Service Level Agreement

Security Monitoring Service Description and Service Level Agreements

This Service Description and Service Level Agreement (“Service Description”) describes the Service (as defined below) being provided to you (“Customer” or “you”) by ThreatDefence identified in the Statement of Work (“Statement of Work”) executed by Customer and ThreatDefence the purchase of this Service.

This Service is provided in connection with Customer’s signed Statement of Work and master services agreement that explicitly authorises the sale of managed security and consulting services. In the absence of either a master services agreement or security services schedule, the Services performed under this Service Description are governed by and subject to the terms and conditions of ThreatDefence Master Services Agreement, which is incorporated by reference in its entirety herein (the “MSA”).

1. Service Overview ThreatDefence’s Security Monitoring service (the “Service”) consists of ThreatDefence’s monitoring of the contracted Customer-owned security device(s) (“Devices”) as specified on the Statement of Work and provides Customer with real-time, security event analysis and response across Customer’s security and critical infrastructure 24 hours a day, 7 days a week, 365 days a year. This Service includes ThreatDefence’s SIEM/SecOps Platform, as well as 24x7 team of security analysts to provide ongoing threat detection and incident response.

2. Service Components

3. Service Level Agreement (Cloud Products)

3.1 Service Level Commitment. During the Subscription Term for which ThreatDefence has agreed to provide a relevant subscription to you, we will use commercially reasonable efforts to provide a Monthly Uptime Percentage to you in accordance with the table below (“Service Level Commitment”):

3.2 Service Level Credit (Cloud Products). If ThreatDefence fails to achieve the above Service Level Commitment for a ThreatDefence Cloud Service, Customer may claim a credit for such ThreatDefence Cloud Service as provided below, up to a maximum credit per calendar quarter equal to one month's ThreatDefence Cloud Service subscription fees.

4. Service Level Agreement (Security Operations Services)

4.1 Security Operations. Security Operations Services include Security Event Monitoring and Analysis, 24x7 SOC Access, 24x7 Incident Response, Device Management and Health Monitoring (ThreatDefence-managed systems), and other Security Services as defined in the Statement of Work.

4.2 Security Event Monitoring. Security event data is sent to ThreatDefence Cloud Products. The security event data is parsed, normalized, correlated, and prioritised. All security events are categorised based on severity level. When a Critical Event is detected, initial correlation, de-duplication, and false positive reduction is performed. If the security event is confirmed as a critical event, a ticket is automatically generated. ThreatDefence contacts Customer within the time specified in the relevant Service Level Agreement. ThreatDefence also performs additional analysis to determine whether the security event is a false positive.

ThreatDefence provides Customer with a description of the security event and any contextual information. In-depth analysis, incident response and digital forensics are provided, as agreed in a signed statement of work.

4.3 Incident Response. Our Incident Response services guarantee the availability of our Digital Forensics and Incident Response team, minimize the duration and impact of a cybersecurity breach, and eliminate costly delays with a pre-arranged contract with guaranteed SLAs.

- A team of security experts available 24x7 - Incident Readiness Assessment and recommendations - All our experts know your environment and can respond quickly - Guaranteed SLA for response time - Continuous round-the-clock support during the incident respons.

4.4 Service Level Commitment. Customer shall receive a response (according to the escalation procedures defined between Customer and ThreatDefence) to security incidents within thirty (30) minutes of the determination by ThreatDefence that given malicious activity constitutes a security incident. A “security incident” is defined as an incident ticket that comprises an event or group of events that is deemed high severity by the SOC. Automatically created incident tickets (via correlation technology) and event(s) deemed low severity will not be escalated, but will be available for reporting through the cloud platform.

The following table outlines the service level targets for call acknowledgement, initial response, and resolution based on the priority classification of each incident or service request: