE AMOUNT (EXCLUDING VAT) PAID UNDER THIS EULA DURING THE TWELVE (12) MONTHS’ PERIOD PRECEDING THE INCIDENT THAT GAVE RISE TO THE CLAIM. IN NO EVENT DOES HADRIAN’S TOTAL LIABILITY FOR ANY DIRECT DAMAGE, ON ANY LEGAL BASIS WHATSOEVER, EXCEED EUR 500,000 (FIVE HUNDRED THOUSAND EUROS).
- HADRIAN’S TOTAL LIABILITY FOR ANY DAMAGE ARISING FROM DEATH OR BODILY INJURY OR ARISING FROM MATERIAL DAMAGE TO GOODS IS LIMITED TO THE AMOUNT OF EUR 1,250,000 (ONE MILLION TWO HUNDRED FIFTY THOUSAND EUROS).
- LIABILITY FOR INDIRECT DAMAGE, CONSEQUENTIAL LOSS, LOSS OF PROFITS, LOST SAVINGS, REDUCED GOODWILL, LOSS DUE TO BUSINESS INTERRUPTION, LOSS AS A RESULT OF CLAIMS OF THE CUSTOMER’S CUSTOMER, LOSS ARISING FROM THE USE OF GOODS, MATERIALS OR SOFTWARE OF THIRD PARTIES PRESCRIBED BY THE CUSTOMER TO HADRIAN AND ANY DAMAGE AND LOSS ARISING FROM CONTRACTING SUPPLIERS THE CUSTOMER HAS RECOMMENDED TO HADRIAN IS EXCLUDED. LIABILITY FOR CORRUPTION, DESTRUCTION OR LOSS OF DATA OR DOCUMENTS IS ALSO EXCLUDED.
- THE EXCLUSIONS AND LIMITATIONS OF HADRIAN’S LIABILITY DESCRIBED IN PARAGRAPHS 2 UP TO AND INCLUDING 4 OF THIS CLAUSE ARE ENTIRELY WITHOUT PREJUDICE TO THE OTHER EXCLUSIONS AND LIMITATIONS OF HADRIAN’S LIABILITY DESCRIBED IN THESE GENERAL TERMS AND CONDITIONS.
- THE EXCLUSIONS AND LIMITATIONS REFERRED TO IN PARAGRAPHS 2 UP TO AND INCLUDING 5 OF THIS CLAUSE CEASE TO APPLY IF AND INSOFAR AS THE DAMAGE IS CAUSED BY INTENT OR DELIBERATE RECKLESSNESS ON THE PART OF THE HADRIAN’S MANAGEMENT.
- UNLESS PERFORMANCE BY HADRIAN IS PERMANENTLY IMPOSSIBLE, HADRIAN SHALL ONLY BE LIABLE FOR AN ATTRIBUTABLE FAILURE IN THE PERFORMANCE OF AN AGREEMENT IF THE CUSTOMER PROMPTLY SERVES HADRIAN WITH A WRITTEN NOTICE OF DEFAULT, GRANTING HADRIAN A PERIOD OF 30 DAYS TO REMEDY THE BREACH, AND HADRIAN STILL ATTRIBUTABLY FAILS TO FULFIL ITS OBLIGATIONS AFTER THIS TERM HAS PASSED. THE NOTICE OF DEFAULT MUST DESCRIBE THE BREACH AS COMPREHENSIVELY AND IN AS MUCH DETAIL AS POSSIBLE IN ORDER TO GIVE THE HADRIAN THE OPPORTUNITY TO RESPOND ADEQUATELY.
- FOR THERE TO BE ANY RIGHT TO COMPENSATION, THE CUSTOMER MUST ALWAYS REPORT THE LOSS TO THE HADRIAN IN WRITING AS SOON AS POSSIBLE AFTER THE LOSS HAS OCCURRED.
- THE PROVISIONS OF THIS ARTICLE AND ALL OTHER EXCLUSIONS AND LIMITATIONS OF LIABILITY REFERRED TO IN THESE GENERAL TERMS ALSO APPLY IN FAVOUR OF ALL NATURAL PERSONS AND LEGAL PERSONS THAT HADRIAN AND HADRIAN’S SUPPLIERS CONTRACTS FOR THE PERFORMANCE OF THIS EULA.
- Force majeure
- None of the parties shall be obliged to fulfil any obligation, including any statutory and/or agreed warranty obligation, if it is prevented from doing so by circumstances beyond its control (‘force majeure’).
- A force majeure situation exists, among others, in the event of: (i) defects in items, equipment, software or materials of third parties the use of which was prescribed to Hadrian by the Customer, (ii) government measures, (iii) power failures, (iv) Internet, data network or telecommunication facilities failures, (v) (cyber) crime, (cyber) vandalism, war, terrorism and natural calamities.
- Either of the parties shall have the right to terminate this EULA in writing if a situation of force majeure persists for more than 60 days. In such an event, all that has already been performed under this EULA must be paid for on a proportional basis, without anything else being due by either party to the other party.
- Service Availability
- The Service Availability is described in Appendix B (Service Availability) The Customer shall always inform the Hadrian without delay about any circumstances that affect or that could affect the service availability.
- Should arrangements about a service level have been made, the availability of software, systems and (related) services shall always be measured in such a way that unavailability due to preventive, corrective or adaptive maintenance service or other forms of service that Hadrian has notified the Customer of in advance and circumstances beyond Hadrian’s control are not taken into account. The availability measured by Hadrian shall count as conclusive, subject to evidence to the contrary offered by the Customer.
- Backups
- If the services provided to the Customer under this EULA include making backups of the Customer’s data, Hadrian shall make a complete backup of the Customer’s data in its possession in accordance with the periods agreed in writing or once a week if such periods have not been agreed on. Hadrian shall retain the backup for the duration of the agreed period or for the duration of Hadrian’s usual period if no further arrangements have been made in this regard. Hadrian shall retain the backup with due care.
- The Customer remains responsible for the fulfilment of all applicable statutory obligations with respect to keeping records and data retention.
- Changes and additional work
- If, at the request or after the prior consent of the Customer, Hadrian has performed activities or has delivered services that are outside the scope of the agreed activities and/or provision of services, the Customer shall pay for these activities or the provision of these services in accordance with the applicable Statement of Work at the agreed rates or, if no rates have been agreed between the parties, in accordance with Hadrian’s usual rates applicable at that time. Hadrian is not obliged to honour such a request and may require that, to that purpose, a separate agreement should be entered into in writing.
- The Customer acknowledges that changes and additional work (may) result in terms and delivery periods and/or dates and delivery dates being postponed. Any new terms and delivery periods and/or dates and delivery dates indicated by Hadrian replace the previous terms and delivery periods and/or dates and delivery dates.
- Insofar as a fixed price has been agreed for the provision of services, Hadrian shall on request inform the Customer in writing about the financial consequences of the additional work or additional provision of services as referred to in this article.
- Transfer of rights and obligations
- The Customer is not entitled to sell, transfer or pledge its rights and obligations under an agreement to a third party without the consent of the other supplier.
- Hadrian is entitled to sell, transfer or pledge any claims it has to payment of any sums due to a third party.
- Applicable law, jurisdiction and amicable resolution
- This EULA is governed by the laws of the Netherlands. Applicable courts are the courts of Amsterdam, the Netherlands. Parties may agree to a different governing law in the Order Form, limited to either the laws of England and Wales with the courts of London, or the law of the State of New York with courts in New York, USA, unless otherwise agreed in the Order Form. The United Nations Convention on Agreements for the International Sale of Goods (CISG) does not apply.
- Any disputes that may arise shall be first resolved by amicable resolution between the Parties. Should it not be resolved within 1 month, Parties shall escalate it senior management. If senior management is not able to solve the dispute within 1 month, Parties may start regular court proceedings in the applicable jurisdiction as agreed in this EULA or the Order Form.
- Final provisions
- Any amendment to this EULA will be valid only if agreed in writing and signed by Hadrian’s and the Customer’s authorised representatives.
- If any of the provisions in this EULA are void, the remainder of this EULA will remain in full force and effect. The Parties will consult about the void provisions so as to agree on an alternative arrangement approximating the content of the void provisions as closely as possible.
- Provisions anywhere in this EULA regarding payment, warranties, indemnifications, limitations of liability and confidentiality will survive the expiration or termination of this EULA.
- The applicability of the Customer’s or any third party’s purchase or other terms and conditions is explicitly excluded.
APPENDIX A – SUBSCRIPTION SERVICE DESCRIPTION
The Hadrian subscription includes the following services:
- License to access and use the Hadrian Platform
- Asset discovery
- Contextualization
- Monitoring
- Testing and Pen testing
- Interpretation
- Intelligent risk assessment
Hadrian maps Customer’s digital infrastructure and provides security insights. Hadrian’s Services combines attack surface management, autonomous hacking and risk prioritisation to mimic how a cybercriminal would approach your organisation. Hadrian’s user-friendly risk reporting platform allows Customer’s security teams to easily prioritise actions and integrate insights into existing workflows.
In more detail, the following service description applies to Customer:
Onboarding
Hadrian’s onboarding process is agentless and requires no prior access. Hadrian will collect user login information from the Customer, provide login credentials for Customer’s Authorized Users, and collect and input the initial domain names for the discovery process. All scanning will be done from Hadrian without need from the Customer to interact. Results will be available on the Hadrian portal.
Service Functionality
1. Attack Surface Management
Hadrian uses proprietary passive data sources and active algorithms to find your organisation’s digital assets. Hadrian continues to scan on an ongoing basis to ensure the mapping is up to date, providing insights vital for any security team. Customer systems do not need to explicitly allow the Hadrian scanners to discover and scan the Internet-facing assets. The Customer must provide a full list of domain names that are in-scope for scanning.
2. Autonomous Hacking
Hadrian’s automated approach to hacking uses an agentless and proactive event-based framework. Hadrian continuously deploys thousands of tests to find weaknesses, vulnerabilities and exposures as soon as they arise. When Hadrian detects a change in your attack surface, it autonomously performs relevant scans again to verify that no new weaknesses have opened up in the environment. Our unique intrusiveness reduction makes it so that we can work on any customer, regardless of the size of the attack surface.
Service Features
1. Cloud-based Infrastructure
The Hadrian infrastructure is fully cloud-hosted and built with the latest cloud technologies to facilitate high performance, high availability and scalability.
2. Cutting-Edge Understanding of Attacker Strategies
Hadrian’s expert hackers are up to date on the latest and most unconventional attack strategies. When new attack methods are identified Hadrian quickly adds new functionality to the platform to test for vulnerabilities to the most sophisticated attack strategies.
3. User System Requirements
Hadrian is accessible via the Customer portal. To access the portal the Chrome web browser on desktop is recommended. Accessing the portal via mobile is also possible.
4. Data Storage Location
All Customer data is stored within the European Union in cloud providers.
5. Customer Success
Hadrian will provide a Customer Success person to ensure all questions around configuration and findings are answered and to provide updates to the service as they are developed. Customer Success with interface with the Hadrian hacker team and may bring them into the conversation when necessary.
6. Development
Hadrian improves its technology continuously through research and development. The Subscription Service Description will be updated on our website when new functionality is added.
APPENDIX B – SERVICE AVAILABILITY
Hosting Availability
StandardAvailability≥ 99.00%Backup procedureContinous backup tapeDowntime due to backupNone
Definitions
“Availability” means that the dashboard of the Hadrian Platform be accessed and used by Customer, excluding any Permitted Unavailability.
“Permitted Unavailability” includes Planned Outages and any unavailability due to causes beyond the reasonable control of Hadrian, including, without limitation: any software, hardware, or telecommunication failures; interruption or failure of telecommunication or digital transmission links; internet slow-downs or failures; failures or default of third party software, vendors, or products; and unavailability resulting from the actions or inactions of Customer or a failure of Customer’s communications link or systems.
“Planned Outages” means the period of time during which Hadrian conducts standard systems maintenance. Hadrian shall use commercially reasonable efforts to schedule Planned Outages during non-peak hours.
APPENDIX C – HADRIAN’S HOSTED SOFTWARE INFORMATION SECURITY FRAMEWORK
APPENDIX C – Hadrian Hosted Software
Information Security Framework
This Appendix C is part of the End User License Agreement and summarizes Hadrian’s information security policies and procedures for the solutions when hosted by Hadrian (Hadrian Platform). Hadrian reserves the right to modify its policies and procedures from time to time, provided Hadrian will not modify the specific security framework processes, procedures or mechanisms in a manner that would materially diminish the protections for customer data and the Hadrian Platform from that set forth herein.
Hadrian Platform are currently hosted in data centers of Scaleway in the Netherlands and France. The data center location default is set to European Union. Hadrian reserves the right to change its hosting locations and/or data center service providers from time to time in its sole discretion.
1. Information Security Management System
- Hadrian has implemented an Information Security Management System (ISMS).
- The ISMS encompasses a variety of processes, procedures, and policies for managing information and technology assets intended to protect Hadrian Platform as well as underlying and supporting applications and data.
2. Human Resources
- Security Awareness Training – Hadrian has a mandatory information security awareness training program for its employees. Additional trainings are provided throughout the year.
3. Hadrian Credentials
- Provisioning – All Hadrian resource user credentials used in conjunction with the infrastructure, operating systems, or databases supporting the Hadrian Platform are provisioned using an identity management system that requires applicable management approval for access and privilege changes.
- Termination – All such credentials are disabled within 24 hours of an employee’s termination date.
- Quarterly Review – All such credentials are reviewed quarterly by Hadrian for appropriate role assignment, appropriate privilege level, and necessity.
- Privilege Revocation – Hadrian revokes unnecessary privileges if an employee shifts role and no longer needs the prior level of privilege. When an employee shifts to a role that does not require any access to such infrastructure assets, systems or databases, the credential for such access will be revoked.
- Passwords – Hadrian implements a minimum standard password policy for access to systems and databases which includes multifactor authentication (MFA), complexity, age and change settings.
- Management of customers credentials. Management of customers credentials in the application is a delegated responsibility to the customer.
4. Separation of Hadrian Environments
- Separate Environments – Hadrian’s multi tenant environment maintains separate environments as described below in this Section.
- Corporate – Hadrian maintains a corporate environment supporting general employee and internal business activities. This environment is separated from the below listed environments that support Hadrian Platform.
- Product Management & Development – Hadrian maintains IT systems to support all the product management and software development lifecycle work. These environments are separated from the other environments maintained by Hadrian and described in this section. This environment does not contain customer data.
- Staging – Hadrian maintains separate staging environment for customer specific project work, such as implementation and configuration phases, prior to transition to the production environment.
- Production – Hadrian maintains a production environment with the latest version of the Hadrian Platform intended for customer data.
4. Role Separation
- Defined Duties and Responsibilities – Hadrian defines the roles and responsibilities for its employees who support infrastructure and services for the Hadrian Platform and the underlying and supporting application and data. Each such person/function are given the amount of privilege necessary in order for such person/function to fulfill the duties of the role he or she is currently assigned, as follows:
- Support – Hadrian support personnel may access the customer project or production environments in response to a support requests made by customer.
- Engineering – Hadrian engineering personnel work on product management & development environments separate from the production environments for Hadrian Platform. The engineering staff does not have access to the production environments for Hadrian Platform nor customer project environments.
- Cloud Operations – Hadrian’s Infra Team support all cloud infrastructure including the production environments. Access to environments supporting customer instances is restricted.
- Professional Services – Hadrian professional services personnel has access to customer project environments.
5. Physical Hosted Environment
- Qualified data center – Hadrian hosts Hadrian Platform in the Scaleway Datacenters in France. Scaleway has committed to operating their data centers in alignment with the Tier III guidelines and provides assurance via ISO 27001 and 50001, HDS 1, and APSAD certifications, which include the following control measures:
- Physical access to server locations is approved by an authorized individual.
- Physical access is revoked within 24 hours of the employee or vendor record being deactivated.
- Physical access to server locations is reviewed on a quarterly basis by appropriate personnel.
- Physical access points to server locations are recorded by closed circuit camera (CCTV). Images are retained for 90 days, unless limited by legal or contractual obligations.
- Physical access points to server locations are managed by electronic access control devices.
- Electronic intrusion detection systems are installed within data server locations to monitor, detect, and automatically alert appropriate personnel of security incidents.
- Scaleway-operated data centers are protected by fire detection and suppression systems.
- Scaleway-operated data centers are air conditioned to maintain appropriate atmospheric conditions. Personnel and systems monitor and control air temperature and humidity at appropriate levels.
- Scaleway datacenter is located 26 meters underground in a former nuclear fallout shelter.
- Scaleway-operated data centers have generators to provide backup power in case of electrical failure.
- Qualified data center – Hadrian hosts Hadrian Platform in the Scaleway Datacenters in France. Scaleway has committed to operating their data centers in alignment with the Tier III guidelines and provides assurance via ISO 27001 and 50001, HDS 1, and APSAD certifications, which include the following control measures:
6. Data Protection
- Data Encryption
- By default, customer data is encrypted in transit.
- By default, customer data at rest in back-ups is encrypted.
- Backup – customer data is backed-up weekly.
- Retention – customer data not deleted by customer is retained in the Hadrian Platform throughout the term of hosting. Data that is deleted by customer is retained according to Hadrian’s backup retention policy. Weekly backups are retained for 30 consecutive days in the cloud.
7. Disaster recovery
- Disaster recovery – Hadrian has infrastructure as code deployed in the Scaleway cloud. If a Scaleway cloud is down, procedures are in place to restore the impacted servers. Restoration will take approximately 1-2 days.
- Performance Monitoring – Hadrian maintains automated performance monitoring of all Hadrian computing systems supporting Hadrian. The monitoring system is intended to automatically take corrective measures and generate alerts when monitoring thresholds have been exceeded. Hadrian tracks application uptime, service disruptions, and implementation of any remediation.
- Performance Testing – Hadrian maintains a formal performance and scalability testing process. All major code changes undergo formal performance testing before being released to production environments.
- Capacity Planning – Hadrian uses Kubernetes for automated scaling in the cloud and plans resources on demand based on customer requirements.
8. Operations Management
- Release Management – Hadrian maintains a release management process for the Hadrian Platform. This process is intended to ensure code is tested in a controlled environment using a set of planned and maintained test cases.
- Change Management – Hadrian maintains a change management process.
- Incident Management – Hadrian, with its applicable hosting service providers, maintains an incident management process. The incident management process is intended to facilitate the resolution of, provide for a root cause analysis for, and ensure remediation steps are completed for any service disruption to the Hadrian Platform.
- Security Management – Hadrian, with its applicable hosting service providers, maintains a security incident management process. This process defines steps for minimizing loss of data, vulnerability identification, vulnerability remediation, and notification guidelines.
- Key Performance Indicators – Hadrian tracks application uptime, service disruptions, and implementation of any remediation.
9. Additional Security Measures
- Antivirus and Malware – Hadrian uses antivirus and malware protection software designed to protect computing equipment hosting the Hadrian Platform.
- Network Intrusion Detection System (IDS) – Hadrian maintains Network Intrusion Detection Systems designed to provide certain protections for all Hadrian IT computing environments, including those of the Hadrian Platform.
- Vulnerability Scans – Hadrian conducts, at a minimum, quarterly vulnerability scans. The results are not made available to customers for security reasons.
- Security and Event Log Management – Hadrian maintains the following security and event logs for all computing equipment for a minimum of 6 months:
- Security Logs on Platform – Allows platform login events to be tracked.
- Event Logs on Routers, Switches, and Firewalls - Allows configured system events such as memory utilization, CPU utilization, rule utilization, network errors, packet loss, and other messages designed to provide administrators with information regarding the health and performance of the device to be monitored.
- Event Logs on Servers – Allows configured system events such as application errors, application events, service start and stop events, and other messages designed to provide administrators with information regarding the health and functionality of the server and the applications hosted on the server.