These General Terms and Conditions of Service (these “Terms”) govern all services performed by IRIS Solutions, LLC, a Delaware limited liability company with offices located at 8700 Red Oak Boulevard, Suite H, Charlotte, North Carolina 28217 (“us”, “our”, “we” or “IRIS”), to any customer or client (“Client” or “you”) as set forth in the Services Agreement between IRIS and Client (the “Services Agreement”).  Capitalized terms used but not defined in these Terms shall have the meanings set forth in the Services Agreement.

Notwithstanding anything in the Services Agreement to the contrary, the Services Agreement may be terminated prior to its expiration as follows:

  1. Termination Without Cause. If IRIS decides to cease providing a service to all of its customers generally, then IRIS may terminate the Services Agreement without cause by providing no less than one hundred and twenty (120) days prior written notice to you.
  2. Termination For Cause. In the event that one party (a “Defaulting Party”) commits a material breach under the Services Agreement (including these Terms), the non-Defaulting Party will have the right, but not the obligation, to terminate immediately the Services Agreement (a “For Cause” termination) provided that (i) the non-Defaulting Party has notified the Defaulting Party of the specific details of the breach in writing, and (ii) the Defaulting Party has not cured the default within twenty (20) days (ten (10) days for non-payment by Client) following receipt of written notice of breach from the non-Defaulting Party.  If IRIS terminates the Services Agreement For Cause, then IRIS shall be entitled to receive, and you hereby agree to pay to us, (i) all amounts that would have been paid to IRIS had the Services Agreement remained in effect until the expiration of the Initial Term or the then-current Renewal Term, as applicable, (ii) all expenses incurred by us in our preparation and provision of the Services to you, g., licensing fees incurred by IRIS, non-mitigatable hard costs, etc., and (iii) all expenses incurred by us in our attempt to collect amounts owed, including any attorney fees.  If you terminate the Services Agreement For Cause, then you will be responsible for paying only for those Services that were properly delivered and accepted by you up to the effective date of termination.
  3. Client Activity As A Basis for Termination. In the event that (i) any Client-supplied equipment, hardware or software, or any action undertaken by you, causes the System or any part of the System to malfunction consequently requiring remediation by IRIS on three (3) occasions or more (“System Malfunction”), and if under those circumstances, you fail to remedy, repair or replace the System Malfunction as directed by us (or you fail to cease the activity causing the System Malfunction, as applicable), or (ii) you or any of your staff, personnel, contractors, or representatives engage in any unacceptable act or behavior that renders it impracticable, imprudent, or unreasonable to provide the Services to you, then IRIS will have the right, upon ten (10) days prior written notice to you, to terminate the Services Agreement For Cause or, at our discretion and if applicable, amend the Services Agreement to eliminate from coverage any System Malfunction or any equipment or software causing the System Malfunction.
  4. You and we may mutually consent, in writing, to terminate the Services Agreement at any time.
  5. Equipment / Software Removal. Upon termination of the Services Agreement for any reason, you will provide us with access, during normal business hours, to your premises or any other locations at which IRIS-owned equipment or software (collectively, “IRIS Equipment”) is located to enable us to remove all IRIS Equipment from the premises.  If you fail or refuse to grant IRIS access as described herein, or if any of the IRIS Equipment is missing, broken or damaged (normal wear and tear excepted) or any IRIS-supplied software is missing, we will have the right to invoice you for, and you hereby agree to pay immediately, the full replacement value of any and all missing or damaged items.

Transition; Deletion of Data. In the event that you request IRIS’ assistance to transition away from our services, we will provide such assistance if (i) all fees due and owing to us are paid to us in full prior to IRIS providing its assistance to you, and (ii) you agree to pay our then-current hourly rate for such assistance, with up-front amounts to be paid to us as we may require. For the purposes of clarity, it is understood and agreed that the retrieval and provision of passwords, log files, administrative server information, or conversion of data are transition services, and are subject to the preceding requirements. Unless otherwise expressly agreed by IRIS in writing, we will have no obligation to store or maintain any Client data in our possession or control beyond fifteen (15) calendar days following the termination of the Services Agreement.  We will be held harmless for, and indemnified by you against, any and all claims, costs, fees, or expenses incurred by either party that arise from, or are related to, our deletion of your data beyond the time frames described in this Section 3(f).

  1. For the purposes of these Terms, “System” means, collectively, any computer network, computer system, peripheral or device installed, maintained, monitored, or operated by IRIS pursuant to the Services Agreement.  To avoid a delay or negative impact on our provision of the Services, during the term of the Services Agreement you agree to refrain from modifying or moving the System, or installing software on the System, unless we expressly authorize such activity.
  2. Requirements. At all times, all software on the System must be genuine and licensed, and you agree to provide us with proof of such licensing upon our request.  If we require you to implement certain minimum hardware or software requirements pursuant to the Services Agreement (“Minimum Requirements”), you agree to do so as an ongoing requirement of us providing our Services to you.
  3. Maintenance; Updates. If patches and other software-related maintenance updates (“Updates”) are provided under the Services Agreement, we will install the Updates only if we have determined, in our reasonable discretion, that the Updates will be compatible with the configuration of the System and materially beneficial to the features or functionality of the affected software or hardware.  We will not be responsible for any downtime or losses arising from or related to the installation or use of any Update, provided that the Update was installed in accordance with the manufacturer’s or applicable vendor’s instructions.
  4. Third Party Support. If, in IRIS’ discretion, a hardware or software issue requires vendor or OEM support, we may contact the vendor or OEM (as applicable) on your behalf and pass through to you, without markup, all fees and costs incurred in that process.  If such fees or costs are anticipated in advance or exceed $100, we will obtain your permission before incurring such expenses on your behalf unless exigent circumstances require otherwise.
  5. Advice; Instructions. From time to time, we may provide you with specific advice and directions related to our provision of the Services or the maintenance or administration of the System.  (For example, our advice or directions may include increasing the System’s server or hard drive capacity or replacing obsolete equipment.) You agree to promptly follow and implement any directions we provide to you related to the Services which, depending on the situation, may require you to make additional purchases or investments in the System or the environment in which the System is maintained, at your sole cost.  We will not be responsible for any problems or issues (such as System downtime or security-related issues) caused by your failure to promptly follow our advice or directions.  If your failure to follow or implement our advice renders part or all of the Services economically or technically unreasonable to provide in our discretion, then we may terminate the Services Agreement for cause by providing notice of termination to you.  Unless specifically and expressly stated in these Terms, any services required to remediate issues caused by your failure to follow IRIS’ advice or directions, or your unauthorized modification of the System, as well as any services required to bring the System up to or maintain the Minimum Requirements, are not covered under the Services Agreement or these Terms and will be out-of-scope.

Each party (an “Indemnifying Party”) agrees to indemnify, defend and hold the other party (an “Indemnified Party”) harmless from and against any and all losses, damages, costs, expenses or liabilities, including reasonable attorneys’ fees, (collectively, “Damages”) that arise from, or are related to, the Indemnifying Party’s breach of the Services Agreement (including these Terms).  The Indemnified Party will have the right, but not the obligation, to control the intake, defense and disposition of any claim or cause of action for which indemnity may be sought under this section.  The Indemnifying Party shall be permitted to have counsel of its choosing participate in the defense of the applicable claim(s); however, (i) such counsel shall be retained at the Indemnifying Party’s sole cost, and (ii) the Indemnified Party’s counsel shall be the ultimate determiner of the strategy and defense of the claim(s) for which indemnity is provided.  No claim for which indemnity is sought by an Indemnified Party will be settled without the Indemnifying Party’s prior written consent, which shall not be unreasonably delayed or withheld.

  1. Remedies; Limitations. Except for the Onboarding Exception, if we fail to meet our service level commitment in a given calendar month and if, under such circumstances, our failure is not due to your activities, omissions, or inactivity, then upon receiving your written request for credit, we will issue you a pro-rated credit in an amount equal to the period of time of the outage and/or service failure.  All requests for credit must be made by you no later than forty-five (45) days after you either (i) report the outage or service failure to us, or (ii) if applicable, receive a monthly report showing the outage and/or failure.  The remedies contained in this paragraph are in lieu of (and are to the exclusion of) any and all other remedies that might otherwise be available to you for our failure to meet any service level commitment during the term of the Services Agreement.
  2. Onboarding Exception. You acknowledge and agree that for the first thirty (30) days following the Effective Date, the Response Time commitments described in these Terms will not apply to us, it being understood that there may be unanticipated downtime or delays due to our initial startup activities with you (the “Onboarding Exception”).

Any dispute, claim or controversy arising from or related to the Services Agreement (including these Terms), including the determination of the scope or applicability of this agreement to arbitrate, shall be determined by arbitration before one arbitrator to be mutually agreed upon by the parties. The arbitration shall be administered and conducted by JAMS pursuant to its Streamlined Arbitration Rules and Procedures (the “Rules”).  In the event of any inconsistency between the Rules and the procedures set forth below, the procedures set forth below will control.  The arbitrator will be experienced in contract, intellectual property and information technology transactions.  If the parties cannot agree on an arbitrator within fifteen (15) days after a demand for arbitration is filed, JAMS shall select the arbitrator.  The arbitration shall take place in the venue described in Section 14(l), below. The arbitrator shall determine the scope of discovery in the matter, however, it is the intent of the parties that any discovery proceedings be limited to the specific issues in the applicable matter, and that discovery be tailored to fulfill that intent.  The cost of the arbitration shall be split evenly between the parties; however, the party prevailing in the arbitration shall be entitled to an award of its reasonable attorneys’ fees and costs.

IRIS, when providing the Services, is acting independently, as an independent contractor.  Any employee or other personnel that IRIS uses to perform the Services shall be deemed, at all times and for all purposes, employees or other personnel of IRIS and shall not be, and shall not be deemed to be, employees or other personnel of Client for any purpose.  Nothing in the Services Agreement (including these Terms) is intended to constitute, and nothing in the Services Agreement (including these Terms) shall be deemed to constitute, a partnership, agency, franchise or joint venture relationship between the parties.

End of General Terms and Conditions of Service

Exhibit A

Out-of-Scope Labor Rates; Excluded Services

Work Type
Fractional CIO Consulting – Director Level of Higher                                                     $200/hr.
Advanced IT Consulting – Manager Level Technician $185/hr.
Standard IT Consulting – Senior Technician $150/hr.
After-Hours work & Holiday Rate (If covered asset, rate is in excess of Service Agreement.  If non-covered asset or out-of-scope work, amount is in addition to standard billing rates above.) $50/hr.

The following services are not included within the Services and will be subject to the hourly rates descried on this Exhibit A:

  1. Customization of third-party applications.
  2. Support for operating systems, applications, or hardware this is out of warranty and/or no longer supported by the manufacturer.
  3. Data/voice wiring or cabling services of any kind.
  4. Equipment relocation.
  5. The cost to bring the System up to the Minimum Requirements.
  6. The cost of repairs to hardware or any supported equipment or software, or the costs to acquire parts or equipment, or shipping charges of any kind.
  7. Failure due to acts of God, building modifications, power failures, acts of terror, sabotage (intentional or otherwise), or other adverse environmental conditions or factors.
  8. Service and repair made necessary by the alteration or modification of equipment other than that authorized by IRIS, including alterations, software installations or modifications of equipment made by Client’s employees or anyone other than IRIS.
  9. Maintenance of application software packages, whether acquired from IRIS or any other source.
  10. Training services of any kind, except those explicitly requested by Client by selecting one of IRIS’ training subscription service add-ons.
  11. Consumables such as printer maintenance kits, toner, ink, batteries, paper, etc. are not included or covered under the Services Agreement and will be invoiced separately.
  12. Implementation of new technologies, relocations, website updates, and application development.
  13. IMACS (installations, moves, adds and changes) initiated by Client to include change of ISP for phones and/or internet, new hardware or software packages not initially included during on boarding. These would be considered Client made changes that may include billable time.

The foregoing list is illustrative only and is not intended to be a complete list of out-of-scope services.

Exhibit B

Assumptions / Minimum Requirements

The scheduling, fees and provision of the Services are based upon the following assumptions and minimum requirements:

  1. All Servers with Microsoft Windows Operating Systems must be running versions currently supported by Microsoft, and have all of the latest Microsoft Service Packs and Critical Updates installed.
  2. All Desktop PC’s and Notebooks/Laptops with Microsoft Windows Operating Systems must be running Windows 10 or later, and have all of the latest Microsoft Service Packs and Critical Updates installed.
  3. All Server and Desktop Software must be Genuine, Licensed and Vendor-Supported.
  4. The environment must have a currently licensed, up-to-date Antivirus Solution protecting all Servers, Desktops, Notebooks/Laptops, and Email
  5. The environment must have a currently licensed backup solution that can be monitored, and send notifications on job failures and successes that is in line with IRIS Solutions’ standards.
  6. The environment must have a hardware firewall between the Internal Network and the Internet that is in line with IRIS Solutions’ standards.
  7. Client must not affix or install any accessory, addition, upgrade, equipment or device on to the firewall or NAS appliances (other than electronic data) unless expressly approved in writing by us.
  8. A current and correct list of user passwords to provide to us.
  9. Client must provide us with exclusive administrative privileges on the firewall and NAS appliances.
  10. Client agrees to maintain “high speed Internet” with a static IP address and a minimum of 10 megabytes per second (“Mbps”) download and 2 Mbps upload. If client does not maintain minimum bandwidth, IRIS Solutions will not be able to manage client network and cannot be held responsible for service.

Exhibit C

Service Levels

Trouble / Severity
Managed Service Plan* A La Carte / Services not Covered by a Plan
Priority 1 – Critical problem:  Service not available (all users and functions unavailable) Response within fifteen (15) minutes after notification Best efforts
Priority 2 – Significant degradation of service (large number of users or business critical functions affected) Response within one (1) hour after notification Best efforts
Priority 3 – Limited degradation of service (limited number of users or functions affected, business process can continue) Response within two (2) business hours after notification Best efforts


*All time frames are calculated as of the time that IRIS is notified of the applicable issue / problem by Client through IRIS’ designated support portal, help desk email at, or by telephone at 704-523-3877 during our standard business hours of 7:30am-5:00pm, Monday- Friday. Notifications received in any manner other than described herein may result in a delay in the provision of remediation efforts.

Exhibit D

Additional Terms


Unless otherwise expressly provided in the Services Agreement, remediation services will be provided in accordance with the recommended practices of the managed services industry.  Client understands and agrees that remediation services are not intended to be, and will not be, a warranty or guarantee of the functionality of any particular device, or a service plan for the repair of any particular managed hardware or software.

Monitoring Services; Alert Services.

Unless otherwise expressly indicated in the Services Agreement, all monitoring and alert-type services are limited to detection and notification functionalities only.  These functionalities are guided by Client-designated policies, which may be modified by Client as necessary or desired from time to time.  Initially, the policies will be set to a baseline standard as determined by IRIS; however, Client is advised to establish and/or modify the policies that correspond to Client’s specific monitoring and notification needs. Client shall not modify these policies without sending a 72-hour advanced written notification to IRIS.

Modification of System.

The Services rely upon physical and virtual configurations of the System as known to, and (if applicable) determined by, IRIS. Changes made to the System without our prior authorization or knowledge may have a substantial, negative impact on the provision and effectiveness of the Services. Client agrees to refrain from moving, modifying, or otherwise altering any portion of the System without our prior knowledge and consent.  For the purposes of illustration, Client shall not add or remove hardware from the System, install applications on the System, or modify the configuration or log files of the System without IRIS’ prior knowledge and, on each occasion, written consent.

Anti-Virus; Anti-Malware.

IRIS’ anti-virus / anti-malware solution will generally protect the Client’s system from becoming infected with new viruses and malware (“Viruses”); however, Viruses that exist on the Client’s system at the time that the security solution is implemented may not be capable of being removed without additional services, for which a charge may be incurred.

You understand and agree that no security solution is one hundred percent effective, and any security paradigm may be circumvented and/or rendered ineffective by certain Viruses or malware, such as ransomware or rootkits, that were previously unknown to the manufacturers of the software solution, and/or which are purposely or intentionally downloaded or installed onto your System.  You are strongly advised to refrain from downloading files that are sent by unknown users, and/or users or files whose origination cannot be verified.  IRIS does not warrant or guarantee that all Viruses and malware will be capable of being avoided or removed, or that all forms of Viruses and malware will be timely detected or removed, or that any data corrupted or encrypted by Viruses or malware will be recoverable.

In order to improve security awareness, you agree that IRIS or its designated third-party affiliate may transfer information about the results of processed files, information used for URL reputation determination, security risk tracking, and statistics for protection against spam and malware. Any information obtained in this manner does not and will not contain any personal or confidential information.

Hosted Exchange / Email.

Client is solely responsible for the security, confidentiality and integrity of all email, and the content of all email, received, transmitted or stored through the hosted email service (“Hosted Email”).

Client shall not upload, post, transmit or distribute (or permit any of its authorized users of the Hosted Email to upload, post, transmit or distribute) any prohibited content, which is generally content that (i) is obscene, illegal, or intended to advocate or induce the violation of any law, rule or regulation, or (ii) violates the intellectual property rights or privacy rights of any third party, or (iii) mischaracterizes you, and/or is intended to create a false identity or to otherwise attempt to mislead any person as to the identity or origin of any communication, or (iv)  interferes or disrupts the services provided by IRIS or the services of any third party, or (v) contains Viruses, trojan horses or any other malicious code or programs.

In addition, Client shall not use the Hosted Email for the purpose of sending unsolicited commercial electronic messages (“SPAM”) in violation of any federal or state law.

IRIS reserves the right, but not the obligation, to suspend Client’s access to the Hosted Email and/or all transactions occurring under Client’s Hosted Email account if IRIS believes, in its discretion, that Client’s email account is being used in an improper or illegal manner.

SPAM / Junk Mail Filtering.

IRIS’ service provides email scanning for incoming unsolicited commercial email.  Using proprietary algorithms and other technologies, the service scans incoming email for designated keywords, attachments and known blacklisted sites, and filters the email accordingly.  From time to time the service may filter email that is not SPAM or junk mail, or may block email from legitimate sources.  Client is advised to periodically search the filtered email folder to ensure that relevant emails are not being filtered improperly, and will notify IRIS in the event that the SPAM filter settings require adjustment.

VoIP / Phone System.

The VoIP Service (“VoIP Service”) does not support traditional 911 or E911 access to emergency services in all locations.  The 911 dialing feature of the VoIP Service is not automatic; Client must take affirmative steps to register the address where the VoIP Service will be used in order to activate the 911 Dialing feature.  Client understands that Client must inform any users of the VoIP Service of the non-availability of traditional 911 or E911.

When a VoIP calling device is registered in a particular location, it cannot be moved without re-registering the device in the new location.  Client agrees that it will not move any VoIP calling device without IRIS’ written consent.  Client shall hold IRIS harmless for any and all claims or causes of action arising from or related to Client’s inability to use traditional 911 or E911 services.

When an emergency call is made, one or more third parties use the address of Client’s registered location to determine the nearest emergency response location, and then the call is forwarded to a general number at that location. When the emergency location receives Client’s call, the operator will not have Client’s address and may not have Client’s phone number. Client understands and agrees that users of the VoIP System must provide their address and phone number in order to get help. Client hereby authorizes IRIS to disclose Client’s name and address to third-party service providers, including, without limitation, call routers, call centers and public service answering points, for the purpose of dispatching emergency services personnel to Client’s registered location.

Client understands and agrees that 911 dialing does not and will not function in the event of a power failure or disruption.  Similarly, the hosted VoIP Services will not operate (i) during service outages or suspensions or terminations of service by Client’s broadband provider or ISP, or (ii) during periods of time in which Client’s ISP or broadband provider blocks the ports over which the VoIP Services are provided.  Client further understands and agrees that 911 Dialing will not function if Client changes its telephone number, or if Client adds or ports new telephone numbers to Client’s account, unless and until Client successfully register its location of use for each changed, newly added or newly ported telephone number.

Patch Management.

IRIS shall keep all managed equipment and software current with critical patches and updates (“Patches”) as such Patches are released generally by the manufacturers of the applicable hardware or software.  Patches and updates are developed by third-party vendors and, on rare occasions, may make the System, or portions of the System, unstable, or cause the managed equipment or software to fail to operate properly even when the Patches are installed correctly.  IRIS shall not be responsible for any downtime or losses arising from or related to the installation or use of any Patch.  IRIS reserves the right, but not the obligation, to refrain from installing a Patch if IRIS is aware of technical problems caused by a Patch, or believes that a Patch may render the System, or any portion of the System, unstable.

Backup (BDR) Services.

IRIS’ backup and disaster recovery (“BDR”) solution uses industry-recognized products and software to help ensure the security and integrity of Client’s data.  However, Client understands and agrees that all data transmitted over the Internet may be subject to malware and computer contaminants such as viruses, worms and trojan horses, as well as attempts by unauthorized users, such as hackers, to access or damage Client’s data.  Neither IRIS nor its designated affiliates will be responsible for the outcome or results of such activities. Data backup and recovery time will depend on the speed and reliability of Client’s Internet connection.

BDR services require a reliable, always-connected Internet solution.  Internet and telecommunications outages will prevent the BDR services from operating correctly.  In addition, all computer hardware is prone to failure due to equipment malfunction, telecommunication-related issues, etc., for which IRIS shall be held harmless.  Client is strongly advised to use data verification functionality (if available) to ensure the integrity of Client’s stored data.  Client is further advised to take all verification errors seriously, and agrees to contact IRIS immediately if verification errors are repetitive and/or cannot be remedied.

Due to technology limitations, all computer hardware, including communications equipment, network servers and related equipment, has an error transaction rate that can be minimized, but not eliminated.  As such, Client understands and agrees that any data sent to or stored by IRIS may become corrupted or lost due to communication or hardware-related failures.  IRIS cannot and does not warrant that such data corruption or loss will be avoided, and Client agrees that IRIS shall be held harmless if such data corruption or loss occurs.

Unless otherwise expressly stated in the Services Agreement, BDR services do not permit archiving or retrieval of prior document or file versions; only the latest version of a stored document or file is recoverable.


Equipment and software procured by IRIS on Client’s behalf (“Procured Equipment”) may be covered by one or more manufacturer warranties, which will be passed through to Client to the greatest extent possible.  By procuring equipment or software for Client, IRIS does not make any warranties or representations regarding the quality, integrity or usefulness of the Procured Equipment.  Certain equipment or software, once purchased, may be not be returnable or, in certain cases, may be subject to third party return policies and/or re-stocking fees, all of which shall be Client’s responsibility in the event that a return of the Procured Equipment is requested.

IRIS is not a warranty service or repair center.  IRIS will facilitate the return or warranty repair of Procured Equipment; however, Client understands and agrees that the return or warranty repair of Procured Equipment is governed by the terms of the warranties (if any) governing the applicable Procured Equipment, for which IRIS shall be held harmless.

Technology Business Review; IT Strategic Planning.

Suggestions and advice rendered to Client are provided in accordance with relevant industry practices, based on Client’s specific needs.  By suggesting a particular service or solution, IRIS is not endorsing any particular manufacturer or service provider.  IRIS is not a warranty service or repair center, and does not warrant or guaranty the performance of any third-party service or solution.

Virtual CTO or CIO Services.

The advice and suggestions provided by the VCIO will be for Client’s informational and/or educational purposes only.  The VCIO will not hold an actual director or officer position with Client, and the VCIO will neither hold nor maintain any fiduciary realtionship or position with Client.  Under no circumstances shall Client list or place the VCIO on Client’s corporate records or accounts.  At all times the VCIO will be an independent contractor of Client.

Diagnostic / Auditing Services.

Any diagnostic or auditing services performed by IRIS may require IRIS to install a small amount of code (“Diagnostic Code”) on one or more of the devices attached to the System.  The Diagnostic Code is deleted in its entirety after the testing process concludes.  Although our diagnostic tools may have access to, and report on the existence of, personal information and/or personal data on the diagnosed System, IRIS does not review or copied such information at any time during the testing process. No files will be erased, modified, opened, reviewed or copied at any time during the testing process.  The Diagnostic Code will not install or create any disabling device, or any backdoor or hidden entryway into the System.  The results of the diagnostic testing will be kept confidential by IRIS.

You grant IRIS permission to access the System for the purpose of conducting the diagnostic testing, and agree to hold IRIS harmless from and against any and all incidents or damages that  may occur during or as a result of the testing process, regardless of the cause of such damages including but not limited to data loss due to events beyond IRIS’ reasonable control, network or communication outages, and deficiencies or errors in any of hardware or equipment that may interrupt or terminate the diagnostic testing process.

The testing process is for diagnostic purposes only.  The process is not intended, and will not be used, to correct any problem or error in the System.  IRIS does not warrant or represent that the testing process will result in any particular outcome, or that any particular issue, hardware or software configuration will be correctly detected or identified.

Sample Policies, Procedures.

From time to time, IRIS may provide Client with sample (i.e., template) policies and procedures for use in connection with Client’s business (“Sample Policies”).  The Sample Policies are for Client’s informational use only, and do not constitute or comprise legal or professional advice.  The Sample Policies are not intended to be a substitute for the advice of competent counsel.  Client should seek the advice of competent legal counsel prior to using the Sample Policies, in part or in whole, in any transaction.  IRIS does not warrant or guarantee that the Sample Policies are complete, accurate, or suitable for Client’s specific needs, or that Client will reduce or avoid liability by utilizing the Sample Policies in its business operations.

Penetration Testing; Vulnerability Assessment.

Client understands and agrees that security devices, alarms or other security measures, both physical and virtual, may be tripped or activated during the penetration testing process, despite IRIS’ efforts to avoid such occurrences.  Client shall be responsible for notifying any monitoring company and all law enforcement authorities of the potential for “false alarms” due to the provision of the penetration testing services, and shall take all steps necessary to ensure that false alarms are not reported or treated as “real alarms” or credible threats against any person, place or property.  Some alarms and advanced security measures, when activated, may cause the partial or complete shutdown of the Client’s System, causing substantial downtime and/or delay to Client’s business activities.  IRIS shall not be responsible for, and shall be held harmless and indemnified by Client against, any claims, costs, fees or expenses incurred by Client that arise or result from (i) any response to the penetration testing services by any monitoring company or law enforcement authorities, or (ii) the partial or complete shutdown of Client’s System by any alarm or security monitoring device.

Client shall use all IRIS-hosted equipment and hardware (collectively, “Infrastructure”) for Client’s internal business purposes only.  Client shall not sublease, sublicense, rent or otherwise make the Infrastructure available to any third party without IRIS’ prior written consent.  Client agrees to refrain from using the Infrastructure in a manner that unreasonably or materially interferes with IRIS’ other hosted equipment or hardware, or in a manner that disrupts or which is likely to disrupt the services that IRIS provides to its other clientele.  Notwithstanding any provision to the contrary, IRIS reserves the right to throttle or suspend Client’s access and/or use of the Infrastructure if IRIS believes, in its sole but reasonable judgment, that Client’s use of the Infrastructure is violating, or is likely to violate, the foregoing terms or any other provision of the Services Agreement or these Terms.

Data Replication.

The rate by which the data at your primary site can be transferred to our designated cloud-based servers will vary depending on the amount and type of data, constraints inherent in your network, and fluctuations in bandwidth availability.  Therefore, at any given time, the secondary site may not be completely up to date.  In the event of a failover to the secondary site, the data that has not yet completed the transfer from the primary site will be lost.  IRIS may provide Client with some guidelines on latency times based on its understanding of Client’s data and system constraints, but these guidelines are not guarantees.

Unsupported Configuration Elements or Services.

If Client requests a configuration element (hardware or software) or hosting service in a manner that is not customary at IRIS, or that is in “end of life” or “end of support” status, IRIS may designate the element or service as “unsupported,” “non-standard,” “best efforts,” “reasonable endeavor,” “one-off,” “EOL,”  “end of support,” or with like term in the service description (an “Unsupported Service”).    IRIS makes no representation or warranty whatsoever regarding any Unsupported Service, and Client agrees that IRIS will not be liable to Client for any loss or damage arising from the provision of an Unsupported Service.  Deployment and service level guarantees shall not apply to any Unsupported Service.