Kaspersky Hosted Security Services Agreement

THIS IS A LEGAL AGREEMENT. BY CLICKING THE "I ACCEPT" BUTTON DISPLAYED AS PART OF THE ORDERING PROCESS, YOU AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT, YOU MUST SELECT THE "I DECLINE" BUTTON AND MAY NOT USE THE SERVICE.

If you are entering into this Agreement on your own behalf, the term "Customer" means you. If you are entering into this Agreement on behalf of a company or other legal entity, the term "Customer" means the company or legal entity. The term "Kaspersky" means Kaspersky Lab, Inc., its affiliates and each of their successors and assigns. This Agreement, including all attachments referenced in this Agreement, which are incorporated into this Agreement, contains the entire agreement of the parties concerning its subject matter and replaces any prior or written communications between the parties concerning its subject matter.

Intending to be legally bound and having reviewed this Agreement in its entirety, Kaspersky and Customer agree as follows.

1. Services Kaspersky will provide the services as described in Attachment A, Statement of Services, in accordance with the terms and conditions of this Agreement. Six months after the effective service start date, Kaspersky will verify the number of users for which services are being rendered. Should the number of users increase by greater than 10%, an invoice will be issued based upon the number of new users within the appropriate per user price band at the then current price list. The invoice amount will be prorated for each six months period effected throughout the contract term.
2. Term and Termination. This Agreement will continue in effect for a term of one year and renew automatically for subsequent terms thereafter unless terminated with 30 days advance written notice (the "Term"). During the first 30 days of the initial term of this Agreement, Customer may terminate this Agreement without cause by providing Kaspersky with written notice. Either party will have the right to terminate this Agreement in the event of a material breach by the other party, unless such breach is cured within 30 days of receipt of written notice of such breach. The obligations of the parties under this Agreement that by their nature would continue beyond expiration, termination or cancellation of this Agreement will survive any such expiration, termination or cancellation. This Agreement will immediately terminate upon the commencement of any voluntary or involuntary bankruptcy or insolvency proceeding by or against Customer under any bankruptcy or similar law.
3. Intellectual Property Rights Each party agrees that it will acquire no right, title or interest in or to the other party's information, data base rights, data, tools, processes or methods, or any copyrights, trademarks, service marks, trade secrets, patents or any other intellectual or intangible property or property rights of the other by virtue of the service provided or materials delivered pursuant to this Agreement.
4. Representations and Warranties. Kaspersky will provide the service levels described on the Service Level Agreement attached hereto as Exhibit B. Except for the express warranties and exclusive remedies provided for by Kaspersky in such Service Level Agreement, ALL SERVICES AND DELIVERABLES PROVIDED BY KASPERSKY ARE PROVIDED "AS IS". KASPERSKY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. KASPERSKY DOES NOT GUARANTEE THAT CUSTOMER'S NETWORK, COMPUTER SYSTEMS, OR ANY PORTIONS THEREOF ARE SECURE. CUSTOMER ACKNOWLEDGES THAT IMPENETRABLE SECURITY CANNOT BE ATTAINED IN REAL-WORLD ENVIRONMENTS AND THAT KASPERSKY DOES NOT GUARANTEE PROTECTION AGAINST BREACHES OF SECURITY.
5. Limitation of Liability. To the maximum extent permitted by applicable law, neither party will be liable for any special, indirect, punitive or consequential damages of the other party or any third party, or for loss of business, profits, business interruption, or loss of data, regardless of whether such party receives notice of the potential for such damages. In no event will Kaspersky's aggregate liability for any claim or action relating to or arising out of this Agreement, regardless of the form of action (including, without limitation, contract, tort, products liability or strict liability) exceed the amounts paid to Kaspersky for the current term's service fee for the service giving rise to such claim or action by Customer. This agreement allocates risks between the parties and Kaspersky's pricing reflects this allocation of risk and the limitation of liability specified in this section.
6. Confidential Information.
   1. For the purposes of this Agreement, the term "Confidential Information" means any information, technical data, or know-how provided by one party to the other party which the disclosing party designates as confidential (whether orally or in writing), or which, given the totality of the circumstances, a reasonable recipient would have reason to believe is proprietary, confidential, or competitively sensitive; provided, however, that the term "Confidential Information" does not include information that is (a) known to the receiving party prior to disclosure by the disclosing party or its personnel; (b) publicly available through no act or omission of the receiving party; (c) lawfully received by the receiving party from a third party that is not under any confidentiality obligation to the disclosing party; or (d) comprised of statistical information, or other aggregated information regarding security vulnerabilities, security configurations and the like, insofar as such information does not identify Customer or Customer's computer network or computer systems.
   2. Each party agrees to use Confidential Information received from the other party pursuant this Agreement solely in connection with the performance of such party's obligations under this Agreement. Each party agrees to use reasonable measures, no less stringent than those measures used by the party to protect its own confidential and proprietary information, to protect the Confidential Information of the other party from disclosure to any third party. Unless authorized to do so in writing by the other party, neither party, nor any third party acting on either's behalf, will for any reason use or disclose to any person any of the other party's Confidential Information. In the event that a party is required to disclose Confidential Information to a court or governmental agency or pursuant to any other applicable law, such party will, to the extent practicable prior to such disclosure, and as soon as practicable and by the best available means, notify the other party to allow it an adequate opportunity to object to the disclosure order or to take other actions to preserve the confidentiality of the information. Prior to any disclosure pursuant to this section, a party required to disclose Confidential Information will cooperate with the party claiming confidentiality of the information in such party's reasonable efforts to limit the disclosure by means of a protective order or a request for confidential treatment.
   3. It is understood and agreed that remedies at law for a breach of a party's obligations under this Section will be inadequate and that the non-breaching party will, in the event of any such breach, be entitled to equitable relief (including, without limitation, injunctive relief and specific performance) without any requirement to post a bond as a condition of such relief, in addition to all other remedies provided under this Agreement or available at law.
7. Patents and Copyrights If the operation of the Services becomes, or Kaspersky believes is likely to become, the subject of a claim that it infringes a patent or copyright in the United States, Puerto Rico, or the country in which Customer is authorized to have the Services, Customer will permit Kaspersky, at its option and expense, (i) to secure the right for Customer to continue using the Services, (ii) to modify it so that it becomes non infringing, or (iii) to accept Customer's termination of the Services. Kaspersky will have no obligation with respect to any such claim based upon Customer's modification of Kaspersky Services. Kaspersky will not have any liability regarding patent or copyright infringement for non-Kaspersky Services. This Section states Kaspersky's entire obligation to Customer regarding infringement or the like.
8. General Provisions. The invalidity or unenforceability of any provision of this Agreement will not affect the validity or enforceability of any other provision of this Agreement. In the event that any provision of this Agreement is determined to be invalid, unenforceable or otherwise illegal, such provision will be deemed restated, in accordance with applicable law, to reflect as nearly as possible the original intentions of the parties, and the remainder of the Agreement will remain in full force and effect. No term or condition of this Agreement will be deemed waived, and no breach will be deemed excused, unless such waiver or excuse is in writing and is executed by the party from whom such waiver or excuse is claimed. No such waiver will be deemed a waiver of any preceding or succeeding breach or right in the same or in any other provisions hereof. Section numbers and headings are used for convenience and are not to be construed as limitations of the substance of any provision. This agreement will be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts without regard to its conflicts of law provisions. Any legal action or proceeding with respect to this Agreement may be brought in the state or federal courts located in Suffolk County, Massachusetts, and, by execution and delivery of this Agreement, each party hereby irrevocably accepts for itself and in respect of its property, generally and unconditionally, the jurisdiction of such courts. The language for all communications regarding this Agreement will be English. With the exception of a party's obligation to make payments properly due to the other party, neither party will be deemed in default or otherwise liable under this Agreement due to its inability to perform its obligations by reason of any cause beyond that party's control. Neither this Agreement nor any right or obligation arising hereunder may be assigned (voluntarily, by operation of law, or otherwise), in whole or in part, by either party without the prior written consent of the other party, such consent not to be unreasonably withheld; provided, however, that either party will have the right, upon written notice to the other party, to assign this Agreement to any person or entity that acquires all or substantially all of such party's business or assets. This Agreement will be binding upon, and inure to the benefit of, the parties and their respective successors and permitted assigns. This Agreement states the entire understanding of the parties relating to its subject matter and supersedes all prior discussions and negotiations and may only be modified in writing signed by both parties. This Agreement may be executed in two or more counterparts, each of which will be deemed an original, but all of which together will constitute one and the same document. The parties may sign facsimile copies of this Agreement that will each be deemed originals. Any amendment of this Agreement will be in writing signed by an authorized corporate officer of each parties. Communication by electronic mail will not be construed as an effective amendment to the Agreement. Any notice or communication required to be given hereunder may be delivered by hand, deposited with an overnight courier, sent by confirmed facsimile, or mailed postage prepaid, to the intended recipient's address above or at such other address as may hereafter be furnished in writing by the intended recipient. Such notice will be deemed to have been given as of the date it is delivered, mailed or sent, whichever is earlier. The parties to this Agreement are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise or agency between Kaspersky and Customer. Neither party will have the power to bind the other or incur obligations on the other's behalf without the other's prior written consent, except as otherwise expressly provided herein.

EMail Security Statement of Services

Kaspersky Hosted Security Services (KHSS) is an Application Service Provider (ASP) based anti-virus and anti-spam, Web and Instant Messaging control system. KHSS provides security at the domain level, KHSS servers scan incoming and outgoing traffic, email or web, for viruses, malicious code, or questionable content.

User Definition

KHSS subscription fees are based on the total number of e-mail/web/IM users for a protected domain as provided by the Customer. It is the Customer's responsibility to notify Kaspersky of increases in the total user count. At 6 month intervals Kaspersky will verify with the Customer the correct user count. Should this count exceed the number of users originally contracted for in the Statement of Services, the Customer will be billed by the Kaspersky or its authorized agent for the additional users for the next 6 month period. Billing rates will depend on the band in which the total number of users falls. Only traffic that passes over the Internet router, to or from an external domain, are routed through KHSS servers. Kaspersky will scan emails up to 100 MB in size. Emails over this size restriction will not be scanned.

Supported Platforms

KHSS is available for all Internet-based email routing applications and HTTP/FTP web applications.

1. Scope of Services

Additional users may be purchased at the per user pricing listed above by providing an Agreement Amendment referencing this Agreement. Customer will be billed based on the number of users added and the remaining number of months in the contract. The service term for additional users will become effective on the date of the purchase order or Agreement Amendment and be coterminous with the service term of this Agreement.

2. Services Functionality

Email Security

Email Security provides virus and spam control at the gateway level. The customer's email configuration is redirected to pass all email (inbound and outbound) through the Email Security scanning engines.

Configuration Options
Configurations are Customer-controlled to the extent supported by the KHSS user interface.

Virus Control
Email Security uses multiple antivirus technologies to deliver maximum security: 3 pattern based and 1 heuristic engine. Inbound and outbound virus control is provided, and virus signatures are updated every two hours.

SPAM Control
Emails can be filtered based on an assortment of content variables, including SPAM, Attachments (by file type) or Message size. Email can be quarantined, delivered or rejected based on customer-definable policy. White Lists and Black Lists can be defined as well. Content can be distinguished, by file type, between documents, executables, archives, graphics, audio, video and other types of documents. A maximum file size can also be configured.

3. Deliverables

Reporting

Reporting is provided to the customer on a on-demand basis. Reports are available electronically for review or download from the Kaspersky's Secure Web Portal. Each report includes the following:

• All reports are available in a graphical ,PDF or table format
• Reports can be generated for a specific time period and domains
• Account summary report: shows number of transactions, categories and volumes
• The Report-Section offers granular reports for: Emails, Users, Virus, Spam, Phishing, Quarantine and log
• Email reports show number of emails as well as the amount of the traffic
• Reports show inbound and outbound traffic
• The Quarantine Report (QR) offers every user a specific report to show all of their emails which have been quarantined. This report can be requested via the portal and will be delivered via email or web interface
• Reporting Frequency: Daily, weekly, bi-weekly or monthly
• Reporting Period: today, yesterday, this week, last week, this month, last month
• Smart Quarantine Report (SQR): KHSS will issue a report automatically, if emails for a user are in quarantine.
• Information in QR and SQR are: Reporting period, email count, emails in quarantine with reason
• Reports are generate in real time

For clarification purposes, Customer accepts that Kaspersky may change the functions or features of KHSS at its sole discretion in an effort to make KHSS a more commercially acceptable service.

Web Security Statement of Services

Kaspersky Hosted Security Services (KHSS) is an ASP based virus and spam, Web and Instant Messaging control system. KHSS provides security at the domain level, allowing for more efficient controls and faster response time in the event of a virus outbreak. KHSS servers automatically scan all incoming and outgoing traffic, email or web, for viruses, malicious code, or questionable content.

User Definition

KHSS subscription fees are based on the total number of e-mail/web/IM users for a protected domain as provided by the customer. It is the customers responsibility to notify Kaspersky of increases in the total user count. At 6 month intervals Kaspersky will verify with the customer the correct user count. Should this count exceed the number of users originally contracted for in the statement of services, the customer will be billed by the Partner for the additional users for the next 6 month period. Billing rates will depend on the band in which the total number of users falls. Only traffic that passes over the Internet router, to or from an external domain, are routed through KHSS servers. Kaspersky will scan emails up to 100 MB in size. Emails over this size restriction will not be scanned.

Supported Platforms

KHSS is available for all Internet-based email routing applications and HTTP/FTP web applications.

1. Scope of Services

Additional users may be purchased at the per user pricing listed above by providing an Agreement Amendment referencing this Agreement. Customer will be billed based on the number of users added and the remaining number of months in the contract. The service term for additional users will become effective on the date of the purchase order or Agreement Amendment and be coterminous with the service term of this Agreement.

2. Services Functionality

Web Security

Web Security provides threat protection, content control and policy enforcement for all HTTP/FTP traffic. The customer's external HTTP and FTP-over-HTTP requests including all attachments, macros or executables are directed through the KHSS scanning engines.

Configuration Options
Configurations are customer-controlled and can be very granular by groups or users.

Content Control
The customer can apply access restriction policies for Web pages and attachments with automatic web/email alerts to the end user. Restrictions can be applied to incorporate categories, approved lists, blocked lists, content types, file types and quotas.

Threat Protection
Requests for Web pages and attachments are electronically routed via KHSS and digitally examined for malware (viruses, malicious code, spyware, adware). KHSS will scan as much of the Web page and it's attachments as possible. It may not be possible to scan certain Web pages, content or attachments. Attachments specifically identified as unscannable will not be blocked. Streamed and encrypted traffic, i.e., Streaming Media and/or HTTPS/SSL, cannot be scanned and will be passed through.

3. Deliverables

Reporting

Reporting is provided to the customer on a on-demand basis. Reports are available electronically for review or download from the Kaspersky's Secure Web Portal. Each report includes the following:

• Summary reports can be drawn on a daily, weekly, monthly or yearly basis
• Summary reports can be generated as graph, xml, csv or table
• Scheduled report can be generated based on
• Top Viruses blocked
• Blocked Viruses by number of hits
• Top Groups by blocked viruses
• Protocol trend by bandwidth
• Protocol trend by connections
• Top users by blocked viruses
• Frequency for scheduled reports can be
• Once only
• Daily
• Weekly
• Monthly
• Forensic Reports can be generated for specific users or groups on a custom period

For clarification purposes, Customer accepts that Kaspersky may change the functions or features of KHSS at its sole discretion in an effort to make KHSS a more commercially acceptable service.

Email/Web Security Statement of Services

Kaspersky Hosted Security Services (KHSS) is an Application Service Provider (ASP) based anti-virus and anti-spam, Web and Instant Messaging control system. KHSS provides security at the domain level, KHSS servers scan incoming and outgoing traffic, email or web, for viruses, malicious code, or questionable content.

User Definition

KHSS subscription fees are based on the total number of e-mail/web/IM users for a protected domain as provided by the Customer. It is the Customer's responsibility to notify Kaspersky of increases in the total user count. At 6 month intervals Kaspersky will verify with the Customer the correct user count. Should this count exceed the number of users originally contracted for in the Statement of Services, the Customer will be billed by the Kaspersky or its authorized agent for the additional users for the next 6 month period. Billing rates will depend on the band in which the total number of users falls. Only traffic that passes over the Internet router, to or from an external domain, are routed through KHSS servers. Kaspersky will scan emails up to 100 MB in size. Emails over this size restriction will not be scanned.

Supported Platforms

KHSS is available for all Internet-based email routing applications and HTTP/FTP web applications.

1. Scope of Services

Additional users may be purchased at the per user pricing listed above by providing an Agreement Amendment referencing this Agreement. Customer will be billed based on the number of users added and the remaining number of months in the contract. The service term for additional users will become effective on the date of the purchase order or Agreement Amendment and be coterminous with the service term of this Agreement.

2. Services Functionality

Email Security

Email Security provides virus and spam control at the gateway level. The customer's email configuration is redirected to pass all email (inbound and outbound) through the Email Security scanning engines.

Configuration Options
Configurations are Customer-controlled to the extent supported by the KHSS user interface.

Virus Control
Email Security uses multiple antivirus technologies to deliver maximum security: 3 pattern based and 1 heuristic engine. Inbound and outbound virus control is provided, and virus signatures are updated every two hours.

SPAM Control
Emails can be filtered based on an assortment of content variables, including SPAM, Attachments (by file type) or Message size. Email can be quarantined, delivered or rejected based on customer-definable policy. White Lists and Black Lists can be defined as well. Content can be distinguished, by file type, between documents, executables, archives, graphics, audio, video and other types of documents. A maximum file size can also be configured.

Web Security

Web Security provides threat protection, content control and policy enforcement for all HTTP/FTP trafficl. The customer's external HTTP and FTP-over-HTTP requests including all attachments, macros or executables are directed through the KHSS scanning engines.

Configuration Options
Configurations are Customer-controlled to the extent supported by the KHSS user interface.

Content Control
The customer can apply access restriction policies for Web pages and attachments with automatic web/email alerts to the end user. Restrictions can be applied to incorporate categories, approved lists, blocked lists, content types, file types and quotas.

Threat Protection
Requests for Web pages and attachments are electronically routed via KHSS and digitally examined for malware (viruses, malicious code, spyware, adware). KHSS will scan as much of the Web page and it's attachments as possible. It may not be possible to scan certain Web pages, content or attachments. Attachments specifically identified as unscannable will not be blocked. Streamed and encrypted traffic, i.e., Streaming Media and/or HTTPS/SSL, cannot be scanned and will be passed through.

3. Deliverables

Reporting

Reporting is provided to the customer on a on-demand basis. Reports are available electronically for review or download from the Kaspersky's Secure Web Portal. Each report includes the following:

• Summary reports can be drawn on a daily, weekly, monthly or yearly basis
• Summary reports can be generated as graph, xml, csv or table
• Scheduled report can be generated based on
• Top Viruses blocked
• Blocked Viruses by number of hits
• Top Groups by blocked viruses
• Protocol trend by bandwidth
• Protocol trend by connections
• Top users by blocked viruses
• Frequency for scheduled reports can be
• Once only
• Daily
• Weekly
• Monthly
• Forensic Reports can be generated for specific users or groups on a custom period

For clarification purposes, Customer accepts that Kaspersky may change the functions or features of KHSS at its sole discretion in an effort to make KHSS a more commercially acceptable service.

IM Security Statement of Services

Kaspersky Hosted Security Services (KHSS) is an Application Service Provider (ASP) based anti-virus and anti-spam, Web and Instant Messaging control system. KHSS provides security at the domain level, KHSS servers scan incoming and outgoing traffic, email or web, for viruses, malicious code, or questionable content.

User Definition

KHSS subscription fees are based on the total number of e-mail/web/IM users for a protected domain as provided by the Customer. It is the Customer's responsibility to notify Kaspersky of increases in the total user count. At 6 month intervals Kaspersky will verify with the Customer the correct user count. Should this count exceed the number of users originally contracted for in the Statement of Services, the Customer will be billed by the Kaspersky or its authorized agent for the additional users for the next 6 month period. Billing rates will depend on the band in which the total number of users falls. Only traffic that passes over the Internet router, to or from an external domain, are routed through KHSS servers. Kaspersky will scan emails up to 100 MB in size. Emails over this size restriction will not be scanned.

Supported Platforms

KHSS is available for all Internet-based email routing applications and HTTP/FTP web applications.

1. Scope of Services

Additional users may be purchased at the per user pricing listed above by providing an Agreement Amendment referencing this Agreement. Customer will be billed based on the number of users added and the remaining number of months in the contract. The service term for additional users will become effective on the date of the purchase order or Agreement Amendment and be coterminous with the service term of this Agreement.

2. Services Functionality

IM Security

IM Security provides threat protection, content control and policy enforcement for all IM Traffic. Dictionaries or word lists can be created to block traffic. Restrictions can be defined to block applications such as AOL IM, MSN Messenger or Yahoo Messenger. Add on services such as video, gaming or voice chat can be blocked. Skype can be blocked. Schedules can be defined on a daily, hourly and per minute basis. Policies can be defined for groups, schedules and restrictions. User messages can be defined by the administrator to inform user if a virus or spyware was detected.

3. Deliverables

Reporting

Reporting is provided to the customer on a on-demand basis. Reports are available electronically for review or download from the Kaspersky's Secure Web Portal. Each report includes the following:

• Summary reports can be drawn on a daily, weekly, monthly or yearly basis
• Summary reports can be generated as graph, xml, csv or table
• Scheduled report can be generated based on
• - Bytes Transferred by Hour
• - Messages Sent by Hour
• - Top 10 Users by Blocked Messages
• - Top 10 users by Messages Received
• - Top 10 Users by Messages Sent
• - Top Applications
• Frequency for scheduled reports can be
• Once only
• Daily
• Weekly

For clarification purposes, Customer accepts that Kaspersky may change the functions or features of KHSS at its sole discretion in an effort to make KHSS a more commercially acceptable service.

Attachment B - Service Level Agreement

Service Guarantees

• Kaspersky guarantees a service uptime of 99.999% of available uptime.
• Kaspersky guarantees that 95% of all changes to any policy will be enforced within 15 minutes after the submission of the change.

Email Security Services

• Kaspersky will check emails up to 100MB
• Kaspersky guarantees that 95% of all messages without attachment will be processed in less than 30 seconds.
• Kaspersky guarantees to protect the customer from 100% of all known viruses processed by KHSS and sent by SMTP.
• Kaspersky guarantees to identify 95% of all incoming spam and execute on the customer settings based on the policy.
• Kaspersky guarantees that a False Positive rate of no more than .0004% will be maintained for the identification of spam.
• Kaspersky guarantees that 95% of quarantined messages will be accessible in the portal within 5 minutes.

Remedies

• In the event that the Customer believes it is entitled to a remedy in accordance with this Service Level, in order to be eligible for any remedy the Customer must submit a Credit Request within 10 working days of the end of the calendar month in question. Subject to verification of such entitlement by Kaspersky, Kaspersky will credit the Customer in accordance with the appropriate provisions of this Service Level. The Customer recognizes that logs are only kept for a limited number of days and therefore any Credit Request submitted outside of the provided timeframe will be deemed invalid.
• All claims must be verified by Kaspersky's records or provision of appropriate Email documentation as stipulated in this Service Level or as reasonably requested by Kaspersky from time to time.
• If the service is unavailable for more than 0.001% of available uptime in any calendar month, following a Credit Request, Kaspersky will add 1 day additional license period to the customer's license for every 2 hours of service unavailability up to a maximum of 5 days in any month. To receive the additional license period the customer has to send a written request to Kaspersky within 30 days after the occurrence of the breach of these Service Levels.
• If more than 5% of email messages in any calendar month take more than 5 minutes, following a customer request, Kaspersky will add 1 day additional license period to the customer's license for every message which did not meet the Service Level up to a maximum of 5 days in any month. To receive the additional license period the customer has to send a written request to Kaspersky within 30 days after the occurrence of the breach of these Service Levels.
• If one or more copies of a known virus pass our service in any calendar month, following a credit request, Kaspersky will pay the cleaning costs of the customer's network up to a maximum amount of the equal of a 3 month service fee. To receive the additional license period the customer has to send a written request to Kaspersky within 30 days after the occurrence of the breach of these Service Levels.
• If more than 5% of the policy propagations in any calendar month take more than 5 minutes, following a credit request, Kaspersky will add 1 day additional license period to the customer's license for every policy change which did not meet the Service Level up to a maximum of 5 days in any month. To receive the additional license period the customer has to send a written request to Kaspersky within 30 days after the occurrence of the breach of these Service Levels.
• In order to be eligible for credit the Customer must send suspected False Negative Emails to Kaspersky within twenty-four (24) hours of receipt of the Email. Kaspersky will investigate and confirm whether or not the Email is a False Negative and will record the finding. At the end of the calendar month if the Customer believes the number of confirmed False Negatives entitles it to a credit in accordance with the table above, the Customer must send a Credit Request to Kaspersky.
• If the spam detection rate drops below 95% for 5 days in a row in any calendar month, following a customer request, Kaspersky will add 1 month additional license period to the customer's license period. To receive the additional license period the customer has to send a written request to Kaspersky within 30 days after the occurrence of the breach of these Service Levels.
• If the spam false positives rate rises above 0.0004% for 5 days in a row in any calendar month, following a customer request, Kaspersky will add 1 month additional license period to the customer's license period. To receive the additional license period the customer has to send a written request to Kaspersky within 30 days after the occurrence of the breach of these Service Levels.
• If more than 5% of email messages in any calendar month take more than 5 minutes to appear in the quarantine, following a customer request, Kaspersky will add 1 day additional license period to the customer's license for every message which did not meet the Service Level up to a maximum of 5 days in any month.
• The above describes Customer's sole remedies, and Kaspersky's sole obligations, with respect to any breach of these Service Levels.

Attachment B - Service Level Agreement

Web/IM Security Service Guarantees

• Kaspersky guarantees a service uptime of 99.999% of available uptime.
• Kaspersky guarantees that 95% of all changes to any policy will be enforced within 15 minutes after the submission of the change.

Remedies

• In the event that the Customer believes it is entitled to a remedy in accordance with this Service Level, in order to be eligible for any remedy the Customer must submit a Credit Request within 10 working days of the end of the calendar month in question. Subject to verification of such entitlement by Kaspersky, Kaspersky will credit the Customer in accordance with the appropriate provisions of this Service Level. The Customer recognizes that logs are only kept for a limited number of days and therefore any Credit Request submitted outside of the provided timeframe will be deemed invalid.
• All claims must be verified by Kaspersky's records or provision of appropriate Email documentation as stipulated in this Service Level or as reasonably requested by Kaspersky from time to time.
• If the service is unavailable for more than 0.001% of available uptime in any calendar month, following a Credit Request, Kaspersky will add 1 day additional license period to the customer's license for every 2 hours of service unavailability up to a maximum of 5 days in any month. To receive the additional license period the customer has to send a written request to Kaspersky within 30 days after the occurrence of the breach of these Service Levels.
• If more than 5% of the policy propagations in any calendar month take more than 5 minutes, following a credit request, Kaspersky will add 1 day additional license period to the customer's license for every policy change which did not meet the Service Level up to a maximum of 5 days in any month. To receive the additional license period the customer has to send a written request to Kaspersky within 30 days after the occurrence of the breach of these Service Levels.
• The above describes Customer's sole remedies, and Kaspersky's sole obligations, with respect to any breach of these Service Levels.