APP AND CLOUD SECURITY
Complete security that stops all 13 email threat types and protects Office 365 data. Get started in minutes.
POST-DELIVERY DETECTION AND RESPONSE
DATA PROTECTION AND COMPLIANCE
Complete Web Application and API Protection (WAAP) platform to secure your workloads in the cloud.
Barracuda values partnership. We’re here to help you protect and support your customers for life with enterprise-grade, cloud-ready security solutions.
Barracuda Networks, Inc.
PURCHASE ORDER TERMS AND CONDITIONS
Last revision: February 2021
UNLESS OTHERWISE EXPRESSLY PROVIDED HEREIN OR IN A SEPARATE PURCHASE AGREEMENT BETWEEN BARRACUDA NETWORKS, INC. (“Barracuda”) AND SUPPLIER, THE PURCHASE ORDER PROVIDED BY BARRACUDA TO SUPPLIER (“Purchase Order”) AND THESE PURCHASE ORDER TERMS AND CONDITIONS (together with the Purchase Order, “Order”) CONSTITUTE THE ENTIRE CONTRACT BETWEEN THE SUPPLIER NAMED ON THE FACE OF THE PURCHASE ORDER AND BARRACUDA COVERING THE GOODS (“Goods”) AND SERVICES (“Services”) DESCRIBED IN SUCH PURCHASE ORDER. IN THE EVENT OF A CONFLICT BETWEEN THE PURCHASE ORDER AND THESE PURCHASE ORDER TERMS AND CONDITIONS, THE PURCHASE ORDER SHALL TAKE PRECEDENCE. THE PURCHASE ORDER DOES NOT CONSTITUTE ACCEPTANCE OF AN OFFER. ANY TERMS AND CONDITIONS IN ANY QUOTE, ACKNOWLEDGMENT, INVOICE OR OTHER DOCUMENT PREPARED BY SUPPLIER WHICH VARY FROM OR ARE IN ADDITION TO THE PROVISIONS OF THIS ORDER SHALL NOT BIND BARRACUDA UNLESS BARRACUDA EXPRESSLY ASSENTS THERETO IN WRITING. SHIPMENT OF ANY OF THE GOODS OR PERFORMANCE OF THE SERVICES SHALL BE CONCLUSIVE EVIDENCE OF SUPPLIER’S ACCEPTANCE OF ALL THE PURCHASE ORDER TERMS AND CONDITIONS HEREOF, REGARDLESS OF WHETHER SUPPLIER HAS ACKNOWLEDGED THIS ORDER. WHILE THE PURCHASE ORDER TERMS AND CONDITIONS ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE IN BARRACUDA’S SOLE DISCRETION, THE PURCHASE ORDER TERMS AND CONDITIONS POSTED ON BARRACUDA’S WEBSITE AS OF THE DATE OF THE PURCHASE ORDER WILL GOVERN THE TRANSACTION. NOTWITHSTANDING THE FOREGOING, A WRITTEN SUPPLIER AGREEMENT SIGNED BY BOTH BARRACUDA AND SUPPLIER RELATING TO THE SALE AND PURCHASE OF GOODS AND SERVICES SHALL SUPERCEDE ANY CONFLICTING TERMS HEREIN.
1. Acceptance by Supplier. Supplier shall accept Barracuda’s Purchase Order by verbal acknowledgement, written acknowledgement or by commencing performance under the Purchase Order. Upon Supplier’s acceptance, the Purchase Order shall constitute a binding agreement between Supplier and Barracuda and may not be modified except by an amended purchase order issued by Barracuda.
2. Price. The price for the Goods and Services shall be as set forth in the Purchase Order. Unless otherwise specified in the Purchase Order, such price shall include all sales, use, excise, import or export, value added or similar taxes, duties, fees or charges, including without limitation shipping and delivery charges (“Taxes or Charges”). If Barracuda is responsible for any Taxes or Charges, such Taxes or Charges shall be separately stated on the Purchase Order. Supplier will use its best efforts to assist Barracuda in all legal efforts to minimize the taxes resulting from the performance of the Purchase Order. If Supplier reduces the price of the Goods or Services on or before the shipment date of Goods on an outstanding Purchase Order or completion date of Services on an outstanding Purchase Order, Supplier will grant Barracuda a corresponding price reduction on such Goods or Services.
3. Payment. Payment shall be due sixty (60) days after (a) with respect to Goods, receipt by Barracuda of Supplier’s correct invoice (which may not be issued prior to the actual date of shipment of such Goods), or (b) with respect to Services, written acceptance by Barracuda of the Services. Payment will be in US dollars, unless otherwise expressly agreed in writing by Barracuda. Barracuda may offset any amounts owed by Supplier to Barracuda against any payments made hereunder.
4. Performance and Acceptance. Goods and Services shall be subject to final inspection and acceptance at Barracuda’s facility. Payment for Goods and Services shall not constitute acceptance. Items shall be deemed accepted by Barracuda if Barracuda has not given notice of rejection within sixty (60) days of receipt of the Goods by Barracuda or completion of the Services, except that no acceptance shall be deemed effective with respect to latent defects. Barracuda’s failure to specify any defect or nonconformance in rejecting any or all of the Goods shall not prevent Barracuda from relying on such defect or nonconformance to justify rejection. If Barracuda rejects the Goods or Services in whole or in part, Supplier shall, at Barracuda’s option, (a) repair or replace the Goods or reperform the Services at no additional cost, subject to the Terms herein, or (b) refund the fees paid by Barracuda for such Goods or Services in whole or in part (based on the reduced value of the Goods or Services accepted by Barracuda). Supplier shall bear all risk of loss as to rejected Goods and shall pay all shipping fees and other charges relating to the return of such rejected Goods. Any replacement product furnished by Supplier shall be new and shall be subject to Barracuda’s approval.
5. Shipping and Performance Location. The shipping carrier and shipment address and/or location for performance of the Services shall be as specified on the face of the Purchase Order. Unless otherwise specified in the Purchase Order, shipment shall be F.O.B. (place of destination) and Supplier will pay all costs, including, without limitation, costs of transportation, insurance, export and import fees, customs brokerage expenses and similar charges, and, at its expense, will make and negotiate any claims against any carrier, insurer, customs broker, freight forwarder or customs collector. Supplier will preserve, pack, package and handle the Goods to protect them from loss or damage in accordance with Barracuda’s specifications or in the absence thereof, best commercial practices. Supplier will include with each delivery of Goods a packing list identifying the Purchase Order number, the Barracuda part number for each of the Goods (if applicable), country of origin, the quantity of each of the Goods and the date of shipment.
6. Prompt Delivery of Conforming Goods. Time is of the essence in the performance of Supplier’s obligations hereunder and the delivery of conforming Goods in the full quantities and on the delivery schedule specified on the Purchase Order. The specific quantities ordered must be delivered in full and may not be changed by Supplier or partially delivered without Barracuda’s written consent. The acceptance by Barracuda of any such partial shipment shall not affect any other remedy to which Barracuda may be entitled on account of Supplier’s inability to supply Barracuda’s complete requirements when due. Barracuda shall have no liability or obligation for any excess quantities shipped by Supplier. Supplier agrees to exert every reasonable effort, including overtime and premium shipment at Supplier’s expense, to meet the promised delivery date; provided, however, that failure of such efforts to achieve prompt delivery of conforming Goods shall not relieve Supplier of liability for such failure. Supplier agrees to notify Barracuda immediately if at any time it appears that the delivery schedule set forth on the Purchase Order may not be met, and Barracuda, in its sole discretion, may agree to a revised time schedule. Barracuda is not obligated to accept and shall have no liability for delivery of the Goods in advance of the delivery date specified on the Purchase Order; however, if Barracuda does accept such advance delivery, Barracuda may defer inspection and/or payment according to the original schedule. If shipment is late for any reason, Supplier shall expedite shipment by air freight or other mode of shipment specified by Barracuda at Supplier’s expense. Any Goods received by Barracuda after the delivery date or Services completed after completion date, both as set forth on the Purchase Order, may be rejected by Barracuda at its discretion.
7. Changes/Cancellation. Barracuda may, at any time prior to acceptance by Barracuda, cancel a Purchase Order in whole or in part for any reason, including without limitation, Supplier’s insolvency or bankruptcy, upon notice to Supplier. Barracuda shall have no obligation to remit any payment of any kind, including without limitation, any cancellation charges or fees, for such cancelation. In the event that Barracuda cancels an order for Services, Barracuda shall only be obligated to pay Supplier for any Services performed and accepted by Barracuda; provided that Barracuda will not be obligated to pay any more than the payment that would have become due had Supplier completed and Barracuda had accepted the Services. In the event of cancellation of a Purchase Order for any reason, Supplier shall immediately deliver to Barracuda all completed work or work-in- progress as of the date of cancellation, as well as all Barracuda property, materials, and work in Supplier’s possession, including any and all documents in the possession of Supplier and/or Supplier’s personnel, in any way pertaining to the Purchase Order. Barracuda may, at any time prior to acceptance by Barracuda, make changes in the delivery schedules and location, quantities of the Goods, method of shipment or packing, scope or location of Services and specifications for the Goods and Services ordered hereunder. If a change by Barracuda hereunder causes an increase or a decrease in the cost of or the time required for Supplier’s performance, the parties shall, within 20 days from Barracuda’s notification of such change, agree on an equitable adjustment to the price and/or delivery date. Supplier shall proceed with its obligations hereunder pending negotiation of an equitable adjustment of the Purchase Order.
8. Intellectual Property. Barracuda is the sole and exclusive owner of the Goods and/or any deliverables provided by Supplier pursuant to the Services (the “Deliverables”). Supplier irrevocably assigns and transfers to Barracuda all of its worldwide right and title to, and interest in, the Goods and/or the Deliverables, including all associated Intellectual Property Rights. “Intellectual Property Rights” means any and all current and future (i) rights associated with works of authorship; including but not limited to copyrights, moral rights, and mask-work rights; (ii) patent rights, rights of priority, and design rights; (iii) trade secret rights, (iv) trademark rights (including service mark rights) and trade dress rights; (v) all other intellectual and industrial property rights of every kind and nature which may exist anywhere in the world, whether registered or unregistered; and (vi) any and all applications and registrations, renewals, extensions, provisionals, continuations, continuations-in-part, divisions, reissues or reexaminations of any of the foregoing. Notwithstanding the foregoing, Supplier grants to Barracuda a non-
exclusive, worldwide, royalty-free, irrevocable, perpetual, transferable, sublicenseable license to any Intellectual Property Rights in the Goods and/or Deliverables which arose outside the scope of the Purchase Order to the extent necessary for Barracuda to exercise its rights in the Goods and/or Deliverables as reasonably contemplated by the Purchase Order. Furthermore, Supplier grants to Barracuda a non-exclusive, worldwide, royalty-free, irrevocable, perpetual, transferable, sublicenseable license to any Intellectual Property Rights in the Goods and/or Deliverables which are necessary for Barracuda to use, import, copy, execute, reproduce, display, perform, and distribute copies of and modify (including creating improvements and derivative works based on) the Goods and/or Deliverables.
9. Protection of Barracuda’s Property in Supplier’s Possession. Any material and equipment that Barracuda furnishes to Supplier shall remain the sole and exclusive property of Barracuda. Supplier shall bear all risk of loss or damage to such property and shall maintain adequate insurance coverage (including, without limitation, protection against casualty and theft losses) with respect to such risks. At Barracuda’s request, Supplier must provide proof of insurance or will provide payment for an insurance coverage commensurate with such material and equipment at a fair market charge. All Barracuda property located on Supplier’s premises shall be stored separately and clearly marked in a manner that indicates Barracuda’s ownership. Any such material or equipment that is not intended to be consumed by Supplier shall be returned to Barracuda, at Barracuda’s expense, promptly upon the request of Barracuda. If Supplier fails to return any such property within thirty (30) days after Barracuda’s request, Supplier shall pay to Barracuda, as liquidated damages, the replacement cost of such property, provided, however, that such payment shall convey no right, title or interest in such property to Supplier.
10. Warranties. Supplier warrants that the Goods, Services and the Deliverables: (a) will be in full compliance with Barracuda’s specifications or Supplier’s samples and published specifications, if any; (b) will be of merchantable quality and fit for the use intended by Barracuda; (c) will not infringe any patent, copyright, trademark, trade secret or other proprietary right of any third party; (d) will be free from defects in materials and workmanship and design; and (e) will conform to all applicable federal, state and other laws. The Supplier further warrants that (i) it will perform the Services with due diligence and in a safe, workmanlike and competent manner and in accordance with all provisions of the Purchase Order and applicable law; (ii) prior to performance hereunder, it has all requisite authority and it has or shall obtain, at its expense, all the necessary certificates, permits, licenses, and authorizations (as required by law or under any agreement with a third party) to conduct business, sell the Goods or provide the Deliverables to Barracuda for its intended use, perform the Services, and to provide the warranties set forth herein; (iii) the Goods, including all parts and components thereof, shall be new, except as otherwise stated on the Purchase Order; and (iv) each delivery hereunder is free and clear of any and all liens, claims and encumbrances of any kind. Supplier agrees that the warranties herein contained shall be in addition to any warranties implied in law and expressly made by Supplier other than hereunder. Supplier’s warranty period for the Goods (including any repaired or replacement products), the Services and/or the Deliverables shall commence upon acceptance by Barracuda, and shall survive delivery, inspection, acceptance or payment by Barracuda. Barracuda’s approval of Supplier’s materials or designs will not relieve Supplier of any warranties. All warranties run to the benefit of Barracuda and its customers.
In the event that the Goods or Services do not conform to the warranties set forth herein, Supplier shall immediately provide Barracuda with replacement Goods or Services, and Supplier agrees that time is of the essence in such replacement.
A repeated failure, with the same root cause, of Goods to meet the warranty as a result of faulty materials, components or design shall be deemed an epidemic failure, and in addition to other remedies provided herein or at law, Barracuda shall be entitled to proactive replacement of the Goods and for costs reasonably incurred by Barracuda to swap the defective Goods for replacement goods.
11. Quality. Supplier acknowledges and agrees that it shall have documented reliability and quality manufacturing processes, and at the request of Barracuda shall be able to present to Barracuda engineering documentation which demonstrates the implementation of such policies in the design, analysis, test and manufacture of the product, each in accordance with ISO9001 requirements or other suitable quality system standard (i.e., TL9000) reliability and product quality standards. Supplier represents that the Goods do not contain any hazardous materials. Supplier agrees to provide any and all necessary data including complete data for Goods for Barracuda to meet any and all regulatory requirements.
12. Compliance with Laws. Supplier will, in the manufacture and sale of the Goods and performance of the Services to Barracuda and otherwise in its performance of its obligations under the Purchase Order, fully comply with all applicable federal, state, local and other governmental laws, rules and regulations, including without limitation import and exports laws, and shall obtain all necessary licenses and/or waivers. Supplier agrees to indemnify and hold Barracuda harmless from and against any and all losses which Barracuda may suffer in the event that Supplier fails to comply with any applicable law.
13. Subcontractors. Supplier shall not use any subcontractors to provide the Goods or to perform the Services under the Purchase Order without written permission from Barracuda, and no such permission will relieve Supplier of any of its obligations hereunder. Supplier shall ensure that all of its contracts with its subcontractors contain provisions which are in conformity with and no less stringent than the provisions of this Order. Supplier shall be responsible to Barracuda for services performed by all its subcontractors.
14. No Unauthorized Payments to Third Parties. Neither Supplier nor any party acting on its behalf (including its agents, directors or employees) will make, offer, or will cause to be made or offered, any payment, loan or gift of money or anything of value directly or indirectly to (i) any official or employee of any government, or any agency or instrumentality thereof; (ii) any political party or official thereof or any candidate for political office; or (iii) any other person, under circumstances in which it, its directors, employees or agents know, or have reason to know, that all or any portion of such money or thing of value will be offered or given, directly or indirectly, to any person named in items (i) or (ii) above to influence a decision or gain any improper advantage for Barracuda in connection with any transaction related to the Purchase Order or which could result in a violation of the U.S. Foreign Corrupt Practices Act, the OECD Convention on Anti-Bribery or any other anti-bribery laws or international anti- bribery standards. In addition, no payment shall be made to anyone for any reason on behalf of or for the benefit of Barracuda which is not properly and accurately recorded in the Supplier’s books and records, including amount, purpose and recipient, all of which shall be maintained with supporting documentation. In the event Barracuda has reason to believe that a breach of this provision has occurred or will occur, Barracuda may, without penalty, (a) withhold further performance under the Purchase Order until such time as it has received confirmation to its satisfaction that no breach has or will occur or (b) terminate the Purchase Order immediately. Upon Barracuda’s request, Supplier will complete and return a certification of compliance with this provision in a form acceptable to Barracuda in its sole discretion. In addition, upon Barracuda’s request, Supplier’s agents, directors and employees will also complete and return such certification.
15. Indemnification. Supplier hereby agrees to defend, indemnify and hold Barracuda and Barracuda’s customers harmless from and against any and all claims by third parties for property damages, personal injury, death, expenses (including reasonable attorneys’ fees), economic loss, foregone profits and losses or damages of any kind whatsoever actually or proximately resulting from or in connection with (a) the acts or omissions of Supplier (including its subcontractors, if any) in the performance of its obligations hereunder, and (b) the failure of the Goods, Services and/or the Deliverables to conform to the warranties and representations contained herein. Supplier hereby also agrees to defend, indemnify and hold Barracuda and Barracuda’s customers harmless from and against any and all claims, actions or proceedings brought against Barracuda by a third party to the extent it relates to or is based on, a claim or allegation that any item of Good and/or Deliverable infringes a copyright, trade secret or patent of a third party, and Supplier will pay any and all damages and costs finally awarded against Barracuda in any such action or proceeding that are attributable to any such claim or incurred by Barracuda through settlement thereof. Upon notice of an alleged infringement or if in Barracuda’s opinion such a claim is likely, Supplier agrees, at its
expense and at Barracuda’s option, to either: (i) procure for Barracuda the right to continue using and distributing the Goods and/or Deliverable, as applicable; (ii) modify the applicable Goods and/or Deliverables so that they become non-infringing or replace such Goods and/or Deliverables with non-infringing Goods and/or Deliverables, having the same functionality, operating characteristics, compatibility and interoperability as the Goods and/or Deliverables that are replaced; or (iii) refund to Barracuda the amount paid for the Goods and/or Deliverables.
16. Confidential Information. Each party may be exposed to certain confidential information of the other party including but not limited to information concerning the business, technology, and customers of the party, which the party knows or should know is the other party’s confidential and proprietary information (herein “Confidential Information”). Each party agrees that while the Purchase Order is outstanding and for a period of three (3) years thereafter, it will not: (a) use the Confidential Information for any purpose other than to perform under such Purchase Order; or (b) disclose to any third party any Confidential Information without the prior written consent of the disclosing party. Each party may disclose Confidential
Information only to its employees or contractors on a need to know basis and as is reasonably necessary to allow the party to perform under such Purchase Order; provided that each such employee or contractor is under a written obligation of nondisclosure which protects the Confidential Information under terms at least as stringent as these terms. This Section will not apply to Confidential Information after such information is made public by the disclosing party. If any Confidential Information is required to be disclosed by a party as a matter of law or by order of a court or other legal process, such party will promptly notify the other party of such obligation to disclose and reasonably assist the other party in obtaining a protective order or otherwise limiting such disclosure. Each party agrees to keep confidential and not to disclose the information on the Purchase Order to any third party other than (i) in confidence to its affiliates, actual or potential investors, banks, lawyers, accountants and other professional advisors; (ii) in connection with the enforcement of its rights under this Order; (iii) as may be required by law, including, without limitation, in connection with the requirements of a public offering or securities filing, and (iv) in confidence in connection with a merger or acquisition or a proposed merger or acquisition. Supplier shall not, without Barracuda’s prior written consent, make any news release or public announcement concerning the Purchase Order or Supplier’s supplier relationship with Barracuda, including without limitation naming Barracuda on Supplier’s customer list. In the event of litigation to enforce any rights hereunder, the prevailing party shall be entitled to recover reasonable attorneys’ fees and expenses in addition to such other amounts as the court may determine.
17. Remedies; Limitation of Liability. IF SUPPLIER BREACHES ANY TERMS OR CONDITIONS OF THIS ORDER, BARRACUDA MAY EXERCISE, SINGLY OR IN ANY COMBINATION AND IN ANY ORDER, ALL RIGHTS AND REMEDIES AVAILABLE TO BARRACUDA AT LAW OR IN EQUITY, INCLUDING, WITHOUT LIMITATION, ALL RIGHTS UNDER THE UNIFORM COMMERCIAL CODE. IF BARRACUDA IS IN BREACH OF ANY OF THESE PURCHASE ORDER TERMS AND CONDITIONS, SUPPLIER’S EXCLUSIVE REMEDY SHALL BE: (A) IN THE CASE OF GOODS, TO RECOVER THE GOODS OR, IN THE EVENT SAID GOODS HAVE BEEN SOLD BY SUPPLIER OR BARRACUDA TO A THIRD PARTY, TO RECOVER THE PRICE PAID OR PAYABLE BY BARRACUDA TO SUPPLIER FOR SUCH GOODS LESS THE NET PROCEEDS, IF ANY, RECEIVED BY SUPPLIER FROM SUCH THIRD PARTY, OR (B) IN THE CASE OF SERVICES, TO RECOVER THE PRICE PAID OR PAYABLE BY BARRACUDA TO SUPPLIER FOR SUCH SERVICES. NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN, BARRACUDA’S AGGREGATE LIABILITY FROM OR IN RELATION TO THIS ORDER AND THE GOODS AND SERVICES, WHETHER ARISING IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE, SHALL BE LIMITED TO THE TOTAL AMOUNT PAID OR PAYABLE BY BARRACUDA TO SUPPLIER FOR THE GOODS AND SERVICES IN THE SIX MONTHS PRECEDING THE EVENT OR CIRCUMSTANCE GIVING RISE TO SUCH LIABLITY. UNDER NO CIRCUMSTANCES WILL BARRACUDA BE LIABLE FOR ANY LOST PROFITS OR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES OF ANY KIND OR NATURE WHATSOEVER, HOWEVER CAUSED, AND WHETHER ARISING IN CONTRACT, TORT (INCLUDING NEGLIGENCE), BREACH OF WARRANTY, STRICT LIABILITY OR OTHERWISE, EVEN IF BARRACUDA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY EXCLUSIVE REMEDY PROVIDED HEREIN. IN NO EVENT WILL BARRACUDA BE LIABLE FOR THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES.
18. Assurances. For work performed in the US, Supplier agrees that (a) it will not knowingly employ or contract with an illegal alien to perform work under the Purchase Order, and (b) it will provide a drug-free workplace for its employees during the performance of the Purchase Order in compliance with applicable US, state or local law. Supplier agrees to conduct transactions by electronic means. Supplier will secure and maintain insurance providing coverage for liabilities to third parties for bodily or personal injury and damage to property in amounts sufficient to protect Barracuda in the event of such injury or damage, and will be in compliance with any and all laws, regulations or orders addressing the liabilities of an employer to its employees for injuries and disease suffered in connection with employment. Supplier further will maintain such additional types and limits of insurance as is customary for a company of similar size and similar operations to Supplier in the jurisdiction(s) in which Supplier’s operations take place.
19. Miscellaneous. This Order shall be governed in all respects exclusively by the laws of the State of California and the United States of America without regard to conflicts of law principles. The United Nations Convention on the International Sale of Goods is hereby expressly excluded from application to this Order. All disputes arising under this Order shall be brought in Superior Court of the State of California in Santa Clara County or the Federal District Court of San Jose, as permitted by law, and Company consents to personal jurisdiction in such courts. Except as expressly provided elsewhere in this Order, all disagreements or controversies of any kind whether claimed in tort, contract or otherwise concerning this Order shall be brought within one (1) year after the occurrence of the event giving rise to the disagreement or controversy. This Agreement may not be assigned by Supplier by operation of law or otherwise without the prior written approval of Barracuda. Barracuda’s rights and obligations, in whole or in part, under this Agreement may be assigned or delegated by Barracuda to any affiliated company or subsidiary or in connection with a merger, reorganization, consolidation or sale of all or substantially all of Barracuda’s assets. This Order shall bind and inure to the benefit of the parties and their successors and permitted assigns.
The waiver by either party of a breach of any provisions contained herein shall be in writing and shall in no way be construed as a waiver of any succeeding breach of such provision or the waiver of the provision itself. In the event that any provision of this Order shall be unenforceable or invalid under any applicable law or be so held by applicable court decision, such unenforceability or invalidity shall not render this Order unenforceable or invalid as a whole, and, in such event, such provision shall be changed and interpreted so as to best accomplish the objectives of such provision within the limits of applicable law or applicable court decisions. Nothing contained herein shall be construed as creating any agency, partnership, or other form of joint enterprise between the parties. Neither party shall have the authority to contract for or bind the other party in any manner nor represent itself as an agent of the other party. Neither party will have the right to claim damages if this Order is terminated as a result of the other party’s failure or delay in performance due to circumstances beyond its reasonable control; provided, however, the party so affected shall promptly give notice to the other party whenever such circumstances becomes reasonably foreseeable and shall use its best efforts to overcome the effects of the circumstances as promptly as possible. The party affected by an event of the sort contemplated by the foregoing may suspend performance of the Purchase Order for a period of time equal to the duration of the event excusing such performance. Notwithstanding the foregoing, in the case of any delay in delivery, Barracuda may, in its sole discretion, cancel all or part of the Purchase Order. Notices will be sent to the address set forth on the Purchase Order, unless a party notifies the other party in writing of an alternative contact and address for notices. Any notices permitted or required under the Order will be in writing and will be deemed given when delivered in person, by overnight courier upon written verification of receipt, by confirmed facsimile, or by certified or registered mail, return receipt requested, five (5) days after deposit in the mail.
INFORMATION SECURITY REQUIREMENTS
In the performance of Services, Supplier shall maintain the highest level of industry standard operating standards and security procedures consistent with the type of service provided, and shall secure all Barracuda Confidential Information and data consistent through the use of physical and logical security measures including, but not limited to, network security, data privacy, access controls, and encryption technologies.
Supplier shall comply with the following requirements:
1. Security Incident Response. Supplier shall report to Barracuda information security events with potential to affect the privacy or security of Barracuda Confidential Information through predefined communications channels in a prompt and expedient manner in compliance with statutory, regulatory and contractual requirements. In the event a follow-up action concerning a person or organization after an information security incident requires legal action, Supplier shall ensure that proper forensic procedures including chain of custody are followed for collection, retention, and presentation of evidence to support potential legal action subject to the relevant jurisdiction.
2. Breach Notification/Remediation. To the extent any information security breach or other unauthorized access, acquisition or disclosure of data occurs as a result of an act or omission of Supplier or Supplier’s personnel in breach of the Agreement, Supplier shall notify Barracuda personal within 48 hours, or sooner as may be required by applicable law, whenever it knows or reasonably believes an information security event or security breach has occurred. Supplier will cooperate with Barracuda to investigate, remediate and prosecute any such occurrence and reimburse Barracuda for reasonable remediation costs.
3. Minimum Technical Safeguards. Supplier shall protect all Barracuda data and information obtained under the terms of this Agreement from unauthorized access, destruction, use, modification, or disclosure by means of reasonable and appropriate administrative, physical and logical safeguards. Minimum security practices shall include the following as relevant:
a) Restricted Access. Supplier shall restrict access to Barracuda data and information to only support personnel on a “need to know” basis and shall conform to “least privilege” security principles.
b) Malware Protection. Supplier shall ensure that antivirus/malware programs are capable of detecting, removing, and protecting against all known types of malicious or unauthorized software with daily updates.
c) Vulnerability Management. With regards to the handling of Barracuda data or information, Supplier shall establish and maintain mechanisms for vulnerability and patch management, ensuring that application, system, and network device vulnerabilities are evaluated, and supplier-supplied security patches are applied in a timely manner taking a risk-based approach for prioritizing critical patches.
d) Security Procedures, Policies and Logging. If access to Barracuda’ systems is required in connection with the Services, then such systems shall be operated in accordance with the following procedures (in addition to those specified in the Agreement) to enhance security:
(i) User passwords are stored using a one-way hashing algorithm (SHA-256) and are never transmitted unencrypted.
(ii) Passwords are not logged under any circumstances.
4. Software Services. This Section 4 shall only apply to the extent Supplier is providing Barracuda with software.
a) Vulnerabilities Risks and Threats. Supplier shall agree that he/she will strive to identify vulnerabilities, risks and threats as early as possible in the software lifecycle.
(i) Supplier shall identify key risks to the important assets and functions provided by the application. Supplier shall conduct an analysis of errors, or other relevant common programming errors, and document in writing that they have been mitigated.
(ii) Supplier shall conduct risk assessments to determine and prioritize risks, enumerate vulnerabilities and understand the impact that particular attacks might have on an application to ensure it meets applicable contractual obligations, regulatory mandates and security best practices and standards.
(iii) Supplier shall share with Barracuda in writing all security-relevant information regarding the vulnerabilities, risks and threats to the application immediately and completely upon identification. Such security documentation shall describe security design, risk analysis or issues.
b) Application Development/Code Review. Supplier shall provide secure application development services. The software or applications delivered or used to deliver Services shall not contain any code that does not support a software requirement and weakens the security of the application, including computer viruses, worms, time bombs, back doors, and all other forms of malicious code.
c) Malicious Code. Supplier warrants that software or applications delivered or used to deliver Services shall not contain any code that does not support a software requirement and weakens the security of the application, including computer viruses, worms, time bombs, back doors, and all other forms of malicious code.
d) Security Controls.
(i) Supplier shall have in place industry standard technology controls, including firewalls, anti-virus software, security monitoring and alerting systems (i.e. intrusion detection systems).
(ii) Security measures shall ensure compliance with data privacy regulations (including GDPR) and extend to support personnel end point devices potentially accessing data and customer systems.