Skip to content.

This Master Services Agreement (“MSA”) is entered into as of the date of last signature (the “Effective Date”) by and between NAVEX Global, Inc., a Delaware corporation, having its principal place of business at 5500 Meadows Road, Suite 500, Lake Oswego, Oregon 97035 (“NAVEX”), and the entity signing the Order Form (as defined in Section 1.2) into which this MSA is incorporated (“Customer”). In consideration of the mutual covenants and conditions contained in this MSA and intending to be legally bound, the parties agree as follows:

**1.0                 Purpose and Scope.  **

1.1.               Master Services Agreement.  This MSA establishes the general terms and conditions with respect to NAVEX’s provision of Services to Customer. “Service” or “Services” means, collectively, the SaaS Offering (as defined in Section 2.1) and any other services provided to Customer by NAVEX, as set forth in an Order Form. This MSA and all Order Forms and other documents incorporated into the MSA by reference are, collectively, the “Agreement.”

1.2.               Order Forms and Change Orders.  The Services to be provided, and any Service-specific terms and conditions, will be set forth in a separate document or documents, as applicable, governed by this MSA (“Order Form”). Certain Services which are not recurring and for which only one-time fees apply may be added pursuant to a simplified ordering document (“Change Order”). As used herein “Order Form” includes “Change Order.” Customer’s execution of an Order Form constitutes a binding commitment to purchase the Services and items specified in such Order Form.

1.3.               Affiliates.  “Affiliate” means an entity controlling, controlled by, or under common control with a party to this MSA. Customer may authorize its Affiliates’ use of the Services provided that (i) the combined use of the Services by Customer and its Affiliates shall not exceed the applicable Subscription Metrics (as defined in Section 2.1); (ii) Customer guarantees any such Affiliate’s performance of all terms and obligations of the Agreement; (iii) Customer agrees to comply with any injunction arising out of any Affiliate’s breach of the Agreement; and (iv) Customer shall be responsible for all use of and access to the Services by any Affiliate.

1.4.               Order of Precedence.  To the extent any terms and conditions of this MSA conflict with the terms and conditions of an Order Form, the terms and conditions of the Order Form shall control.

1.5.               Applicable Law.  “Applicable Law” means any law, rule, or regulation applicable to a party.

2.0                 Services.

2.1.               Grant of Use.  During the applicable Services Term (as defined in Section 6.2), and subject to payment of applicable fees per the Agreement and Customer’s compliance with the Agreement, NAVEX grants Customer a non-transferable, non-assignable, worldwide right to access and use the proprietary governance, risk, and compliance software-as-a-service offering identified in the applicable Order Form(s) that NAVEX makes available to Customer online via a Uniform Resource Locator (URL) (“SaaS Offering”) for Customer’s internal use for purposes of managing and coordinating information.  Customer’s use is restricted to the limitations on usage of Services as designated and/or defined in the applicable Order Form, or the financial metric used to calculate applicable fees (“Subscription Metrics”).  Subscription Metrics are designated by a term such as the number of “licenses,” “employees,” “reports,” and the like. On Customer’s request, which may be rejected by NAVEX in its sole discretion, NAVEX may assist Customer, at Customer’s cost, with implementing interactions between the SaaS Offering and application programming interfaces, applications, services, products, or software provided by a third party (“Integrations”). NAVEX will make commercially reasonable efforts to ensure the features and functionality of Integrations; however, NAVEX accepts no liability for a failure of an Integration, errors, or for the unauthorized use, access, or processing of any Customer Data (as defined in Section 3.1)  that occurs as a result of an Integration.

2.2.               Online Access; Environment; Hosting Infrastructure.  NAVEX will provide Customer online access to and use of the SaaS Offering in accordance with the applicable Order Form and the user instructions, release notes, manuals, and online help files that describe the operation of the Services in the form generally made available to NAVEX customers, as may be updated from time to time (collectively, the “Technical Documentation”). Customer will access the SaaS Offering by use of a supported Customer-provided browser.  NAVEX is responsible for the hosting and management of the SaaS Offering, including obtaining and maintaining all computer hardware, software, communications systems, network, and other infrastructure necessary to permit Customer to access and use the SaaS Offering (“Hosting Infrastructure”), either directly or through its designated third-party supplier or data center.  NAVEX will manage and install within the Hosting Infrastructure all updates and upgrades that NAVEX makes generally available to its customers for the SaaS Offering.  Customer is solely responsible for obtaining and maintaining, at its own expense, all equipment and technology needed to access the SaaS Offering, including, without limitation, internet access and adequate bandwidth. 

2.3.               Updates.  Access is limited to the version of the Services in NAVEX’s production environment. NAVEX regularly updates the Services and reserves the right to make updates to the Services in the event of Service unavailability, end of life, or changes to software requirements, provided that any such modification shall not result in a material reduction in the functionality of the Services.

2.4.               Acceptable Use.  Customer acknowledges and agrees that NAVEX does not monitor or evaluate Customer Data transmitted through the Services, and NAVEX shall not be responsible for the content of any Customer Data. Customer shall use the Services exclusively for authorized and legal purposes and consistently with Applicable Law. Customer is solely responsible and liable for ensuring the appropriate use of any reports and other materials prepared by NAVEX in a manner that will not violate Applicable Law or infringe upon the rights of any third party.

2.5.               Security.  NAVEX will implement commercially reasonable and appropriate measures designed to secure Customer Data against accidental or unlawful loss, access, or disclosure. NAVEX will be responsible for ensuring the security and confidentiality of account names and passwords residing within its systems and while being received and processed by the SaaS Offering for the purpose of permitting access thereto.  Customer is responsible for instructing any individual who Customer authorizes to use the Services (“Licensed User”) to keep their respective account names and passwords strictly confidential. Customer agrees to promptly notify NAVEX if account names or passwords are lost, stolen, or otherwise compromised. Customer will not (i) breach or attempt to breach the security of the Services or of any network, servers, data, computers, or other hardware relating to or used in connection with the SaaS Offering, or of any third party that is hosting or interfacing with any part of the SaaS Offering; or (ii) use or distribute through the SaaS Offering any software, files, or other tools or devices designed to interfere with or compromise the privacy, security, or use of the SaaS Offering or the operations or assets of any other customer of NAVEX or any third party.  Customer will comply with the user authentication requirements for use of the SaaS Offering.  Customer is solely responsible for monitoring the administration of access to and use of the SaaS Offering by its Licensed Users.  Any failure by a Licensed User to comply with the Agreement shall be deemed to be a material breach by Customer, and NAVEX shall not be liable for any damages that Customer or any third party incurs resulting from such breach.  Customer must immediately take all necessary steps, including providing Notice (as defined in Section 12.5) to NAVEX, to effect the termination of an access identification for any Licensed User if there is any compromise in the security of that access identification or if unauthorized use of such access identification is suspected or has occurred.

2.6.               Support.  During the applicable Services Term (as defined in Section 6.2), NAVEX will provide support for the SaaS Offering in accordance with the schedule detailed at:, subject to reasonable updates in NAVEX’s sole discretion (“Support”).  However, NAVEX is not under any obligation to provide Support with respect to (i) SaaS Offering(s) that have been altered or modified by anyone other than NAVEX or its licensors; (ii) SaaS Offering(s) used other than in accordance with the Technical Documentation and the Agreement; (iii) discrepancies that do not significantly impair or affect the operation of the Services; or (iv) errors and/or malfunctions caused by any systems or programs not supplied by NAVEX.

2.7.               Cooperation.  Customer shall provide NAVEX with good faith cooperation as NAVEX may reasonably require from time to time in order to provide the Services, including, without limitation, providing security access, information, and software interfaces to Customer’s applications and personnel. Customer acknowledges and agrees that NAVEX’s performance is dependent upon Customer’s timely and effective satisfaction of its responsibilities hereunder and Customer’s timely decisions and approvals in connection with the Services.

3.0                 Proprietary Rights.

3.1.               Ownership.  Each party shall retain all right, title, and interest in any copyrights, trademarks, patent rights, and other intellectual property or proprietary rights it has acquired or developed prior to or outside the scope of the Agreement. Customer shall retain all right, title, and interest, including copyrights, trademarks and patent rights, in any and all Customer content provided under the Agreement and any and all derivative works thereof (collectively, “Customer Intellectual Property”).  Any data collected, received, or processed by NAVEX as required by the Services, including Personal Data (as defined in Section 4.1) but excluding Use Data (as defined in Section 3.4) (collectively, “Customer Data”), will remain the exclusive property of Customer.  NAVEX shall own and retain all right, title, and interest, including copyrights, trademarks, and patent rights in any and all Services provided under the Agreement and any and all derivative works thereof (collectively, “NAVEX Intellectual Property”).  Neither party will acquire any right, title, or interest in the intellectual property rights of the other party by virtue of its performance under the Agreement. All rights not expressly granted are reserved exclusively by the respective owner; there are no implied rights. 

3.2.               License Rights

(i)                   Customer grants NAVEX, for the Term, a limited, non-exclusive, worldwide, non-transferable, royalty-free license to reproduce, transmit, perform, copy, display, distribute, create derivative works for the sole purpose of formatting, and otherwise use any Customer Intellectual Property for the sole and limited purpose of delivering the Services to Customer per the terms of this Agreement. NAVEX agrees that any use of any of Customer’s trademarks or service marks will inure solely to the benefit of Customer and that NAVEX will not at any time acquire any rights in Customer’s trademarks or service marks.  NAVEX shall not take any action that jeopardizes any of Customer’s rights in any Customer Intellectual Property.  NAVEX may not obscure, alter, or remove any copyright, patent, trademark, service mark, or proprietary rights notices on any Customer materials.

(ii)                 NAVEX grants Customer, for the Term, a limited, non-exclusive, worldwide, non-transferable, royalty-free license to reproduce, transmit, perform, copy, display, distribute, and otherwise use any and all NAVEX Intellectual Property for the sole and limited purpose of furthering Customer’s business operations that use NAVEX Intellectual Property per the terms of this Agreement. Customer agrees that any use of NAVEX’s trademarks or service marks will inure solely to the benefit of NAVEX and that Customer will not at any time acquire any rights in NAVEX’s trademarks or service marks.  Customer shall not take any action that jeopardizes NAVEX’s rights in any NAVEX Intellectual Property.  Customer may not obscure, alter, add, or remove any copyright, patent, trademark, service mark, or proprietary rights notices on any NAVEX materials.

3.3.               Restrictions.  Customer shall not:

(i)                   sell, resell, distribute, host, lease, rent, license, or sublicense the Services or any portion thereof, including, without limitation, to provide processing services to third parties, or otherwise use the Services on a service bureau basis;

(ii)                 reverse engineer or otherwise attempt to discover the source code of or trade secrets embodied in the Services or any portion thereof;

(iii)                allow access to, provide, divulge, or make available the Services to anyone other than Licensed Users;

(iv)                write or develop any derivative works based upon the Services;

(v)                 modify, adapt, tamper with, or otherwise make any changes to the Services or any part thereof;

(vi)                create internet links to or from the Services;

(vii)               frame or mirror any materials that NAVEX provides or posts in connection with the Services, including, without limitation, training courses, text, images, graphics, sound recordings, and videos and modifications, enhancements, or new versions thereof;

(viii)             use the Services in a manner not authorized under the Technical Documentation or the Agreement, or in violation of Applicable Law; or

(ix)               use the Services, or permit them to be used, for purposes of evaluation, benchmarking, or other comparative analysis intended for external publication without NAVEX’s prior written consent, which may be withheld in NAVEX’s sole discretion.  Despite the foregoing section (ix), pursuant to Applicable Law, Customer may use NAVEX’s name in internal or regulatory communications pertaining to Customer’s agreement to use NAVEX’s Services.

3.4.               Data Aggregation, Statistical Information, and Use Data.  Customer authorizes NAVEX, as part of the Services, to access and compile certain Customer Data (excluding Personal Data), for the purpose of analysis and reporting on the effectiveness and trends in corporate ethics and compliance programs.   The Customer Data that NAVEX accesses and compiles shall be aggregated with other similar data across all NAVEX customers according to industry, company size, country, geographic region, or other relevant classification and shall not be used in any manner that would identify Customer.  Customer understands that NAVEX employs certain third-party software within its Services to enable NAVEX to better understand Licensed User behavior and provide Licensed Users with improved functionality and other relevant enhancements to the software application(s).  The data gathered from such use (“Use Data”) may include information such as browser type, pages visited, features used, and operating system version, but shall not contain Personal Data.

3.5.               Commercial Item.  The SaaS Offering and any accompanying Technical Documentation and related software were developed by NAVEX and its suppliers at private expense and are deemed to be a “commercial item,” as that term is defined in 48 C.F.R. 2.101, consisting of “commercial computer software” and “commercial computer software documentation,” as such terms are used in 48 C.F.R. 12.212.  Use, duplication, and disclosure by civilian agencies of the U.S. Government will be in accordance with FAR 52.227-19(c) or other agency data rights provisions, as may be applicable.

4.0                 Data Privacy.

4.1.               Definition of Personal Data.  “Personal Data” means any information relating to an identified or identifiable natural person. An “Identifiable Natural Person” is one who can be identified directly or indirectly, in particular by reference to one or more identifiers, such as a name, an identification number, location data, online identifier, or any other factor specific to the individual.

4.2.               Processing of Personal Data.  Customer acknowledges and agrees that NAVEX will collect, process, use, and/or store certain Personal Data in delivering the Services.  NAVEX shall comply with the NAVEX Privacy Statement (available at:, as may be amended from time to time.  NAVEX (i) has established and shall maintain appropriate technological security measures to protect against unauthorized access to any Personal Data that is stored within the Hosting Infrastructure; (ii) shall not utilize Personal Data for any purpose other than to provide Services; (iii) shall not disclose any Personal Data to any person not authorized by Customer, except as necessary to comply with Applicable Law; (iv) will act solely on the instructions of Customer in respect of all Personal Data, unless otherwise prohibited by Applicable Law; and (v) will promptly inform Customer of any confirmed Security Incident regarding disclosure of Personal Data, complaint concerning disclosure, or other unauthorized use of Personal Data. “Security Incident” means any actual or reasonably suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Customer Data, including Personal Data, by NAVEX or its Sub-processors of which NAVEX becomes aware.  All NAVEX subcontractors with access to Personal Data (“Sub-processors”) will be contractually required to comply with Applicable Law and, where applicable, Frameworks (as defined in Section 4.3), and will be bound to strict obligations of confidentiality, privacy, and security.   Customer expressly consents to NAVEX engaging Sub-processors as disclosed in an applicable Order Form. NAVEX shall be responsible for all acts and omissions by such Sub-Processors. Where Customer instructs NAVEX to engage with any third parties on behalf of Customer (for example, to implement an Integration), NAVEX shall have no liability or responsibility for the transfer of Personal Data to any such third party.

4.3.               Certification.  NAVEX is certified by the U.S. Department of Commerce under the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (collectively, the “Frameworks”) so as to ensure that adequate safeguards are adduced with respect to the protection of privacy and fundamental rights and freedoms of individuals located in the European Economic Area and Switzerland for the transfer of any Personal Data by Customer or its Licensed Users to NAVEX.   Accordingly, NAVEX agrees to process any such Personal Data in compliance with the Frameworks.  The parties agree that they will work together in good faith to enter into any additional agreements that may be legally required by either party to ensure compliance with Applicable Law, particularly with regard to applicable data privacy laws.

**5.0                 Fees and Payment. **

5.1.               Fees.  Fees are set forth in the applicable Order Form and are based on the applicable Subscription Metrics.  All fees are in United States Dollars unless otherwise agreed in an applicable Order Form. Fees are not refundable or cancellable.  NAVEX shall send all invoices and fee increase notices via email to the Customer email address indicated in the applicable Order Form, unless otherwise specified herein.

5.2.               Payment.  Unless otherwise specified in the applicable Order Form, all payment obligations start from the execution of the Order Form, with payment of all of the Order Form’s first-year fees due within thirty (30) calendar days following the invoice date.  Except as otherwise expressly specified in the Order Form, Customer shall send such payment to the address included on the invoice, and such payments shall be made in United States Dollars.  Interest accrues on past due balances until paid at the lesser of (i) one and one-half percent (1.5%) per month; and (ii) the highest rate allowed by law.  Customer shall reimburse NAVEX for expenses incurred, including interest, court costs, and reasonable attorneys’ fees, in collecting amounts due to NAVEX hereunder that are not under good faith dispute by Customer.

5.3.               Taxes.  Unless otherwise specified in the applicable Order Form, all fees for the Services exclude any direct or indirect taxes, levies, duties, or similar governmental assessments, including without limitation, any sales, use, value-added, withholding, or similar taxes (“Taxes”). Customer is responsible for paying all Taxes associated with Customer’s purchases hereunder directly to the taxing authority.  As an exception to the foregoing, if NAVEX has the legal obligation to pay or collect Taxes for which Customer is responsible under this paragraph, the appropriate amount shall be invoiced to and paid by Customer to NAVEX, unless Customer provides NAVEX with a valid tax exemption certificate authorized by the appropriate taxing authority. NAVEX is solely responsible for taxes based upon NAVEX’s net income, assets, payroll, property, and employees.

5.4.               Subscription Metrics. Customer may increase its Subscription Metrics at any time during the Services Term at then-prevailing prices. Customer may decrease Subscription Metrics at any time, but NAVEX shall not issue any refunds or reduce fees payable through the end of the then-current Services Term. At all times during the Services Term, Customer shall be responsible for ensuring sufficient Subscription Metrics to accommodate one hundred percent (100%) of its usage of the Services. If Customer’s usage of the Services exceeds the current Subscription Metrics, Customer must promptly purchase additional Subscription Metrics or NAVEX may charge then-prevailing prices for the level of usage above Customer’s current Subscription Metrics.

**6.0                 Term and Termination. **

6.1.               MSA Term.  This MSA shall remain in effect until terminated as set forth herein (“Term”).

6.2.               Services Term.  The initial term for each Service purchased, and any renewal rights or extensions, will be as set forth in the applicable Order Form (“Services Term”). 

6.3.               Suspension of Services for Non-Payment. If any fees which are not disputed by Customer in good faith are more than thirty (30) calendar days past due, NAVEX will have the right, in addition to all other rights and remedies available to it, to suspend delivery of or access to the Services. 

6.4.               Disputed Fees. Customer shall set forth in writing and in reasonable detail any amount(s) disputed in good faith and the basis or reason for the dispute.  Upon receipt of a Notice (as defined in Section 12.5) of dispute, the parties will make reasonable, diligent, good faith efforts to quickly resolve the dispute, and NAVEX shall provide such information as Customer reasonably requests in order to audit or confirm the charges.  Neither party shall be required to pay or refund, as applicable, any amounts disputed in good faith until such dispute is fully resolved.  Once the dispute is fully resolved, the agreed-upon amounts shall be paid or refunded, as applicable, within ten (10) calendar days following such resolution.

6.5.               Termination.  The Agreement may be terminated (i) by either party if the other party materially breaches the Agreement and does not cure the breach within thirty (30) calendar days after receiving Notice thereof from the non-breaching party; (ii) as set forth in Section 7.5 (Infringement Remedies); (iii) as set forth in Section 12.8 (Compliance with Law); (iv) if the other party becomes insolvent (generally unable to pay its debts as they become due) or the subject of a bankruptcy, conservatorship, receivership, or similar proceeding, or makes a general assignment for the benefit of creditors; (v) by either party at any time that no Order Form is outstanding; or (vi) by NAVEX upon the expiration of ten (10) calendar days’ Notice if any fees which are not disputed by Customer in good faith are more than thirty (30) calendar days past due.

6.6.               Partial Termination.  Where a party has rights to terminate the Agreement pursuant to Section 6.5 (Termination), the non-breaching party may, at its discretion, either terminate the entire Agreement or the applicable Order Form. Order Forms that are not terminated shall continue in full force and effect under the terms of this MSA.

6.7.               Effects of Termination or Partial Termination.  Upon any termination, without prejudice to any other rights or remedies that the parties may have, all rights licensed and obligations required hereunder shall immediately cease, except as otherwise provided.  Each party may retain, subject to this MSA, copies of Confidential Information required for internal record keeping purposes and for compliance with Applicable Law. Unless otherwise documented by the parties, all Customer Data within the Hosting Infrastructure shall be deleted within forty-five (45) days of expiration or termination of this MSA or Order Form, as applicable.  Customer Data stored in backups shall be overwritten in accordance with NAVEX’s backup and retention cycle. If NAVEX terminates the Agreement or an Order Form per Section 6.5(vi), Customer agrees that it shall remain responsible for all outstanding fees payable to NAVEX for the Services Term and NAVEX may declare all such fees immediately due and payable. Customer acknowledges that such amounts are liquidated damages reflecting a reasonable measure of actual damages and not a penalty. 

7.0                 Warranties and Disclaimers.

7.1.               NAVEX Services Warranty.  NAVEX warrants that:

(i)         the SaaS Offering, as updated in accordance with Section 2.3 and when used in accordance with the current Technical Documentation, will perform in all material respects, as specified in such Technical Documentation, during the applicable Services Term;

(ii)        all Services will be performed in a professional manner, in accordance with industry standards; and

(iii)      NAVEX will not design its systems to include any “back door,” “time bomb,” “Trojan horse,” “worm,” “drop dead device,” “virus,” “preventative routines,” or other similar computer software routines.

7.2.               Breach of Services Warranty Remedies. In the event of any breach of Section 7.1(i), NAVEX shall diligently endeavor to remedy any material failures of a Service to conform to its functional specifications, as described in the Technical Documentation, that Customer reports to NAVEX and that NAVEX is able to replicate during the applicable Services Term (“Errors”). The foregoing shall be Customer’s sole remedy, and shall be NAVEX’s sole liability, for any uncured breach of Section 7.1(i).  NAVEX shall not be obligated to correct Errors resulting from any (i) components or content that NAVEX does not provide, or from any Integration; (ii) unauthorized use or use of the Services other than in accordance with the Technical Documentation and the Agreement; or (iii) viruses, malicious software, or other disruptive programs or applications that Customer, its agents, or its Licensed Users introduce into the Services or which are introduced into the Services as a result of Customer’s use of the Services. 

7.3.               Customer Warranties.  Customer represents and warrants that:

(i)         Customer and Licensed Users are authorized to provide all Customer Data and any other data and information submitted to the Services and that all Integrations requested by Customer are authorized;

(ii)        Customer’s and Licensed Users’ use of the Services and provision of Customer Data will comply with Applicable Law;

(iii)       NAVEX’s use of Customer Data in providing the Services will not infringe the intellectual property or other proprietary rights of any third party;

(iv)       Customer will be responsible for promptly obtaining and providing to NAVEX all consents required for Customer to use the Services; and

(v)        Customer will not modify or create derivative works based on the SaaS Offering or any other Services, or attempt to decode, decipher, decompile, disassemble, or reverse engineer the SaaS Offering or any other Services or deliverables. 

7.4.               Mutual Warranties.  Each party represents and warrants that:

(i)         the execution, delivery, and performance of this MSA has been and shall be duly authorized by the executing party;

(ii)        the executing party’s performance of its obligations will not conflict with, result in a breach of, or constitute a default under any other agreement to which that party is bound; and

(iii)       the executing party is in material compliance with all Applicable Laws with regard to its obligations under the Agreement.

7.5.               Infringement Remedies.  If the SaaS Offering infringes, or if NAVEX believes that the SaaS Offering infringes, on the intellectual property or other proprietary rights of any third party, NAVEX may, in its sole discretion, (i) modify the SaaS Offering to be non-infringing, (ii) obtain for Customer a license to continue using the affected SaaS Offering, or (iii) if neither (i) nor (ii) are practical in NAVEX’s sole judgment, terminate the affected SaaS Offering and return to Customer the unused portion of any fees paid for the affected SaaS Offering.  Subject to the parties also meeting their express indemnification obligations under this MSA, NAVEX’s satisfactory performance of any one or all of the remedies set forth in the preceding sentence shall be Customer’s sole and exclusive remedy for NAVEX’s breach of the infringement warranty or for any damages incurred from early termination of the applicable Order Form due to a third-party infringement claim.


7.7.               Additional Disclaimers and Agreements.

(i)                   LEGAL SERVICES.  NAVEX is not engaged in the practice of law.  In the provision of Services, certain issues may arise that are quasi-legal in nature.  Any statements or assistance NAVEX PROVIDES in these matters should be interpreted as opinions or advice concerning business issues to be considered in connection with the Services.  Customer represents and warrants it is not relying upon NAVEX to provide legal services. 

(ii)                 USE.  Customer agrees and acknowledges that it is fully responsible for its use of the Services.  NAVEX expressly disclaims any liability as a result of Customer’s use of the Services or Customer’s actions or inactions with respect to any information derived therefrom, except where such liability first arose as a direct result of NAVEX’s (a) material breach of this MSA, or (b) grossly negligent act or omission in delivering the Services. NAVEX WILL NOT BE RESPONSIBLE FOR PAYMENT OF ANY FINES ASSESSED AGAINST CUSTOMER OR ITS LICENSED USERS BY ANY REGULATORY AUTHORITY FOR CUSTOMER’S FAILURE TO COMPLY WITH STATUTORY OR REGULATORY REQUIREMENTS OF ANY KIND. 

8.0                 Indemnification.

8.1.               By NAVEX.  NAVEX will indemnify and defend Customer and its officers, directors, employees, and agents against any costs and expenses (including reasonable attorneys’ fees and disbursements), liability, and costs from suits, actions, or proceedings threatened, made, or brought by any third party in connection with any and all allegations, claims, or demands (“Losses”) to the extent such Losses relate to or arise from (i) NAVEX’s violation of Applicable Law; or (ii) a claim that the SaaS Offering infringes or misappropriates any third-party intellectual property rights.  NAVEX’s obligations in this Section 8.1 do not apply (A) to the extent that the allegedly infringing SaaS Offering, portions or components thereof, or modifications thereto result from any change made by Customer or any third party for Customer; (B) if the infringement claim could have been avoided by using an unaltered current version of a SaaS Offering that NAVEX provided; (C) to the extent that an infringement claim is based upon any information, design, specification, instruction, software, data, or material not furnished by NAVEX, or any material from a third-party portal or other external source that is accessible to Customer within or from the SaaS Offering (e.g., a third-party web page accessed via a hyperlink) or a third-party product; (D) to the extent that an infringement claim is based upon the combination of any material with any products or services not provided by NAVEX; or (E) to the extent that an infringement claim is caused by Customer providing to NAVEX materials, designs, know-how, software, or other intellectual property with instructions to NAVEX to use the same in connection with the SaaS Offering.

8.2.               By Customer.  Customer will indemnify and defend NAVEX and its officers, directors, employees, and agents against any and all Losses to the extent such Losses relate to or arise from:

(i)         a claim that any Customer Intellectual Property infringes or misappropriates any third-party intellectual property rights;

(ii)        from all Taxes for which Customer is liable;

(iii)      Customer’s and Customer’s Affiliates’ use of the Services, provided that such use is the sole and proximate cause of the request for indemnification under this subsection; or

(iv)       Customer’s violation of Applicable Law.

8.3.               Mutual Obligations.  The party from whom indemnification is being sought pursuant to this Section 8.3 (“Indemnifying Party”) shall indemnify the party seeking indemnification from the Indemnifying Party (“Indemnified Party”) only on the following conditions: (i) the Indemnified Party has a valid claim for indemnification pursuant to Section 8.0; (ii) the Indemnified Party promptly provides the Indemnifying Party with Notice of any Losses; and (iii) the Indemnified Party promptly tenders control of the defense and settlement of any such Losses to the Indemnifying Party (at the Indemnifying Party’s expense and with the Indemnifying Party’s choice of counsel); with the exception that failure to give such Notice shall not relieve the Indemnifying Party of its obligations hereunder except to the extent that the Indemnifying Party is materially prejudiced by such failure.  The Indemnified Party shall cooperate fully with the Indemnifying Party at the Indemnifying Party’s request and expense in defending or settling such claim, including, without limitation, providing any information or materials necessary for the Indemnifying Party to perform the foregoing.  The Indemnifying Party will not enter into any settlement or compromise of any such claim without the Indemnified Party’s prior written consent if the settlement would require admission of fault or payment by the Indemnified Party.

**9.0                 Confidential Information. **

9.1.               Definition of Confidential Information“Confidential Information” means any information disclosed at any time by either party, its Affiliates, directors, officers, employees, and agents (collectively, “Representatives”), to the other party or its Representatives in anticipation of or during the parties’ relationship, either directly or indirectly, in writing, orally, or by inspection of tangible objects that pertain to such party’s business, including, without limitation, information concerning technology, marketing, planned functionality, market strategies, finances, employees, planning, product roadmaps, service or product purchases, performance agreements and documentation, performance results, pricing, and other confidential or proprietary information, including information a reasonable person would understand to be confidential or proprietary.  Confidential Information of either party will not, however, include any information that:

(i)         was publicly known and that the disclosing party made generally available in the public domain prior to the time of disclosure;

(ii)        becomes publicly known and that the disclosing party made generally available after disclosure to the receiving party through no action or inaction of the receiving party;

(iii)      is already in the possession of the receiving party without a breach of any third party’s obligations of confidentiality at the time of disclosure by the disclosing party, the burden of proof of prior possession being on the party asserting such prior possession;

(iv)       the receiving party obtains from a third party without a breach of such third party’s confidentiality obligations; or

(v)        the receiving party independently develops without use of or reference to the disclosing party’s Confidential Information, the burden of proof of independent development being on the party asserting such independent development.

9.2.               Disclosure of Confidential Information.  Each party shall (i) hold all Confidential Information of the other party in confidence and use it only as permitted in connection with the Services provided under the Agreement; (ii) use the same care to prevent unauthorized disclosure of the disclosing party’s Confidential Information as the receiving party uses with respect to its own Confidential Information of a similar nature, which shall not, in any case, be less than the care a reasonable business person would use under similar circumstances; (iii) disclose only the Confidential Information required to comply with a court order or Applicable Law in conjunction with fulfilling obligations under Section 9.4; and (iv) only disclose the Confidential Information to its Representatives who have a need to know such information in order to perform their job, have been informed of its confidential nature, and have agreed to and are bound by no less restrictive confidentiality obligations than those in this MSA. Each party shall be liable for their respective Representative’s breach of this MSA. Confidential Information shall not be disclosed to third parties without the other party’s prior written consent unless required by Applicable Law. 

9.3.               Injunctive Relief.  Each party acknowledges that a party’s actual or threatened breach of its confidentiality obligations under Section 9.0 would likely cause irreparable harm to the non-breaching party that could not be fully remedied by monetary damages.  Each party, therefore, agrees that the non-breaching party may seek such injunctive relief or other equitable relief as may be necessary or appropriate to prevent such actual or threatened breach without the necessity of proving actual damages.  Each party waives the requirement to post a bond in the event of such actual or threatened breach.

9.4.               Legal Process.  If either party receives notice of a subpoena, request for production of documents, court order, or requirement of a governmental agency to disclose any information or respond to an official inquiry (“Legal Process”), the recipient thereof shall, if permitted by law, give prompt Notice to the other party so the other party may move for a protective order or other relief.  If either party is required to respond to or support such Legal Process involving the other party (but not where the parties are adverse to one another), the responding party shall be entitled to recover from the other party all reasonable costs, fees, and expenses that the responding party incurs, including reasonable fees for time expended by internal resources and reasonable attorneys’ fees.  Each party agrees to cooperate fully with the other party to respond to any notice or inquiry from a third party related to the Agreement.

10.0              Liability Exclusions and Limitations.




10.2.            Time Limit for Bringing Action.  No claim or action, regardless of form, arising out of the Agreement, other than a claim or action relating to a breach of confidentiality or infringement, may be brought by either party more than two (2) years after the cause of action has arisen.

11.0              Governing Law.  Any dispute between the parties related to the Agreement will be governed by the substantive and procedural rules of Delaware, without regard to conflict of law principles.  The parties agree to submit to the exclusive jurisdiction of and venue in the state and federal courts of Multnomah County, Oregon, and each party waives any claims it may have for forum non conveniens.  The parties agree that the Uniform Computer Information Transactions Act shall not apply to the Agreement.

12.0              General Provisions.

12.1.            Publicity.  With prior written approval (which may occur via email), NAVEX may use Customer’s name and trademarks (including use of logos) (i) in NAVEX’s customer lists for marketing or promotional purposes; (ii) in press releases and other communications pertaining to Customer’s agreement to use NAVEX’s services; and (iii) on NAVEX’s website and other sales and marketing media, including collateral, emails, tradeshow displays, and signs.

12.2.            Insurance.  NAVEX shall, at its own cost and expense, acquire and continuously maintain the insurance coverages detailed at the following website during the Term:

12.3.            Third-Party Beneficiaries.  Unless otherwise prohibited by Applicable Law, nothing in the Agreement shall be construed to give any person or entity other than the parties hereto any legal or equitable claim, right, or remedy; rather, the Agreement is intended to be for the sole and exclusive benefit of the parties.

12.4.            Assignment.  The terms of the Agreement shall be binding on the parties and their respective successors. Neither party may assign, transfer, or delegate its rights or obligations under the Agreement (in whole or in part) without the other party’s prior written consent, except (i) to an Affiliate; or (ii) pursuant to a transfer of all or substantially all of such party’s business and assets, whether by merger, sale of assets, sale of stock, or otherwise.  Any attempted assignment, transfer, or delegation in violation of the foregoing shall be null and void.

12.5.            Notice, Generally.  “Notice” means written notification to a party that shall be sent via email only, unless otherwise indicated herein.  Any Notice to NAVEX shall be sent to:

12.6.            Consents and Approvals.  Unless the parties have agreed otherwise herein, all consents and approvals required under the Agreement must be delivered in writing by courier or certified or registered mail (postage prepaid and return receipt requested) to the other party at the address set forth on the most recent Order Form.  Such consent or approval shall be deemed delivered when received.  Customer shall send a copy of such consent or approval to on the same date the consent or approval is sent. 

12.7.            No Agency.  The Agreement shall not be construed to create a joint venture or partnership between the parties.  Neither party shall be deemed to be an employee, agent, partner, or legal representative of the other for any purpose, nor shall either party have any right, power, or authority to create any obligation or responsibility on behalf of the other. 

12.8.            Compliance with Law

(i)         Each party shall be responsible for compliance with Applicable Law related to the performance of its obligations under the Agreement.

(ii)        NAVEX’s Services are subject to U.S. sanctions laws and may not be sold or licensed to any party listed on the Specially Designated Nationals List maintained by the U.S. Department of the Treasury (“Restricted Party”) or in U.S.-sanctioned countries (the most up-to-date lists can be found at Customer represents and warrants that neither Customer, its Representatives, nor, to Customer’s knowledge, its Affiliate’s Representatives are currently the subject of any investigation by the Office of Foreign Assets Control (OFAC), Department of the Treasury, or any other Governmental Authority pursuant to any laws that OFAC or any other Governmental Authority administers (“Sanctions Investigation”).  Customer shall promptly notify NAVEX if it or any of its Representatives or its Affiliates’ Representatives become the subject of any Sanctions Investigation.  Customer agrees not to transfer or provide access to the Services (a) to any Restricted Party; or (b) in or for the benefit of individuals or entities from such U.S.-sanctioned countries. Further, Customer agrees not to use the Services for the benefit of a Restricted Party or individuals or entities from such U.S.-sanctioned countries.  Customer represents and warrants that it is not directly or indirectly owned by, controlled by, owning, controlling, or named as a Restricted Party. NAVEX and its Affiliates may not do business with a Restricted Party under U.S. law (the most up-to-date lists can be found at and

(iii)      Customer represents and warrants that its use of NAVEX’s Services will in all respects comply with current U.S. export controls regulations and requirements, including, without limitation, those promulgated by U.S. Departments of State, Commerce, Homeland Security, Treasury, and Defense. Any breach of this Section 12.8 is a material breach of the Agreement for which no cure period shall apply.

12.9.            Force Majeure.  Except for payment of fees, neither party shall be liable for failure to perform, or the delay in performance of, any of its obligations under the Agreement if and to the extent that such failure or delay is caused by events beyond its reasonable control, including, without limitation, acts of the public enemy or a governmental body in its sovereign or contractual capacity, war, fire, flood, unusually severe weather, outside electrical failure, the limitations or failures of third-party internet service providers and/or telecommunication providers, the performance or failures of internet service providers, or acts of terrorism, including cyberattacks on NAVEX’s computer systems or those of third parties, including, without limitation, internet service providers and telecommunication providers.  If so affected, the affected party shall use commercially reasonable efforts to avoid or remove such causes of non-performance or delay and shall continue performance hereunder with reasonable dispatch whenever such causes are removed or otherwise resolved.

12.10.         Waiver.   No waiver or delay in enforcement of any breach of any provision of the Agreement shall constitute a waiver of any prior, concurrent, or subsequent breach of the same or any other provision hereof, and a waiver shall not be effective unless made in writing and signed by an authorized representative of the waiving party. 

12.11.         Survival.  The terms and conditions of the Agreement that by their nature require performance by either party after the termination of this MSA, including, without limitation, confidentiality obligations, limitations of liability, exclusions of damages, indemnification obligations, governing law, fees owed prior to the date of termination, and any other provision or partial provision that by its nature would reasonably extend beyond the termination of this MSA shall be and remain enforceable after such termination of this MSA for any reason whatsoever.

12.12.         Severability.  If any provision of the Agreement conflicts with governing law or if any provision is held to be null, void, or otherwise ineffective or invalid by a court of competent jurisdiction, (i) such provision shall be deemed to be restated to reflect as nearly as possible the original intentions of the parties in accordance with Applicable Law; and (ii) the remaining terms, provisions, covenants, and restrictions of this MSA shall remain in full force and effect.

12.13.         Audit.  During NAVEX’s regular business hours, but not more frequently than once a year, Customer may, at its sole expense, perform a confidential audit of NAVEX’s compliance with Section 4.0 of this MSA as it pertains to the SaaS Offering provided under the Agreement.  Any onsite audit shall be conducted on a mutually agreed date, which shall not be sooner than thirty (30) calendar days after NAVEX’s receipt of Customer’s written request for such audit.  Such audits shall be limited to security systems as they pertain to the SaaS Offering, and the onsite portion of the audit shall not exceed a cumulative four (4) hours at NAVEX’s facilities.  If the audit exceeds such four- (4) hour period, Customer shall be responsible for payment of professional services fees to NAVEX at the current hourly rate for professional services.  If the audit is to be performed by a third party on Customer’s behalf, such third party shall (i) not be a direct or indirect competitor of NAVEX, and (ii) execute prior to commencement of the audit a confidentiality and non-disclosure agreement, as presented by and for the benefit of NAVEX.  Upon completion of the audit, Customer shall promptly provide NAVEX a summary of the findings from each report prepared in connection with any such audit and discuss results, including any remediation plans.  If audit results find NAVEX is not in substantial compliance with the requirements of Section 4.0 of this MSA, then Customer shall be entitled, at NAVEX’s expense, to perform up to one (1) additional such audit in that year in accordance with the procedure set forth in this Section.  NAVEX agrees to work with Customer to identify reasonable remediation actions and to promptly take action at NAVEX’s expense to correct those matters. 

12.14.         Entire Agreement.  The Agreement constitutes the complete agreement between the parties and supersedes all prior or contemporaneous agreements, proposals, responses to requests for proposals, representations, and warranties, written or oral, concerning the subject matter of the Agreement, including any prior non-disclosure or confidentiality agreement(s), which shall be replaced by those terms and conditions set forth in Section 9.0 unless otherwise expressly agreed to in writing by the parties.  The Agreement may be modified or amended only in writing signed by a duly authorized representative of each party; any other act, usage, or custom shall not be deemed to amend or modify the Agreement.  It is expressly agreed that the terms of the Agreement shall supersede the terms in any Customer purchase order, and the terms included in any such purchase order or other Customer policy shall not (i) apply to the Services ordered; or (ii) in any way modify, revise, supplement, or otherwise affect the terms and conditions of the Agreement.  If Customer requires processing of payments through a third-party payment vendor, it is understood and agreed that use of such third-party payment vendor is solely for the convenience of Customer and documentation associated with payment submission shall not in any way modify, add to, or delete any of the terms and conditions of the Agreement.  Any costs associated with the use of such third-party payment vendor shall be borne exclusively by Customer. 

12.15.         Section Headings.  The Section headings are for reference purposes only and shall not in any way affect the meaning or interpretation of this MSA.

12.16.         Counterparts.  The parties may execute this MSA and any Order Form in counterparts.  An exchange of scanned and emailed executed copies or electronic signatures is acceptable.  In the event of such an exchange, this MSA and any Order Form shall become binding, and any scanned and emailed signed copies or electronic signatures shall constitute admissible evidence of the existence of this MSA or Order Form.

12.17.         Updates.  NAVEX may from time to time make updates to the terms incorporated into and contained in this MSA; provided, however, any existing MSA shall remain subject to the terms that have been incorporated into or contained in this MSA as of the Effective Date of this MSA until the expiration of the Term.