Legacy Body

Imprivata Managed Services Agreement

 

IMPORTANT-READ CAREFULLY: Prior to acknowledging your acceptance, be sure to carefully read and understand all of the rights and restrictions described in this Imprivata Managed Services Agreement (this “Agreement”).  This Agreement is a legal agreement between you (“Customer” or “you” or “your”) and Imprivata, Inc. (“Imprivata”) for the Services described herein. By purchasing the Services, you (either you as an individual or, if the Services will be used by an entity, on behalf of that entity) represent and agree that you have the capacity and authority to bind yourself or, if applicable, the applicable entity, to the terms of this Agreement and agree to be bound by the terms of this Agreement. If you do not agree to the terms of this Agreement, you may not utilize the Services. Any terms and conditions in a purchase order (or in any similar document) which are in addition to, or conflict or are inconsistent with these terms are hereby rejected and superseded by the terms contained herein.

R E C I T A L S

WHEREAS, Imprivata and Customer are parties to that certain Imprivata End User License Agreement (the “EULA”); 

WHEREAS, Imprivata will be providing certain managed services (the “Services”) for Imprivata Software licensed to Customer pursuant to the EULA by means of Imprivata professional services staff, engineers, project managers, and other specialists (“Administrator(s)”) as applicable and further described herein; 

WHEREAS, Administrators may be required to access certain portions of Customer’s computer network for the purpose of providing such Services; and

WHEREAS, this Agreement shall set forth the obligations of both parties in regard to the provisions of the Services and access to Customer’s network.

NOW, THEREFORE, in consideration of the agreements, covenants, terms and conditions herein contained and other consideration, the sufficiency of which is hereby acknowledged, the parties hereby agree as follows:

A. Services. Imprivata offers three (3) Services packages: (i) Technical Architecture Management Services; (ii) Remote Administration Management Services; and (iii) Resident Engineering Services. Imprivata will provide Customer the applicable Services purchased by you (as indicated on the Imprivata Quote or its equivalent if purchasing through an authorized reseller) as further described below.

1.  Technical Architecture Management Services Package.

a. Imprivata Customer Support Escalation Management.


i. Create support cases on behalf of Customer and follow up with status reports on each case as needed, on a weekly basis

ii. Automatically escalate issues based on agreed upon thresholds regarding case status, priority, age, etc.

iii. Summarize status, outcomes, and next steps following escalations

iv. Act as the central point of contact and owner of escalations


b. Guidance During Product Upgrades.


i. Create a project plan for pre-upgrade testing and production cutover

ii. Respond to calls from Customer for assistance during business hours or as agreed upon during a three-hour on-call availability period during off-hours during critical production cutover events


c. Change Management for System Architecture.


i. Continuously monitor change requests

ii. Participate in change management meetings, highlight potential risks to Imprivata functionality, and recommend changes

iii. Ensure long-term adherence to reference architecture best practices

iv.  Join Customer teams tasked with resolving issues resulting from environmental changes

v. Collaborate with Customer in strategic or tactical planning efforts

d. Onsite or remote technical design & planning/solution optimization sessions.

i. Facilitate twice annual technical checkup

ii. Develop strategies to drive environmental or architectural optimization and document any relevant decisions, identified risks, key assumptions, and timeline estimates

iii. Provide direct support for testing and troubleshooting

iv. Document technical findings and recommendations

e. Architectural relationship management.

i. Schedule and run checkpoint calls with Customer’s technical teams (includes preparation and completion of action items needed)

ii. Serve as Customer’s central point of contact for supportability review

f. Communications.

i. Customer is responsible for attending the following meetings:

a. No less frequently than quarterly, hold strategic (steering) stakeholder meetings with Customer sponsor(s) at director-level or above with the authority to approve strategic priorities and resource commitments

b. No less frequently than bi-monthly (every two weeks), hold operational- or project-level stakeholder meetings with Customer application subject-matter experts, system administrators, and IT staff impacted by Imprivata solutions

2. Remote Administration Management Services Package.

a. Direct administration of Imprivata system.

i. Monitor performance, health, and stability metrics. Implement preventative and/or corrective configuration changes as needed

ii. Alert Customer to any changes needed and facilitate any actions or support needed from Customer

iii. Implement configuration changes and expansions to address Customer’s evolving needs

b. Imprivata system upgrade, migration, and application profiling projects.

i. Create a project plan for pre-upgrade testing and production cutover

ii. Respond to calls from Customer for assistance during business hours or as agreed upon during a three-hour on-call availability period during off-hours during critical production cutover events

iii. Identify and communicate the need for version upgrades. Plan, manage, and complete configuration, testing, and implementation tasks

iv. Identify and communicate the need for appliance migrations. Plan, manage, and complete migration tasks as required

v. Identify and communicate the need for new application profiles or updates to existing profiles. Plan, manage, and complete profiling, testing, and other deployment tasks

vi. Install and configure proof of concept (POC) environments to allow testing of requested features and enhancements

vii. Respond to errors/issues that require fixes and own communication and issue management. Plan, manage, and complete configuration, testing, and implementation tasks

viii. Respond to environmental, application, and integration issues requiring a new Imprivata appliance. Own communication and issue management. Plan, manage, and complete migration tasks

ix. Respond to the need to update existing profiles and the need for enablement of new applications. Own communication and issue management, and plan, manage, and complete profiling, testing, and deployment tasks

c. Customer help desk escalation handling.

i. Train Customer help desk staff to optimize front-line user and Customer support service level agreements (SLAs) on Imprivata-related cases

ii. Receive end user issues escalated through Customer’s help desk for troubleshooting, determining root cause, and reaching a resolution

d. Change management: Imprivata system configuration.

i. Collaborate with Customer in strategic or tactical planning efforts

ii. Join Customer teams tasked with resolving issues resulting from environmental changes

iii. Interpret architecture, system, and workflow changes for configuration, testing, and implementation tasks

iv. Own the hands-on configuration and testing tasks within the Imprivata system. Assist and support integration testing

v. Ensure long-term adherence to reference architecture best practices

vi. Respond to an unanticipated need for changes and help actively remediate impacts to the Imprivata solution caused by changes to architectural components integrated with the Imprivata system

e. Onsite or remote technical design & planning/solution optimization sessions.

i. Facilitate twice-annual technical check-up, document findings and recommendations, own strategic planning to achieve Customer support, adoption, and expansion goals, and document sequence of technical steps and effort required

ii. Develop strategies to drive environmental or architectural optimization and document any relevant decisions, identified risks, key assumptions, and timeline estimates

iii. Provides direct ad hoc test support, troubleshooting, and emergency management

iv. Clinical workflow discovery, analysis & design - Facilitate via interviews an inventory and analysis of existing workflow needs and issues, priorities, and impact of making changes; documentation of findings and recommendations

v. Provide onsite clinical workflow observation and analysis in response to user experience or workflow issues/errors; end user satisfaction/remediation; combine clinical findings with technical findings and document recommendations

f. Application & Architectural relationship management.

i. Schedule and run checkpoint calls with application and architectural teams with interdependencies between the Imprivata enterprise and other systems or infrastructures including preparation and completion of action items and follow-ups needed

ii. Serve as the Customer stakeholders’ central point of contact for system/application needs and supportability review

g. Imprivata Customer Support Escalation management.

i. Create support cases on behalf of the Customer and follow up with status reports on each case as needed, on a weekly basis

ii. Automatically escalate issues based on agreed upon thresholds regarding case status, priority, age, etc. Summarize status, outcomes, and next steps following escalations

iii. Act as the central point of contact and owner of escalations

h. Communications.

i. Customer is responsible for attending the following meetings:

a. No less frequently than quarterly, hold strategic (steering) stakeholder meetings with Customer sponsor(s) at director-level or above with the authority to approve strategic priorities and resource commitments

b. No less frequently than bi-monthly (every two weeks), hold operational- or project-level stakeholder meetings with Customer application subject-matter experts, system administrators, and IT staff impacted by Imprivata solutions

i. Case Priority Classification.

i. Administrators will be responsible for determining the case priority of the issue according to the case priority definitions set forth in the table below. The Administrator shall notify the Customer of the assigned case priority classification. Based on the priority level, the Customer’s responsibilities are also set forth below.

Priority Definition & Customer Responsibilities
Priority 1 – Critical production system down

An Imprivata production system is down. Major functionality is not available for a broad number of users. No alternative solution or workaround is currently available. For example, an appliance does not function in a production environment and business is severely impacted. 

Customer Instructions: Contact Imprivata Customer Support directly for fastest response (Customer Support will work directly with the assigned Remote Administrator).

Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.

Priority 2 – Major impact

A major function or feature is failing. The issue severely restricts usability within a production environment. Project deployment is delayed. No alternative solution or workaround is currently available.

Customer Instructions: Contact Imprivata Remote Administration (the Remote Administrator may escalate if additional assistance is needed).

Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.

Priority 3 – General issue

A minor flaw has been detected and usability is generally unaffected, moderately affected, or impacts a small number of users. A workaround may be available.

Customer Instructions: Contact Imprivata Remote Administration.

Customer Responsibilities: Administrator will advise if coordination from Customer IT staff is required.

Priority 4 – Question or minor impact

Instructions or information are requested regarding existing product functionality.

Customer Instructions: Contact Imprivata Remote Administration.

Customer Responsibilities: Administrator will advise if coordination from Customer IT staff is required.

 

j. Service Level Response Times.

i. Initial response times are determined by the priority of the issue as set forth in the table below.  Initial Response times are calculated from when Imprivata receives the initial case submission.

 

Priority Initial Response Time
Priority 1 Customer should contact Imprivata Customer Support directly
Priority 2 Initial Administrator response within 2 business hours
Priority 3 Initial Administrator response within 1 business day
Priority 4 Initial Administrator response within 2 business days

 

k. Customer Obligations. 

i. Access to Network. Customer shall provide technical access as further set forth below for up to six (6) Administrators to Customer’s computer network. Such access shall be provided either through individual user identification and passwords or a generic user account to be shared by the Administrator staff.

ii. Customer shall provide the following technical access to Administrators utilizing its IT staff and resources:

a. Network account access

b. VPN access

c. Existing token service (for secure two-factor authentication) access or setup of ImprivataID/CIDRA, as needed

d. Dedicated endpoint or virtual desktop access from which all required systems can be accessed, and/or VDI access

e. User account and endpoint access to an approved web browser user account and endpoint access to Imprivata Admin UI

f. User account and endpoint access to Customer's ticketing/case tracking system, and integration with Imprivata Remote Admin Case Handling system, for support of the Customer’s first-line user support or help desk team. Such access shall include defined involvement in the Customer's user support case escalation process and procedures. (Administrators may serve as escalation support for the Customer’s first-line support or help desk team on Imprivata-related queries/issues; the Administrators will not have direct end user contact.)

3. Resident Engineering Services Package.

a. Direct administration of Imprivata system.

i. Monitor performance, health, and stability metrics. Implement preventative and/or corrective configuration changes as needed

ii. Alert Customer to any changes needed and facilitate any actions or support needed from Customer

iii. Implement configuration changes and expansions to address Customer’s evolving needs

b. Imprivata system upgrade, migration, and application profiling projects.

i. Create a project plan for pre-upgrade testing and production cutover

ii. Respond to calls from Customer staff for assistance during business hours or as agreed upon during a three-hour on-call availability period during off-hours during critical production cutover events

iii. Identify and communicate the need for version upgrades. Plan, manage, and complete configuration, testing, and implementation tasks

iv. Identify and communicate the need for appliance migrations. Plan, manage, and complete migration tasks as required

v. Identify and communicate the need for new application profiles or updates to existing profiles. Plan, manage, and complete profiling, testing, and other deployment tasks

vi. Install and configure proof of concept (POC) environments to allow testing of requested features and enhancements

vii. Respond to errors/issues that require fixes and owns communication and issue management. Plan, manage, and complete configuration, testing, and implementation tasks

viii. Respond to environmental, application, and integration issues requiring a new Imprivata appliance. Own communication and issue management. Plan, manage, and complete migration tasks

ix. Respond to the need to update existing profiles and the need for enablement of new applications. Own communication and issue management, and plan, manage, and complete profiling, testing, and deployment tasks

c. Customer help desk escalation handling.

i. Train Customer help desk staff to optimize front-line user and Customer support service level agreements (SLAs) on Imprivata-related cases

ii. Receive end user issues escalated through your help desk for troubleshooting, determining root cause, and reaching a resolution

d. Change management: Imprivata system configuration.

i. Collaborate with your staff in strategic or tactical planning efforts

ii. Join Customer teams tasked with resolving issues resulting from environmental changes

iii. Interpret architecture, system, and workflow changes for configuration, testing, and implementation tasks

iv. Own the hands-on configuration and testing tasks within the Imprivata system. Assist and support integration testing

v. Ensure long-term adherence to reference architecture best practices

vi. Respond to unanticipated need for changes and help actively remediate impacts to the Imprivata solution caused by changes to architectural components integrated with the Imprivata system

vii. Clinical workflow specialists evaluate planned changes for clinical end user impact and remain engaged throughout implementation of changes to ensure workflow efficiency and value is not compromised by technical changes made over time 

viii. Anticipate training needs for new clinical users of existing workflows or retraining clinical users that may not be fully leveraging existing workflows

ix. Prescriptive guidance over time to align the Customer's workflows with best practices as derived from across the Imprivata Customer base

e. Onsite or remote technical design & planning/solution optimization sessions.

i. Facilitate twice-annual technical check-up, documents findings and recommendations, own strategic planning to achieve Customer support, adoption, and expansion goals, and document sequence of technical steps and effort required

ii. Develop strategies to drive environmental or architectural optimization and document any relevant decisions, identified risks, key assumptions, and timeline estimates

iii. Provide direct ad hoc test support, troubleshooting, and emergency management.

iv. Clinical workflow discovery, analysis & design

a. Facilitate via interviews an inventory and analysis of existing workflow needs and issues, priorities, and impact of making changes
b. Document findings and recommendations

v. Provide onsite clinical workflow observation and analysis in response to user experience or workflow issues/errors; end user satisfaction/remediation; combine clinical findings with technical findings and document recommendations

f. Application & Architectural relationship management.

i. Schedule and run checkpoint calls with application & architectural teams with interdependencies between the Imprivata enterprise and other systems or infrastructure; includes preparation and completion of action items/ follow-ups needed

ii. Serve as the Customer stakeholders’ central point of contact for system/application needs and supportability review

iii. Clinical workflow specialists monitor the ongoing success of the recommended clinical workflow configurations that were recommended.

iv. Clinical workflow specialists maintain proactive regular participation in cadence calls for workflow-related issues, questions, and changes

g. Imprivata Customer Support Escalation management.

i. Create support cases on behalf of the Customer and follow up with status reports on each case as needed, on a weekly basis

ii. Automatically escalate issues based on agreed upon thresholds regarding case status, priority, age, etc. Summarize status, outcomes, and next steps following escalations

iii. Act as the central point of contact and owner of escalations

iv. Clinical workflow specialists are directly engaged in Imprivata Customer Support escalations and work to minimize clinical end user impact during troubleshooting efforts

v. Proposed resolution path and remediation options will be evaluated and planned for short- and long-term clinical end user value

h. Onsite or remote Implementation, Deployment, & Expansion Services

i. Scheduled access to the full range of Imprivata implementation and education services (subject to the Project Conditions below and quantity of days included in Customer’s Services subscription,) including:

a. Project management services
b. Configuration and validation services
c. Appliance setup, configuration, and migration
d. Application enablement and integration
e. Workstation workflow configuration
f. Self-service password reset configuration
g. Credential migration for SSO
h. Authentication devices, token, and modalities enablement
i. Connector configuration
j. VDA configuration
k. Remote access and mobile devices configuration
l. End user testing
m. Domain migration services
n. Enterprise merge services
o. Authentication hardware and manual agent installation and testing
p. End user identity proofing, enrollment, and training
q. Go-live assistance
r. Imprivata education/training courses
s. Project completion and optimization services

i. Project Conditions

i. Services are performed on a “time and materials” basis. Should any items require additional time to complete, the Customer may utilize the Statement of Work process (“SOW”) to purchase additional time.

ii. The Customer will designate a project manager (“Project Manager”) as the principal point of contact throughout the engagement. The Project Manager’s responsibilities include: scheduling and planning of the Customer’s IT resources, per the agreed to project schedule, who will engage with Imprivata’s technical team. Coordination of project meetings and requirements gathering sessions, problem and conflict resolution management, and point of contact for escalations.

iii. The scope of Services assumes that the Customer’s environment complies with current Imprivata supported components at project commencement.

iv. Prior to the testing phase, the Customer is responsible for identifying and providing to the Imprivata Implementation Engineer testing scenarios which reflect end-user workflows in the Customer’s production environment.

v. Onsite Services are performed between the hours of 8:00 AM and 5:00 PM local Customer time, excluding weekends and normally observed holidays. Services provided outside these times will be agreed-upon in writing by both parties in advance and may be subject to additional fees.

vi. Imprivata may elect to deliver some or all of the services through one of its certified partners. The certified partner will perform the services as a subcontractor to Imprivata.

vii. Unless otherwise agreed in writing, any unused services days will expire one year from the start date of the managed services subscription, at which point Imprivata will be under no obligation to perform any additional services. No credit/refund of unused service days will be provided.

viii. Customer understands that Custom Development, such as but not limited to Extension Objects (EXO), may be implemented at the request of the Customer during a project. However, Custom Development work is not covered by the Imprivata Maintenance agreement to include updates, additions, or issues remediation.

ix. All services outlined herein are inclusive of travel and expense.

x. Onsite services days cancelled or rescheduled with less than two (2) weeks advanced notice will be billed as delivered and debited from the Customer’s available balance.  Failure to provide the appropriate notice may result in cancellation fees which are: daily rate for consultant time or the usage of a purchased services day. The Customer agrees to reimburse Imprivata for these fees if the cancellation is less than the required minimum advance notice. If the Customer needs to reschedule, they must contact their Imprivata project manager as soon as possible to reduce the scope and possibility of the above fees.

xi. Deployment Specialists need to be scheduled at least 60 days in advance of planned deployment. In order to be scheduled, the physical locations, shift times and user enrollment counts must be provided to Imprivata. Once scheduled, Imprivata requires 30 days advance notice to cancel or reschedule the Deployment Specialists. Deployment Specialist will be scheduled in a minimum of two-week increments.

j. Communications.

i. Customer is responsible for attending the following meetings:

a. No less frequently than quarterly, hold strategic (steering) stakeholder meetings with Customer sponsor(s) at director-level or above with the authority to approve strategic priorities and resource commitments

b. No less frequently than bi-monthly (every two weeks), hold operational- or project-level stakeholder meetings with Customer application subject-matter experts, system administrators, and IT staff impacted by Imprivata solutions

k. Case Priority Classification.

i. Administrators will be responsible for determining the case priority of the issue according to the case priority definitions set forth in the table below. The Administrator shall notify the Customer of the assigned case priority classification. Based on the priority level, the Customer’s responsibilities are also set forth below:

Priority Definition & Customer Responsibilities
Priority 1 – Critical production system down

An Imprivata production system is down. Major functionality is not available for a broad number of users. No alternative solution or workaround is currently available. For example, an appliance does not function in a production environment and business is severely impacted.

Customer Instructions: Contact Imprivata Customer Support directly for fastest response (Customer Support will work directly with the assigned Remote Administrator).

Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.

Priority 2 – Major impact


A major function or feature is failing. The issue severely restricts usability within a production environment. Project deployment is delayed. No alternative solution or workaround is currently available. 

Customer Instructions: Contact Imprivata Remote Administration (the Remote Administrator may escalate if additional assistance is needed).

Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.

Priority 3 – General issue

A minor flaw has been detected and usability is generally unaffected, moderately affected, or impacts a small number of users. A workaround may be available.

Customer Instructions: Contact Imprivata Remote Administration.

Customer Responsibilities: Administrator will advise if coordination from Customer IT staff is required.

Priority 4 – Question or minor impact

Instructions or information are requested regarding existing product functionality.

Customer Instructions: Contact Imprivata Remote Administration.

Customer Responsibilities: Administrator will advise if coordination from Customer IT staff is required.

 

l. Service Level Response Times.

i. Initial response times are determined by the priority of the issue as set forth in the table below.  Initial Response times are calculated from when Imprivata receives the initial case submission.

Priority Initial Response Time
Priority 1 Customer should contact Imprivata Customer Support directly
Priority 2 Initial Administrator response within 2 business hours
Priority 3 Initial Administrator response within 1 business day
Priority 4 Initial Administrator response within 2 business days

 

m. Customer Obligations. 

i. Access to Network. Customer shall provide technical access as further set forth below for up to six (6) Administrators to Customer’s computer network. Such access shall be provided either through individual user identification and passwords or a generic user account to be shared by the Administrator staff.

ii. Customer shall provide the following technical access to Administrators utilizing its IT staff and resources:

a. Network account access

b. VPN access

c. Existing token service (for secure two-factor authentication) access or setup of ImprivataID/CIDRA, as needed

d. Dedicated endpoint or virtual desktop access from which all required systems can be accessed, and/or VDI access

e. User account and endpoint access to an approved web browser user account and endpoint access to Imprivata Admin UI

f. User account and endpoint access to Customer's ticketing/case tracking system, and integration with Imprivata Remote Admin Case Handling system, for support of the Customer’s first-line user support or help desk team. Such access shall include defined involvement in the Customer's user support case escalation process and procedures. (Administrators may serve as escalation support for the Customer’s first-line support or help desk team on Imprivata-related queries/issues; the Administrators will not have direct end user contact.)

B. Payment. Imprivata shall sell to you and you shall purchase from Imprivata the Services as set forth in the applicable Imprivata Quote (or its equivalent if purchasing through an authorized reseller). All purchases of the Services are non-cancellable and non-refundable except as explicitly set forth otherwise in this Agreement. Imprivata will invoice you for the total purchase price set forth on the Imprivata Quote (or its equivalent if purchasing through an authorized reseller). You will pay invoices within 30 days of each invoice date. Imprivata may withhold providing any services until past-due payments are made. Late payments are subject to a charge of the lesser of 1.5% per month or the maximum allowed by law during such time as any payment is late as well as collection costs, including reasonable collection and attorney’s fees. Prices do not include, and you shall be responsible for, all applicable taxes of any kind due in respect of the transactions contemplated by this Agreement, except taxes on Imprivata's net income.

C. Representations and Warranties.  Imprivata represents and warrants that it will provide any Services in a good and workmanlike manner consistent with industry standards. Imprivata's sole liability, and Customer’s sole and exclusive remedy, for any breach of the foregoing Services warranty, Imprivata's sole liability, and Customer’s sole and exclusive remedy shall be for Imprivata to re-perform such services, provided Customer notifies Imprivata in writing of any such breach within thirty (30) days after the performance of any nonconforming Services.

D. Imprivata Obligations. 

1. Imprivata shall use all appropriate safeguards to prevent the use or disclosure of Customer data or other information from Customer’s network, other than as permitted under this Agreement and in furtherance of the Imprivata’s obligations under the Agreement;

2. Imprivata shall promptly report any lost or stolen identification and passwords and shall insure that all terminated Administrator(s) return to Imprivata all identification and passwords prior to such Administrator(s)’ departure;

3. Imprivata shall instruct the Administrator(s) that access to Customer’s computer network shall be limited to the minimum that it is necessary to perform the services under this Agreement;

4. Imprivata will maintain the confidentiality of any user ID, password or other access control device provided by Customer to Imprivata and will not disclose such access control device to any third party, except as expressly authorized by Customer;

5. Imprivata will not attempt to access any data or systems which are not necessary for Imprivata’s authorized purposes as set forth in the Agreement or in other written instructions to Imprivata by Customer and will terminate access to such data or systems whenever Imprivata ceases to have a need to know such data or systems;

6. Imprivata will not tamper with, compromise, or attempt to circumvent or bypass any security pertaining to Customer’s systems, electronic or otherwise;

7. Imprivata will take reasonable precautions not to allow entry of any virus or any other contaminant, including, but not limited to, codes, commands, or instructions that may be used to access, alter, delete, damage or disable the data, systems or other software or property; 

8. Imprivata will not install or download any unauthorized software; 

9. Imprivata will maintain the confidentiality of any data and/or systems to which it has access and will use such data and/or systems only as expressly authorized by the Agreement or in other written instructions to Imprivata; and

10. Imprivata will notify Customer in the event Imprivata suspects that its network connection or any data or systems to which it has access have been compromised or in the event Imprivata suspects or knows of a breach of any of the foregoing.

E. Confidentiality. Each party agrees that it will take reasonable steps, at least substantially equivalent to the steps it takes to protect its own proprietary information, to (i) prevent use of the other party’s Confidential Information for any purpose other than to carry out its rights and obligations hereunder, and (ii) prevent the disclosure of the other party’s Confidential Information other than to its employees or contractors who must have access to such Confidential Information for such party to exercise its rights and perform its obligations hereunder and who each agree to be bound by agreements with a duty of confidentiality no less protective of confidential information than provided herein, and each party shall be responsible to ensure that its employees and consultants comply with the restrictions set forth herein. “Confidential Information” shall mean information furnished or made available directly or indirectly by the disclosing party to the receiving party which (x) is marked confidential, proprietary, or with a similar designation; (y) in the case of information given orally or visually, is reduced to a written summary marked with an appropriate restrictive legend and delivered to the receiving party within two (2) weeks after it is furnished hereunder or (z) should be reasonably understood by the receiving party to be the confidential or proprietary information of the disclosing party.

The parties’ obligations set forth in this section shall not apply with respect to any portion of the Confidential Information that: (i) was in the public domain at the time it was communicated to the receiving party; (ii) entered the public domain through no fault of the receiving party; (iii) is rightfully received by the receiving party from a third party without a duty of confidentiality; (iv) is independently developed by the receiving party without use of  the Confidential Information; (v) consists of generalized ideas, concepts, know-how or techniques in intangible form that is incidentally retained in the unaided memories of persons who have had authorized access to Confidential Information (provided that this exception shall not be construed to grant to either party a license to the other party’s copyrights or patents beyond those otherwise granted in this Agreement); (vi) is disclosed under operation of law, except that the receiving party will disclose only such information as is legally required and will use reasonable efforts to obtain confidential treatment for any Confidential Information that is so disclosed and will, if legally permitted, provide the other party prompt notice of such possible disclosure prior to disclosure in order to allow an opportunity to contest such disclosure; or (vii) is disclosed with the other party’s prior written approval.

F. Indemnification. If a third party makes a claim against either Customer or Imprivata (“Recipient” which may refer to Customer or Imprivata depending upon which party received the Material), that any information, design, specification, instruction, software, data, or material (“Material”) furnished by either Customer or Imprivata (“Provider” which may refer to Customer or Imprivata depending on which party provided the Material), and used by the Recipient infringes its intellectual property rights, the Provider, at its sole cost and expense, will defend the Recipient against the claim and indemnify the Recipient from the damages, liabilities, costs and expenses awarded by the court to the third party claiming infringement or the settlement agreed to by the Provider, if the Recipient does the following:

1. notifies the Provider promptly in writing, not later than 30 days after the Recipient receives notice of the claim (or sooner if required by applicable law);
2. gives the Provider sole control of the defense and any settlement negotiations; and
3. gives the Provider the information, authority, and assistance the Provider needs to defend against or settle the claim. 

If the Provider believes or it is determined that any of the Material may have violated a third party’s intellectual property rights, the Provider may choose to either modify the Material to be non-infringing (while substantially preserving its utility or functionality) or obtain a license to allow for continued use, or if these alternatives are not commercially reasonable, the Provider may end the license and/or services for, and require return of, the applicable Material and refund any fees the Recipient may have paid for any unused and prepaid license and/or services.  If Customer is the Provider and such return materially affects Imprivata’s ability to meet its obligations under the relevant order, then Imprivata may, at its option and upon 30 days prior written notice, terminate the order.  The Provider will not indemnify the Recipient if the information or legal pleadings do not specifically indicate that the Material is the basis of the claim. The Provider will not indemnify the Recipient if the Recipient alters the Material or uses it outside the scope of use identified in the Provider’s user documentation or if the Recipient uses a version of the Materials which has been superseded, if the infringement claim could have been avoided by using an unaltered current version of the Material which was provided to the Recipient.  The Provider will not indemnify the Recipient to the extent that an infringement claim is based upon any information, design, specification, instruction, software, data, or material not furnished by the Provider.  Imprivata will not indemnify Customer for any infringement claim that is based on Customer’s actions prior to the Effective Date of this Agreement.  THIS SECTION PROVIDES THE PARTIES’ EXCLUSIVE REMEDY FOR ANY INFRINGEMENT CLAIMS OR DAMAGES. 

G. Limitation of Liability. EXCEPTING ONLY IN THE EVENT OF A BREACH BY EITHER PARTY OF SECTION 5 (“CONFIDENTIALITY”), NEITHER PARTY IS LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES OR LOST PROFITS, FORESEEABLE OR UNFORESEEABLE, OF ANY KIND (INCLUDING, WITHOUT LIMITATION, LOSS OF GOODWILL, LOST OR DAMAGED DATA OR SOFTWARE, LOSS OF USE OF PRODUCTS, OR DOWNTIME) ARISING FROM THE SALE, DELIVERY OR PERFORMANCE OF ANY SERVICES OR ANY OTHER ACT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IMPRIVATA'S MAXIMUM LIABILITY TO CUSTOMER, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, WILL NOT EXCEED THE FEES PAID AND PAYABLE BY YOU DURING THE PRECEDING TWELVE-MONTH PERIOD. MONETARY DAMAGES AS LIMITED BY THIS SECTION SHALL SERVE AS CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY CLAIM UNDER THIS AGREEMENT FOR WHICH AN EXCLUSIVE REMEDY IS NOT PROVIDED, AND AS YOUR SOLE AND EXCLUSIVE ALTERNATIVE REMEDY SHOULD ANY EXCLUSIVE REMEDY HEREUNDER BE FOUND TO FAIL OF ITS ESSENTIAL PURPOSE.  NO LIMITATION AS TO DAMAGES FOR PERSONAL INJURY IS HEREBY INTENDED.

H. Term & Termination

1. Term. This Agreement shall commence upon the Effective Date and unless earlier terminated as provided for herein, shall extend for a period of one (1) year therefrom (“Initial Term”), after which this Agreement shall automatically renew for successive one (1)-year periods (each a “Renewal Term”), until such time as a party provides the other party with written notice of termination; provided, however, that: (a) such notice be given no fewer than thirty (30) days prior to the last day of the then-current term; and, (b) any such termination shall be effective as of the date that would have been the last day of the then-current Renewal Term.

2. Termination for Cause. If either party materially breaches any of its duties or obligations hereunder and such breach is not cured, or the breaching party is not diligently pursuing a cure, within thirty (30) days after written notice of the breach, the non-breaching party may immediately terminate this Agreement for cause as of a date specified in such notice.

3. Payments upon Termination. Upon the termination of this Agreement, Customer shall pay to Imprivata all amounts due and payable hereunder, if any.

4. Return of Customer Data.  Upon the termination of this Agreement and payment of any amounts due, Imprivata shall, within five (5) business days following the termination of this Agreement, return the Customer data to Customer, and thereafter shall destroy any Customer data within its possession or control. 

I. General Terms.

1. Relationship of Parties.  Each party represents and warrants that it is an independent contractor with no authority to contract for the other party or in any way to bind or to commit the other party to any agreement of any kind or to assume any liabilities of any nature in the name of or on behalf of the other party.  Under no circumstances shall either party, or any of its employees, consultants and agents, hold itself out as or be considered an agent employee, joint venturer, or partner of the other party. 

2. Governing Law.  This Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts, without regard for principles of conflict of laws.  Each party hereby consents and submits to the jurisdiction and forum of the state and federal courts in the Commonwealth of Massachusetts in all questions and controversies arising out of this Agreement.

3. Compliance with Laws.  Both parties agree to comply with all applicable federal, state, and local laws and regulations issued, where applicable, and Customer acknowledges that the services use software and technology that may be subject to United States export controls administered by the U.S. Department of Commerce, the U.S. Department of Treasury Office of Foreign Assets Control, and other U.S. agencies. Customer further acknowledges and agrees that the services shall not be used in, and none of the underlying information, software, or technology may be transferred or otherwise exported or re-exported to, countries to which the U.S. maintains an embargo (collectively, "Embargoed Countries"), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury's List of Specially Designated Nationals or the U.S. Department of Commerce's Table of Denial Orders (collectively, "Designated  Nationals").  Imprivata makes no representation that the services are appropriate or available for use in other locations.  If Customer uses the service from outside the United States of America, Customer is solely responsible for compliance with all applicable laws, including without limitation export and import regulations of other countries.  Any diversion of the Customer Data contrary to U.S. law is prohibited.

4. Force Majeure.  Except for the obligation to make payments, neither party will incur any liability to the other party on account of any loss or damage resulting from any delay or failure to perform all or any part of this Agreement if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control and without negligence of the parties.  Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, riots, acts of war, earthquakes, fire and explosions, but the inability to meet financial obligations is expressly excluded.

5. Assignment. Imprivata may assign this Agreement, in whole or part. Customer may not otherwise assign its rights or delegate its duties under this Agreement, either in whole or in part, without the prior written consent of Imprivata, and any attempted assignment or delegation without such consent will be void and of no effect. This Agreement will bind and inure to the benefit of each party's successors and permitted assigns.

6. Future Products. Imprivata may from time to time, prior to or during the term of this Agreement, disclose to you information related to planned future products, features or enhancements.  Imprivata’s development efforts and plans are subject to change at any time, without notice; Imprivata provides no assurances that Imprivata will introduce any such future products, features or enhancements and assumes no responsibility to introduce such products, features or enhancements. You acknowledge that your current purchasing decisions are not made based on the reliance on any such future timeframes or specifics described to you.

7. No Waiver.  The failure of either party at any time to require performance by the other party of any provision of this Agreement shall in no way affect that party’s right to enforce such provisions, nor shall the waiver by either party of any breach of any provision of this Agreement be taken or held to be a waiver of any further breach of the same provision.

8. Notice.  Any notice, approval, or consent required or permitted under the terms of this Agreement or required by law shall be in writing and deemed to have been sufficiently given and received when (i) delivered in person; (ii) three (3) business days after being sent by registered mail, return receipt requested, postage pre-paid; or (iii) one (1) business day after being sent by overnight air courier or by facsimile transmission, in each case forwarded to the appropriate address as may be designated by a party from time to time.

If to Imprivata:

Imprivata, Inc.
Attn: Legal Department
10 Maguire Road
Lexington, MA 02421

9. Amendment.  No amendment, change, waiver, or discharge hereof shall be valid unless in writing and signed by the Party against which such amendment, change, waiver, or discharge is sought to be enforced.

10. Partial Invalidity.  If any term or provision of this Agreement or the application thereof to any person, entity, or circumstance shall be invalid or unenforceable, the remainder of this Agreement shall be unaffected thereby, and each remaining term or provision of this Agreement shall be valid and enforced to the fullest extent permitted by law.

11. Headings.  The headings used in this Agreement are for reference purposes only, and shall not be construed to add to, alter, or modify any provision hereof.

12. Counterparts.  This Agreement may be executed in one or more counterparts, each of which shall be deemed to be a duplicate original, but all of which, taken together, shall be deemed to constitute a single instrument. This Agreement may be executed by facsimile or by electronic transmission of a pdf file.

13. Entire Agreement. This Agreement and attached Exhibit A hereto constitute the entire agreement between Customer and Imprivata with respect to the subject matter hereof, and there are no related representations, understandings, or agreements that are not fully expressed in this Agreement.

14. Survival. Any provision of this Agreement meant to survive the expiration or earlier termination of this Agreement shall so survive.