Cyber Warranty Terms & Conditions
General Terms to Adhere To
Clients need to adhere to the following:
- You are covered for a 12-month warranty from the date of invoice
- Each individual Client has less than 100 000 personally identifiable records
- Password length of at least 8 (eight) characters.
- User account password configured to be changed at least every 120 (one hundred and twenty) days unless passwords are at least 14 (fourteen) characters in length or multi factor authentication is implemented.
- Passwords configured which cannot within reason be deemed widely used or easily guessable e.g., including the Client’s name or P@ssword1.
- User accounts configured to lockout because of at most 10 (ten) failed authentication attempts.
The following recovery controls:
- Generate backups at least weekly or have replication implemented.
- At any point in time have a backup or replicated copy which is disconnected, offline or cannot be overwritten from the production environment.
- Test the ability to restore data from backups or read from replicated copies at least every six (6) months.
If the Client’s Computer System includes a company network:
- Firewalls configured to restrict access to digitally stored Sensitive Information.
- Administrative/remote access interfaces such as Remote Desktop Protocol (RDP) are not accessible via the open internet. Where such interfaces are required, these are accessible exclusively over secured channels such as Virtual Private Network (VPN) connections.
- The system and/or activity logs for all Sensitive Systems including firewalls and Active Directory as implemented in the Client’s environment stored for a minimum period of 3 (three) months.
Detailed Terms & Conditions
- Stargaze IT Solutions (Pty) Ltd, will provide you, the Client, a guarantee for a period of 12 (twelve) months from date of purchase that should one of the following incidents transpire:
- Network Security Breach
- Cyber Extortion Threat
- Internet of Things Damage Event
Stargaze IT Solutions (Pty) Ltd shall provide specialist services up to or pay up to a maximum cumulative guarantee as reflected on the Purchase Order.
- This guarantee is provided for a period of 12 (twelve) months from the date of purchase of the guarantee, provided Stargaze IT Solutions (Pty) Ltd is notified within 7 (seven) days of the Client becoming aware of the Network Security Breach, Cyber Extortion Threat or Internet of Things Damage Event.
- The guarantee shall only be payable:
- Should the Client have selected the “Stargaze IT Solutions (Pty) Ltd Guarantee” option on the quote; and
- The Client has the following security controls implemented at the time of the Network Security Breach, Cyber Extortion Threat or Internet of Things Damage Event:
- Anti-virus and/or anti-malware software implemented on all desktops, laptops, and Sensitive Systems (all systems (including all hardware, software and physical components thereof and the data stored thereon) visible to external networks and/or used to store/process nonpublic, confidential, proprietary, or POPIA related information) running a Microsoft operating system and kept up to date as per the software providers’ recommendations.
- Security related patches and updates applied on Sensitive Systems within 3 (three) months of release by the provider.
- The following password controls implemented on Sensitive Systems:
- Have the Cyber Smart distributed denial of service solution implemented and active
- Password length of at least 8 (eight) characters.
- User account password configured to be changed at least every 120 (one hundred and twenty) days unless passwords are at least 14 (fourteen) characters in length or multi factor authentication is implemented.
- Passwords configured which cannot within reason be deemed widely used or easily guessable e.g., including the Client’s name or P@ssword1.
- User accounts configured to lockout because of at most 10 (ten) failed authentication attempts.
- The following recovery controls:
- Generate backups at least weekly or have replication implemented.
- At any point in time have a backup or replicated copy which is disconnected, offline or cannot be overwritten from the production environment.
- Test the ability to restore data from backups or read from replicated copies at least every six (6) months.
- If the Client’s Computer System includes a company network:
- Firewalls configured to restrict access to digitally stored Sensitive Information.
- Administrative/remote access interfaces such as Remote Desktop Protocol (RDP) are not accessible via the open internet. Where such interfaces are required, these are accessible exclusively over secured channels such as Virtual Private Network (VPN) connections.
- The system and/or activity logs for all Sensitive Systems including firewalls and Active Directory as implemented in the Client’s environment stored for a minimum period of 3 (three) months.
- Limitations of Guarantee:
- Network Security Breach means unauthorised access to, unauthorised use of, theft of data from or transmission of malicious code to the Client’s computer system. Which shall be limited to the following reasonable and necessary costs and expenses incurred by the Client within one (1) year of notifying Stargaze IT Solutions (Pty) Ltd of the Network Security Breach:
- to restore, re-collect, or replace data, including expenses for materials, working time, and overhead cost allocation at the affected location associated with restoring or replacing data.
- if it is determined that data cannot be restored, re-collected, or replaced, the actual costs incurred up to such determination.
- of certified specialists, investigators, forensic auditors, or loss adjusters retained by Stargaze IT Solutions (Pty) Ltd to conduct a review or audit to substantiate that a Network Security Breach is or has occurred, or to determine the scope, cause, or extent of any theft or unauthorised disclosure of information or data or Privacy Breach; and
- all other reasonable and necessary costs and expenses incurred by the Client to contain the Network Security Breach
- all other reasonable and necessary costs to comply with governmental privacy legislation or Guidelines mandating, or recommending as best practice, including but not limited to reasonable and necessary legal expenses, communication expenses through mail, call centre (for a period of up to 90 days unless otherwise required by applicable law, regulation or agreed to by Stargaze IT Solutions (Pty) Ltd) and website, and customer support expenses including credit monitoring and identity theft education and assistance.
- all reasonable and necessary expenses incurred by the Client and approved by the Stargaze IT Solutions (Pty) Ltd within one (1) year of the Client notifying the Stargaze IT Solutions (Pty) Ltd of the Network Security Breach, for retaining the services of a public relations consultant and for related advertising or communication expenses at the direction of said consultant, solely for the purpose of averting or mitigating any material damage to the Client’s brand or reputation as a result of an actual Network Security Breach.
- the unrecoverable actual direct financial loss of money or monetary funds, which belong to the Client or for which the Client is legally responsible, as a direct result of a Network Security Breach by a Third Party. Any cryptocurrency losses are excluded.
- This does not include costs or expenses incurred by the Client to:
- identify or remediate any software errors or vulnerabilities.
- update, replace, upgrade, recreate or enhance any part of the Client’s Computer System to a level beyond that which existed prior to the Network Security Breach, Cyber Extortion Threat or Internet of Things Damage Event;
- research or develop any data, including but not limited to trade secrets or other proprietary information; or
- establish, implement, maintain, improve, or remediate security or privacy practices, procedures or policies.
- Cyber Extortion Threat means a credible threat or series of related threats, including a demand for funds or property, directed at the Client to intentionally damage, destroy or corrupt, introduce Malicious Code to, or commit a Theft of Data from the Client’s Computer System. Which shall be limited to:
- the lesser of 50% or the remaining balance of the guarantee for the funds or property paid by the Client with the prior written consent of Stargaze IT Solutions (Pty) Ltd, to a person reasonably believed to be responsible for a Cyber Extortion Threat for the purpose of terminating such threat.
- reasonable and necessary fees and expenses of the cyber extortion negotiator to investigate and determine the cause of and to end a Cyber Extortion Threat
- all other reasonable and necessary expenses incurred by the Client, with the prior written consent of Stargaze IT Solutions (Pty) Ltd within the guarantee period, as a direct result of a Cyber Extortion Threat. Provided the overall payment for the expenses and payment to terminate the Cyber Extortion Threat does not exceed the expenses the Client would have incurred had the payment for the expenses and payment to terminate the Cyber Extortion Threat not been paid.
- Payment to terminate the Cyber Extortion Threat and for a cyber extortion negotiator will not be covered where this is deemed illegal in the jurisdiction where the Client or Stargaze IT Solutions (Pty) Ltd has operations.
- Internet of Things Event means unauthorised access to or transmission of malicious code to the Client’s Computer System which shall be limited to the reasonable and necessary costs to replace or repair direct physical damage to and/or impairment, corruption or destruction of tangible property belonging to or rented, leased, or hired by the Client, including loss of use thereof, solely and directly by unauthorised access to or transmission of malicious code to the Client’s Computer System, regardless of any other cause or event contributing concurrently or in any other sequence thereof. Which shall be limited to:
- Stargaze IT Solutions (Pty) Ltd shall not be liable in respect of physical damage to tangible property belonging to or rented, leased, or hired by the Client which is in excess of the actual cash value of such tangible property at the time of the unauthorised access to or transmission of malicious code to the Client’s Computer System, whether or not it is for the actual cost of repairing any such property or of replacing same with property or material of like quality and value. property damage does not include costs to improve the Client’s damaged, impaired, corrupted, or destroyed tangible property.