TERMS OF ENGAGEMENT
We have updated Black Arrows Terms of Engagement - effective as of 15 August 2024.
Our Terms and Conditions can also be downloaded as a PDF here.
This document sets out the terms and conditions of your engagement of Black Arrow Cyber Consulting Limited ("Black Arrow") to supply services to you (the "Engagement") unless otherwise agreed in writing between you (the "Client") and Black Arrow. If there is any conflict between any engagement letter and these terms, the engagement letter will prevail.
Where relevant, references in these terms to Black Arrow shall mean Black Arrow, its associated companies, and its appointed Sub-Contractors.
1. DUTIES AND OBLIGATIONS
1.1. During the Engagement Black Arrow shall:
1.1.1. provide the Services, including the Deliverables (if any), with reasonable care and skill;
1.1.2. provided that Black Arrow shall not be liable if, as a result of such compliance, it is in breach of any of its obligations under the Engagement:
1.1.2.1. observe all reasonable health and safety rules and regulations and security requirements that apply at any of the Client's premises and have been communicated to Black Arrow; and
1.1.2.2. take reasonable care of all Client Materials in its possession and make them available for collection by the Client on reasonable notice and request, always provided that Black Arrow may destroy the Client Materials if the Client fails to collect the Client Materials within a reasonable period after termination of the Engagement.
1.1.2.3. engage the services of such Sub-Contractors as it deems fit to perform its obligations under the Engagement.
1.2. The Client acknowledges that it is not possible to completely eliminate all cyber and information security risks and that the Client at all times owns and assumes the risk of their organisation's security. In particular, the Client acknowledges that it is responsible for making its own assessment of the information and any recommendations provided by Black Arrow.
1.3. The Client undertakes to Black Arrow that it shall:
1.3.1. co-operate with Black Arrow in all matters relating to the Services;
1.3.2. provide, for Black Arrow, its agents, Sub Contractors, consultants and employees in a timely manner and at no charge, access to the Client premises, office accommodation, data and other facilities as reasonably required by Black Arrow;
1.3.3. inform Black Arrow, in a timely manner of any planned or actual changes or initiatives within the organisation that could represent or result in a change in the Client's cyber security controls;
1.3.4. inform Black Arrow, in a timely manner, of any identified changes in the level of cyber and information security risk that the Client faces, including the Client's ability to detect, respond and/or recover from a cyber or information security incident;
1.3.5. inform Black Arrow, in a timely manner of any identified information that could indicate a current or historic cyber or information security incident, whether that incident is suspected of confirmed;
1.3.6. provide, in a timely manner, such resources including appropriately skilled, knowledgeable and authorised team members as Black Arrow may reasonably require; and
1.3.7. provide, in a timely manner, such information as Black Arrow may reasonably require, and ensure that it is accurate and complete in all material aspects.
2. PENETRATION TESTING
2.1. Where the Services include penetration testing services, the Client:
2.1.1. acknowledges and accepts that Black Arrow will use various proprietary penetration testing methods and such other methods as Black Arrow may, in its absolute discretion, deem appropriate to actively attempt to breach security controls and gain entry to the Client's computer systems, networks and data, which may include replicating methods (whether software-based or not), applications and tools used by computer hackers and that such attempts may otherwise amount to criminal activity;
2.1.2. warrants and undertakes to Black Arrow that the Client has the full right, power and authority, and has obtained all necessary third-party consents and authorisations to permit Black Arrow to provide the Services (and must provide Black Arrow with evidence of such authorisations on request) and that any actions undertaken by Black Arrow in providing the Services will not infringe the rights of any third party;
2.1.3. expressly authorises Black Arrow to access the Client's computer systems and networks (and any programs and data held on them) to enable Black Arrow to provide the Services;
2.1.4. where the Client reports any activities undertaken as part of the penetration testing services to any external body (including law enforcement agencies), must promptly confirm to such body that Black Arrow was acting in an authorised manner;
2.1.5. warrants and undertakes to keep full and up-to-date backup copies of its computer programs and data in accordance with best secure computing practice;
2.1.6. acknowledges that penetration testing services are inherently risky and there is a risk that such services may result in loss to the Client (for example damage, loss, modification, impairment and unavailability of the Client's data and systems) and despite anything else contained in these terms Black Arrow shall not be liable to the Client for losses of any nature (whether direct or indirect or consequential) that occur as a result of conducting such services even if Black Arrow shall have been advised of the possibility of it and whether arising in tort (including negligence), breach of contract or howsoever;
2.1.7. understands that penetration testing services may not identify all vulnerabilities within the Client's systems and are limited to an assessment of the current state of the Client's environment and will not produce particular results or outcomes;
3. FEES AND EXPENSES
3.1. In consideration of the provision of the Services, the Client shall pay each invoice submitted by Black Arrow (inclusive of any taxes) within 14 days of receipt.
3.2. If the Client fails to make any payment due to Black Arrow under the Engagement by the due date for payment, then, without limiting Black Arrow's remedies under Clause 8 below (Termination):
3.2.1. the Client shall pay interest on the overdue sum starting from 14 days after the invoice date until payment is received by Black Arrow, whether before or after judgment. Interest under this Clause will accrue each day at 4% a year above the Bank of England's base rate from time to time, but at 4% a year for any period when that base rate is at or below 0%; and
3.2.2. Black Arrow may suspend all Services until payment has been made in full.
3.3. All amounts due under the Engagement shall be paid in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of tax as required by law).
3.3.1. Black Arrow reserves the right to increase its fees at least annually, including in line with inflation, and will provide the Client with 30 days' written notice of any changes.
3.3.2. The Client shall reimburse all reasonable expenses properly and necessarily incurred by Black Arrow in the course of the Engagement including travelling expenses, hotel costs, subsistence and any associated expenses, subject to production of receipts or other appropriate evidence of payment if requested by the Client.
4. OTHER ACTIVITIES
4.1. Nothing in this agreement shall prevent Black Arrow from being engaged, concerned or having any financial interest in any capacity in any other business, trade, profession or occupation during the Engagement provided that such activity does not cause a breach of any of Black Arrow's obligations under this agreement.
5. OWNERSHIP AND USE OF IPR AND OTHER PROPERTY
5.1. All existing and future property rights and IPRs in the Works and the Inventions and of all materials embodying such rights vest in and shall remain owned by Black Arrow and/or its licensors. The Client and/or its licensors shall retain ownership of all IPRs in the Client Materials.
5.2. Subject to compliance by the Client with its obligations under these terms, Black Arrow grants to the Client, solely for the Client's own use and proper purposes, a perpetual, non-exclusive, non-transferable licence to read, possess, copy, modify, adapt and make derivative works of the relevant Works prepared by Black Arrow under the Engagement. The Client shall be entitled to disclose such Works only to its personnel, third party providers and professional advisers and on the conditions that (i) such Works are disclosed in full, (ii) such disclosure is for proper purposes solely in connection with the Client's use of the Works and not for any unlawful or unauthorised purpose. Except for proper purposes in connection with the Client's use of the Works and not for any unlawful or unauthorised purpose, the Client (and third parties or professional advisers to whom Works are disclosed) shall in no circumstances be entitled to modify, amend, truncate or reproduce Works or a part thereof. The Client undertakes to inform those of its personnel, third parties and professional advisers to whom it discloses Works of these obligations and that it will otherwise employ reasonable measures to prevent unauthorised use of the Works both during and after termination of the Engagement (which measures shall not be less than the measures it employs to protect its own works and information).
5.3. The Client grants Black Arrow a fully paid-up, worldwide, non-exclusive, royalty-free, non-transferable licence to read, possess, copy, modify, adapt and make [LA1] [BM2] derivative works of the Client Materials for the term of the Engagement for the purpose of providing the Services to the Client in accordance with the Engagement.
5.4. The Client shall indemnify Black Arrow in full against the costs of defending any claim brought against Black Arrow (including its directors, officers, employees, Sub-Contractors and agents) for infringement of a third party's rights (including any IPRs) arising out of, or in connection with, the receipt or use of the Client Materials by Black Arrow and any sums awarded by a court against Black Arrow arising out of or in connection with such claim.
6. DATA PROTECTION - USE OF PERSONAL INFORMATION
6.1. Black Arrow will use personal information provided to it to comply with applicable laws and regulations for the purpose of providing the Services. Black Arrow's processing of personal information will be done in accordance with applicable data protection legislation and Black Arrow's Privacy Policy, a copy of which can be found on Black Arrow's website at: https://www.blackarrowcyber.com/privacy-policy.
7. CONFIDENTIALITY
7.1. Black Arrow and the Client shall treat as confidential all information obtained from the other (including the Works) and, except as permitted under Clause 5 above (Ownership and use of IPR and other property) in relation to the Works, shall not disclose such information to any person (save to such party's own personnel and then only to those personnel who need to know the same) either during the Engagement or at any time after termination.
7.2. This restriction does not apply to:
7.2.1. any disclosure authorised by the other party in writing;
7.2.2. any disclosure required by law or by a regulatory or tax authority; or
7.2.3. any information which is already in, or comes into, the public domain otherwise than through the other party's unauthorised disclosure.
7.3. Black Arrow and the Client acknowledge that disclosure of any confidential information of the other may irreparably injure the affected party, which will be inadequately compensated by damages. Accordingly, the affected party may seek and obtain injunctive relief against the breach or threatened breach of the foregoing undertakings, in addition to any other legal remedies which may be available.
7.4. Black Arrow and the Client agree that it will be sufficient compliance with this Clause to employ reasonable measures to prevent unauthorised use of, and to preserve, confidential information both during and after termination of the Engagement, which measures shall not be less than the measures employed by each party in protecting its own confidential information.
8. TERMINATION
8.1. Either party to the Engagement may terminate it with immediate effect by giving written notice to the other party if:
8.1.1. the other party commits a material breach of any term of the Engagement that is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so;
8.1.2. the other party takes any step or action in connection with its entering administration, provisional liquidation or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business;
8.1.3. the other party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business; or
8.1.4. the other party's financial position deteriorates to such an extent that in the terminating party's opinion the other party's capability to adequately fulfil its obligations under the Engagement has been placed in jeopardy.
8.2. Black Arrow may terminate the Engagement with immediate effect by giving written notice to the Client if the Client fails to pay any amount due under the Engagement on the due date for payment or if Black Arrow has reason to suspect the Client has failed to meet its obligations under this Agreement.
8.3. Without prejudice to Clause 8.1 above and 8.2 above, either party may terminate the Engagement on giving not less than 3 months' prior written notice to the other.
8.4. Termination of the Engagement will not affect any other right of remedy of the parties which have accrued prior to the termination.
8.5. The following Clauses of these terms will survive termination, however caused:
8.5.1. Clause 1.2
8.5.2. Clause 2 (Penetration Testing)
8.5.3. Clause 3 (Fees and Expenses)
8.5.4. Clause 5 (Ownership and use of IPR and other property)
8.5.5. Clause 7 (Confidentiality)
8.5.6. this Clause 8
8.5.7. Clause 9 (Liability)
8.5.8. Clause 11 (General)
8.5.9. Clause 12 (Governing law)
8.5.10. Clause 13 (Notices)
8.5.11. Clause 14 (Interpretation)
8.6. On termination of the Engagement for whatever reason:
8.6.1. the Client shall immediately pay to Black Arrow all of Black Arrow's outstanding unpaid invoices and interest and, in respect of Services supplied but for which no invoice has been submitted, Black Arrow may submit an invoice, which shall be payable immediately on receipt;
8.6.2. any provision of the Engagement that expressly or by implication is intended to come into or continue in force on or after termination or expiry of the Engagement shall remain in full force and effect; and
8.6.3. termination or expiry of the Engagement shall not affect any of the rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of the Engagement which existed at or before the date of termination or expiry.
9. LIABILITY
9.1. Any advice Black Arrow provides to the Client during the Engagement is given in confidence solely for the Client to rely upon and solely for the purpose for which Black Arrow was retained by the Client. Black Arrow is not responsible to any third party who seeks to rely upon any such advice without Black Arrow's prior written consent having been given to such third party.
9.2. To the fullest extent permissible by law and subject to Clause 9.4 below, Black Arrow shall have no liability for losses, damages, costs, claims or expenses of whatever nature ("losses") arising out of or in connection with the Engagement in the absence of fraud, gross negligence, or wilful default in the performance or non-performance of its duties under the Engagement.
9.3. The Client undertakes to indemnify and hold harmless Black Arrow (including, for the avoidance of doubt, its appointed Sub-Contractors) and their directors, officers, employees and agents from and against all liabilities, damages, costs, claims or expenses of whatever nature arising out of or in connection with a breach of the Client's obligations or warranties in this Agreement and assumes full responsibility for such liabilities including, but not limited to, liability for the following:
9.3.1. business interruption;
9.3.2. economic loss;
9.3.3. negligent virus transmission;
9.3.4. breach of confidence;
9.3.5. in relation to Penetration Testing services:
9.3.5.1. loss of connectivity, degradation of network bandwidth or loss of access to any system and/or any network;
9.3.5.2. loss of data and/or access to it, and
9.3.5.3. breach of any applicable legislation or regulations in Guernsey and elsewhere.
The limitations and exclusions of liability under these terms do not apply to the indemnity in this Clause 9.3.
9.4. Black Arrow's total aggregate liability to the Client for any and all claims or losses arising under or in connection with this agreement shall not exceed an amount equivalent to the fees paid or payable by the Client to Black Arrow pursuant to Part II of Appendix B in the preceding twelve months from the date the first claim arose and in no circumstances shall Black Arrow be liable for:
9.4.1. any indirect, incidental, special, punitive, or consequential damages, or any loss of profits, revenue, system, network or data, or system, network or data use;
9.4.2. any losses (including downtime) resulting from the conduct of penetration testing services or for any loss caused by the Client's failure to comply with its obligations under these terms;
9.4.3. any losses (including downtime) resulting from the use of software or applications furnished by or through Black Arrow;
9.4.4. any losses resulting from the provision of false, misleading or incomplete information or documents or due to the acts or omissions of any person other than Black Arrow; or
9.4.5. in the case that Black Arrow is engaged to provide to the Client services which are "advisory-only" in nature, any losses resulting from the Client's assessment, implementation, monitoring, maintenance or failure to assess, implement, monitor or maintain any advice, strategies, policies, controls, plans or other recommendations of Black Arrow.
9.5. Where the Client suffers any losses for which Black Arrow is jointly and severally liable with any third party or third parties, the extent to which such losses shall be recoverable by the Client from Black Arrow, as opposed to the third party, shall be limited so as to be in proportion to Black Arrow's contribution to the overall fault for such losses (within the parameters of Clause 9.1 above), as agreed between all of the parties, or in the absence of agreement as finally determined by the Royal Courts of Guernsey.
10. AGREEMENT
10.1. The Client's continuing instructions will amount to the Client's acceptance of these terms.
11. GENERAL
11.1. The failure to exercise or delay in exercising a right or remedy provided by these terms or by law does not constitute a waiver of the right or remedy or a waiver of other rights and remedies. No single or partial exercise of a right or remedy provided in these terms or by law prevents further exercise of the right or remedy or the exercise of another right or remedy.
11.2. Nothing in these terms shall be construed as creating a partnership or joint venture of any kind between the Client and Black Arrow or as constituting one of the Client and Black Arrow as the agent of the other for any purpose whatsoever.
11.3. Each of the provisions contained in these terms shall be construed as independent of every other such provision, so that if any provision of these terms shall be determined by any court or competent authority to be illegal, invalid and/or unenforceable then such determination shall not affect any other provision of these terms, all of which other provisions shall remain in full force and effect.
12. GOVERNING LAW
12.1. The Engagement, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation, shall be governed by, and construed in accordance with the laws of Guernsey.
12.2. Each party irrevocably agrees that the courts of Guernsey shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with the Engagement or its subject matter or formation.
13. NOTICES
13.1. Any communication, notice or other document (including any invoice) to be given under the Engagement shall be in writing (which may include communications by email) in English and shall be deemed duly given if signed by the party giving notice and if left at or sent by post or email to the address last notified to the party sending such notice.
13.2. Any such notice or other communication shall be deemed to be given to and received by the addressee:
13.2.1. at the time the same is left at the address of or handed to a representative of the party to be served;
13.2.2. where such notice is sent by post (first class if available) to an address in the United Kingdom, the Channel Islands or the Isle of Man, 3 days following the date of posting;
13.2.3. where such notice is sent by post (airmail) to an address elsewhere, 7 days following the date of posting; and
13.2.4. in the case of an email or other means of telecommunication at the time given in the message receipt or, if such message receipt is given to Black Arrow outside Black Arrow's normal hours of business then at the beginning of the next business day when Black Arrow is open for business.
13.3. In proving the giving of a notice it shall be sufficient to prove that the notice was left, or that the envelope containing the notice was properly addressed and posted, or that the applicable means of telecommunication was addressed and despatched and despatch of the transmission was confirmed and/or acknowledged as the case may be.
14. INTERPRETATION
The following definitions apply in these terms:
Client Materials
means all materials, equipment and tools, drawings, specifications and data relating to the Client's business and affairs and supplied by the Client to Black Arrow.
Deliverables
means any outputs of the Services and any other documents or materials provided by Black Arrow to the Client as specified in the relevant engagement letter or in relation to the Services.
Inventions
means any invention, idea, discovery, development, improvement or innovation made by Black Arrow in connection with the provision of the Services, whether or not patentable or capable of registration, and whether or not recorded in any medium.
IPRs
means patents, utility models, rights to inventions, copyright and related rights, moral rights, trade marks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Services
has the meaning given to that term in the relevant engagement letter.
Sub-Contractors
appointed sub-contractors of Black Arrow, being either persons associated with Black Arrow or third parties.
Works
all records, reports, documents, papers, drawings, designs, transparencies, photos, graphics, logos, typographical arrangements, software programs, inventions, ideas, discoveries, developments, improvements or innovations and all materials embodying them in whatever form, including but not limited to hard copy and electronic form, prepared by Black Arrow in connection with the provision of the Services.