Grant of License. Subject to compliance with the terms and conditions of this License Agreement, Licensor hereby grants to Licensee, and Licensee accepts from Licensor, a limited, non-exclusive, non-transferable, and non-assignable right and license (the “License”): (1) for the benefit of the Cloud vendor risk and assurance – the Cloud Service Provider’s (“CSP”) HITRUST CSF® compliance with the predefined set of control requirement-level distribution of shared control responsibilities needed when (a) evaluating cloud vendor risk, and (b) agreement to security/privacy control-related service contracting terms; (2) for the benefit of the HITRUST MyCSF® assessment inheritance readiness, to be used as a blueprint/guide to prepare for leveraging the HITRUST MyCSF external inheritance relative to the scope of CSP service offerings included in the scope of the customer/tenant’s HITRUST CSF assessment; and (3) for the benefit of a tenant of a CSP, in order to show compliance with regulations other than HITRUST, such as GDPR.
Delivery of Matrix. During the term of this License Agreement, HITRUST shall make the Matrix available to Licensee for delivery by the Internet from the server(s) on which the Matrix is hosted. HITRUST is not responsible for ensuring the Licensee’s computer and systems are compatible with the Matrix or that Licensee is able to access the Matrix. HITRUST makes no representation or warranty to Licensee.
HITRUST Cloud Service Provider Matrix – Public Ownership. All title and intellectual property rights and interest in and to the Matrix, including but not limited to any text, images, photographs, animations, video, and audio incorporated into it, and any copies of any of the foregoing that a Licensee is expressly permitted to make herein, are and continue to be solely owned by HITRUST or its suppliers. The Matrix includes valuable, proprietary, and confidential information, compilations, methods, techniques, procedures, and processes not generally known, which can only be obtained from HITRUST. HITRUST has implemented reasonable protections for the Matrix, including but not limited to the terms of this License Agreement, to prevent unauthorized disclosure or use. Licensee acknowledges and affirms HITRUST’s ownership and exclusive right, title, and interest in the Matrix and all of its component parts. Licensee agrees that neither it nor any Affiliate or Authorized User (see Licensee and Authorized Access) will attack or impair, directly or indirectly, any of HITRUST’s rights in the Matrix or any portion thereof, or any of HITRUST’s prior or subsequent registrations or applications for registration of any mark, copyright, or patent arising out of or relating to any portion of the Matrix.
Updates. Licensor may, in its sole discretion, update and/or supplement (“Update” or “Updates”) the Matrix, in which case such Updates shall be deemed to be included in the Matrix and governed by this License Agreement as such, unless HITRUST expressly notifies the Licensee that any such Update or Updates are provided under other licensing terms.
Prohibited Activities and Uses of HITRUST Shared Responsibility Matrix – Public. Any use of the Matrix not expressly permitted by this License Agreement is strictly prohibited. In particular, and without limitation, the Licensee shall NOT do any of the following:
- Provide or otherwise allow the disclosure of an electronic or paper copy, in whole or part, of the Matrix or any data contained therein that is not owned by Licensee, to any individual or entity that is not a duly authorized Licensee or Authorized User;
- Use the Matrix, in whole or part, to provide analyses, assessments, services, or products of any kind to any other person or entity, except an Affiliate; or
- Create any Derivative Work, based in whole or part on any portion of the Matrix, without Licensor’s express prior written consent. “Derivative Work” as used herein shall mean any service, software program, or other work, and copies thereof, which are developed by Licensee or its Affiliates, and which are based on or incorporate any part of the Matrix, including without limitation any modification, enhancement, translation, compilation, expansion, or any other form in which the Matrix may be recast or adapted, and that, if prepared without HITRUST’s authorization, would constitute an infringement or violation of any of HITRUST’s rights.
These prohibitions shall not apply to any information, compilation, method, technique, procedure, or process included in the Matrix that (a) is or has become public knowledge, by publication or other public disclosure, through no action or omission of the Licensee under this License Agreement; (b) was verifiably known to the Licensee prior to the date of entry into this License Agreement; (c) was independently developed by the Licensee without use of the Matrix; or (d) was lawfully obtained by the Licensee from a third party who was in lawful possession of it and had the right to provide it to Licensee.
Licensee and Authorized Access. The signatory of this License Agreement (“Licensee”) understands that this is a limited license, with restrictions as to use of the Matrix and any and all of the content in the Matrix. The Licensee may sign on behalf of the organization that he/she works for (“Organization”). The Licensee may authorize unlimited individual users at the Organization, provided that each user understands the terms of the limited license. The Licensee shall maintain a list of all current and past Authorized Users at all times, and promptly make it available to HITRUST upon request. Authorized Users may include both employees of the Licensee or its Affiliates and their non-employed agents, provided that all Authorized Users shall be subject to this License Agreement and provide prior written acceptance of its terms. Licensee shall not permit disclosure of an electronic or paper copy, in whole or part, of the Matrix, to any other person or entity. Upon termination of an Authorized User under this License Agreement for any reason, the Licensee shall (a) revoke the individual’s access to the Matrix, (b) remove any such electronic files from the Authorized User’s individual’s possession and from all computers, systems, and devices to which the individual has access, and (c) remove any paper copies of the Matrix from the Authorized User’s possession.
No Interference with Intellectual Property Protections. Under no circumstances shall any Licensee or other entity or individual subject to this License Agreement disable any digital rights protections or remove, modify, interfere with, or obscure any copyright, trademark, or other proprietary rights and notices that apply to, appear on, or are included in the Matrix.
Compliance. Upon Licensor’s request, an officer of the Licensee shall promptly certify in writing to Licensor that the Licensee and all Affiliates are in full compliance with the terms and conditions of this License Agreement.
Defense of Infringement and Misappropriation Claims.
Notice and Cure. In the event that HITRUST receives notice that the Matrix, or any component of the Matrix, may infringe any copyright, trademark, or patent, or constitute a misappropriation of a trade secret, HITRUST may, at its sole discretion:
- Procure for the Licensee the right to continue using the potentially or allegedly infringing or misappropriated component, and/or
- Make an attempt to modify the Matrix to provide for substitute materially equivalent functioning or a materially functional equivalent that does not infringe and/or is not misappropriated. In this case, the Licensee shall immediately stop using the allegedly infringing or misappropriated component and shall cooperate with HITRUST in implementing use of the functional substitute.
Limited Defense. HITRUST will defend the Licensee against any claims by an unaffiliated third party that any component of the Matrix infringes any copyright, trademark, or patent, or misappropriates any trade secret including but not limited to an action for injunctive relief based on such a claim on the condition precedent that the Licensee gives HITRUST prompt written notice of such claim, gives HITRUST sole control over its defense or settlement (except that HITRUST may not settle any such claim against Licensee unless it unconditionally releases Licensee of all liability), and provides HITRUST with reasonable assistance and cooperation in such defense. Defense to any other claims shall not be provided, and issues relating to defense coverage shall be resolved in the sole and absolute discretion of HITRUST.
Limitation of Duty to Defend. HITRUST shall have no obligation to defend the Licensee against any claim:
- That relates to an allegedly infringing use, or use of misappropriated intellectual property, after HITRUST has notified the Licensee of a substitute as provided above;
- That relates to any use or disclosure of any portion of the Matrix, in whole or in part, in breach of any term of this License Agreement; or
- For any trade secret claim that arises from the Licensee acquiring the trade secret through improper means, under conditions giving rise to a duty to maintain its secrecy or limit its use, or from a person other than Licensee who owed the party asserting the claim a duty to maintain the secrecy or limit the use of the trade secret.
Exclusive Remedy. The rights and remedies stated in this section, state Licensor’s entire liability, and the sole and exclusive remedy of Licensee and its Affiliates with respect to any claim of infringement or misappropriation of the intellectual property rights of any third party, whether arising under statutory or common law or otherwise.
DISCLAIMER OF WARRANTIES; ASSUMPTION OF RISK.
- Disclaimer of Warranties. THE HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC IS DEEMED ACCEPTED BY THE LICENSEE AS OF THE DATE LICENSEE OR ANY OF LICENSEE’S AFFILIATES OR AUTHORIZED USERS FIRST ACCESSES ANY PORTION OF THE MATRIX. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, HITRUST AND ITS SUPPLIERS PROVIDE THE HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC “AS IS,” “WHERE IS” AND WITH ALL FAULTS, AND HITRUST AND ITS SUPPLIERS HEREBY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES, DUTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, QUIET POSSESSION, SECURITY, CONFORMITY TO DESCRIPTION, NON-INFRINGEMENT, RELIABILITY, ACCURACY OR COMPLETENESS, AND RESULTS ALL WITH REGARD TO THE HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC OR OTHERWISE ARISING OUT OF THE USE OF THE HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC THE ENTIRE RISK AS TO THE QUALITY OR ARISING OUT OF THE USE OF THE HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC AT ALL TIMES REMAINS WITH THE LICENSEE AND ITS AFFILIATES.
- Assumption of Risk. THERE IS RISK INHERENT IN EVERY USE OF THE INTERNET AND/OR THE WORLD WIDE WEB. NO SYSTEM IS IMPERVIOUS TO ALL ATTACKS AND ATTEMPTS AT UNAUTHORIZED ENTRY AND ACCESS. BY ACCESSING THE HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC, LICENSEE EXPRESSLY ASSUMES ANY AND ALL SUCH RISKS. IN NO EVENT WILL LICENSOR BE RESPONSIBLE OR LIABLE FOR ANY ERROR, OMISSION, INTERRUPTION, DELETION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, THEFT OR DESTRUCTION, OR UNAUTHORIZED ACCESS OF THE HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC, OR ANY INJURY OR DAMAGE TO ANY PROPERTY ARISING FROM LICENSEE OR ANY AFFILIATE OR AUTHORIZED USER’S ACCESS OF THE HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC.
EXCLUSION OF INCIDENTAL, CONSEQUENTIAL, EXEMPLARY AND CERTAIN OTHER DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL HITRUST OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER DATA OR INFORMATION, BUSINESS INTERRUPTION, PERSONAL INJURY, LOSS OF PRIVACY, FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, NEGLIGENCE, AND ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF, OR IN ANY WAY RELATED TO, THE USE OF OR INABILITY TO USE THE HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC, THE PROVISION OF OR FAILURE TO PROVIDE THE HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS LICENSE AGREEMENT, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF HITRUST OR ANY SUPPLIER AND EVEN IF HITRUST OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
LIMITATION OF LIABILITY AND REMEDIES. NOTWITHSTANDING ANY DAMAGES THAT THE LICENSEE OR ANY AFFILIATE MIGHT INCUR FOR ANY REASON WHATSOEVER (INCLUDING, WITHOUT LIMITATION, ALL DAMAGES REFERENCED HEREIN AND ALL DIRECT OR GENERAL DAMAGES IN CONTRACT OR ANYTHING ELSE), TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, HITRUST SHALL HAVE NO LIABILITY TO LICENSEE AND/OR ITS AFFILIATES ARISING OUT OF THIS LICENSE AGREEMENT. THE FOREGOING LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE.
Indemnification. The Licensee hereby agrees to defend, indemnify, and hold harmless HITRUST, its officers, directors, shareholders, employees, and agents at the Licensee’s own expense from and against any and all suits, claims, actions, causes of action, liabilities, obligations, losses, costs, penalties, and damages of whatsoever kind in nature, including reasonable attorney’s fees and costs, arising out of or in connection with or incident to the use by the Licensee or any Affiliate of the HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC or any portion thereof, or any breach of this License Agreement by the Licensee or any Affiliate.
Injunctive Remedies for License Violations. The Licensee hereby acknowledges that any violation of this License Agreement by the Licensee and/or an Affiliate will cause irreparable injury to HITRUST, and, as a result, in addition to and without limiting any other rights and remedies available to HITRUST, HITRUST shall be entitled to seek any injunctive relief or other rights or remedies to which HITRUST is or may be entitled to under law to prevent or mitigate the effects of such violation. This expressly includes but is not limited to any breach by Licensee of the Prohibited Activities and Uses of the HITRUST SHARED RESPONSIBILITY MATRIX – PUBLIC provided in the section above entitled the same.
Termination of License. Licensee agrees that HITRUST may terminate this License Agreement, the License granted herein, and/or any access to or use of the Matrix by Licensee at any time. It is agreed that upon such termination, HITRUST shall owe Licensee no further obligation or liability of any kind or nature arising out of this Agreement, except as set forth herein. Notwithstanding anything to the contrary contained herein, the relevant paragraphs shall survive the termination of this License Agreement.
Governing Law; Venue. This License Agreement shall be governed by and construed in accordance with the laws of the State of Texas. The exclusive forum for any dispute regarding this License Agreement shall be the state or federal courts located in Collin County, Texas and the Licensee hereby waives any argument that such is an inconvenient forum, or that venue is improper in such forum.
Legal Fees and Costs. In the event of legal proceedings arising from or pertaining to this License Agreement or the License, the prevailing party shall be awarded its reasonable attorney’s fees and costs of litigation, including on appeal or in bankruptcy proceedings.
Export Compliance. The information that HITRUST makes available under this License Agreement, and any derivatives thereof, may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that neither it nor any of its owners, directors, or officers is named on any U.S. government denied-party list. You shall not permit Users to access or use any Service or Content in a U.S.-embargoed country or in violation of any U.S. export law or regulation.
Consent to Collection of Information. As part of this License Agreement, HITRUST will be collecting certain personal and/or identifying information from the Licensee, including the name and contact information, including the email address of the Licensee’s representative. Licensee’s representative, by checking the applicable box below, consents to HITRUST collecting this information and acknowledges that the processing of this information is necessary for HITRUST to administer this License Agreement. Licensee hereby warrants that it will obtain proper consent to collect and potentially share with HITRUST information on any Authorized Users as appropriate prior to providing such User access to the Matrix.
Entire Agreement. This License Agreement contains the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior written or oral agreements with respect thereto.
No Assignment. Licensee may not assign or transfer any of its rights or obligations under this Agreement without the prior written consent of Licensor, which may be withheld in Licensor’s sole and absolute discretion.