1. DEFINITIONS AND INTERPRETATION

1.1 Definitions

In this Agreement, unless the context otherwise requires:

“ABN” means Australian Business Number

“ACN” means Australian Company Number

“Agreement” means this Service Agreement and any Schedule, Annexure, or Service Order attached to or incorporated by reference

“Business Day” means a day that is not a Saturday, Sunday, or public holiday in New South Wales

“Client” means the person or entity identified in the Service Order who purchases Services from Cyber Matters

“Confidential Information” means all information disclosed by one party to the other that is marked confidential or would reasonably be considered confidential

“Cyber Matters” means Cyber Matters Pty Ltd ACN 647 571 079 of Suite 7, Level 2, 374 Church Street, Parramatta NSW 2150, Australia

“GST” has the meaning given in the A New Tax System (Goods and Services Tax) Act 1999 (Cth)

“Services” means the services described in clause 2 and any Service Order

“Service Order” means a written order for Services signed by both parties

“Third-Party Platform” means any software, platform, or service provided by a third-party vendor that Cyber Matters resells or implements

1.2 Interpretation

In this Agreement, unless the context otherwise requires:

• headings are for convenience only and do not affect interpretation
• the singular includes the plural and vice versa
• a reference to a party includes that party’s successors and permitted assigns
• a reference to legislation includes any amendment or replacement of that legislation

2. SERVICES

2.1 Scope of Services

Cyber Matters provides the following professional services on a retainer basis:

(a) Governance, Risk and Compliance (GRC) Services

• Compliance framework implementation and management
• Risk assessment and management consulting
• Policy and procedure development
• Compliance audits and gap analysis
• Regulatory compliance advisory services
• Board and executive reporting on cyber risk

(b) DevSecOps Consulting Services

• Security integration into development pipelines
• Infrastructure as Code security reviews
• Container and cloud security implementation
• Automated security testing integration
• Secure software development lifecycle (SDLC) consulting
• CI/CD pipeline security hardening

(c) Security Awareness Training and Consulting

• Customised security awareness programs
• Phishing simulation campaigns
• Security culture development
• Incident response training
• Executive briefings on cyber threats
• Staff security education programs

2.2 Service Delivery

Services will be delivered in accordance with:

• The terms of this Agreement
• Any applicable Service Order
• Australian industry best practices and standards
• Relevant Australian privacy and security legislation

2.3 Monthly Retainer Model

Unless otherwise specified in a Service Order:

• Services are provided on a monthly retainer basis
• Retainer includes a specified number of consulting hours per month
• Additional hours are charged at rates specified in the Service Order
• Unused hours do not accumulate or carry forward unless agreed in writing

3. THIRD-PARTY PLATFORMS AND RESELLER ARRANGEMENTS

3.1 MSSP and Reseller Services

Cyber Matters maintains Managed Security Service Provider (MSSP) and reseller partnerships with various security and compliance platform vendors. When providing Third-Party Platform services:

(a) Client acknowledges and agrees to be bound by the applicable End User Licence Agreement (EULA) of each Third-Party Platform

(b) Client understands that use of Third-Party Platforms creates a direct legal relationship with the platform vendor

(c) Cyber Matters will provide or direct Client to all applicable Third-Party Platform terms and conditions

3.2 Cyber Matters’ Role

In relation to Third-Party Platforms, Cyber Matters:

• Acts solely as a reseller and implementation partner
• Provides configuration, customisation, and integration services
• Offers training and ongoing support as agreed
• Does not warrant Third-Party Platform functionality or availability
• Is not liable for Third-Party Platform failures, outages, or defects

3.3 Platform Licensing and Fees

• Platform licensing fees are itemised separately in Service Orders
• Platform fees are subject to vendor price changes
• Cyber Matters will provide reasonable notice of known price changes
• Client is responsible for compliance with all licensing terms

4. FEES AND PAYMENT

4.1 Fees

(a) Monthly Retainer: Fixed monthly fee for agreed services, payable in advance

(b) Additional Services: Services beyond retainer scope charged at hourly rates specified in the Service Order

(c) Third-Party Platforms: License fees as specified by vendors plus any agreed implementation fees

(d) Expenses: Reasonable travel and accommodation expenses, where pre-approved

4.2 Invoicing and Payment

• Invoices are issued monthly in advance for retainer services
• Payment terms are 30 days from invoice date
• All amounts are in Australian dollars
• Fees are exclusive of GST unless otherwise stated

4.3 Late Payment

If any amount remains unpaid after the due date:

• Interest accrues at the rate of 10% per annum
• Cyber Matters may suspend Services upon 7 days’ written notice
• Client remains liable for all fees during any suspension period

4.4 GST

• All fees are exclusive of GST
• Client must pay GST in addition to the fees
• Cyber Matters will provide valid tax invoices

5. CLIENT OBLIGATIONS

5.1 General Obligations

Client must:

• Provide timely access to systems, data, and personnel
• Ensure all information provided is accurate and complete
• Maintain appropriate insurance coverage
• Comply with all applicable laws and regulations
• Promptly notify Cyber Matters of any security incidents

5.2 Cooperation

Client acknowledges that Cyber Matters’ ability to provide Services depends on Client’s cooperation, including:

• Timely responses to requests for information
• Access to relevant systems and documentation
• Availability of key personnel
• Implementation of recommended security measures

5.3 Third-Party Platform Obligations

When using Third-Party Platforms, Client must:

• Accept and comply with all applicable EULAs
• Maintain confidentiality of credentials
• Use platforms only for intended business purposes
• Ensure adequate user training

6. CONFIDENTIALITY

6.1 Confidentiality Obligations

Each party must:

• Keep all Confidential Information strictly confidential
• Not disclose Confidential Information except as permitted
• Use Confidential Information solely for the purposes of this Agreement
• Implement reasonable security measures to protect Confidential Information

6.2 Permitted Disclosures

Confidential Information may be disclosed:

• To employees and contractors on a need-to-know basis
• As required by law or court order (with notice where permitted)
• With the disclosing party’s prior written consent

6.3 Exceptions

Confidentiality obligations do not apply to information that:

• Is or becomes publicly available other than through breach
• Is independently developed without reference to Confidential Information
• Is rightfully received from a third party without restriction

6.4 Duration

Confidentiality obligations continue for 5 years after termination of this Agreement.

7. INTELLECTUAL PROPERTY

7.1 Ownership

• Each party retains ownership of its pre-existing intellectual property
• Cyber Matters retains ownership of its methodologies, tools, and know-how
• Client retains ownership of its data and business information

7.2 Deliverables

Unless otherwise agreed in writing:

• Client owns all deliverables created specifically for Client
• Cyber Matters retains rights to general methodologies and know-how
• Third-Party Platform intellectual property remains with vendors

7.3 Licence to Use

Each party grants the other a limited licence to use its intellectual property solely as necessary to perform under this Agreement.

8. LIABILITY AND INDEMNITY

8.1 Limitation of Liability

To the maximum extent permitted by law:

• Cyber Matters’ total liability is limited to the fees paid in the 12 months preceding the claim
• Neither party is liable for indirect, consequential, or special damages
• Neither party is liable for loss of profits, data, or business opportunity

8.2 Exceptions

Limitations do not apply to:

• Breach of confidentiality obligations
• Wilful misconduct or gross negligence
• Infringement of intellectual property rights
• Liabilities that cannot be limited under Australian law

8.3 Indemnities

(a) Client indemnifies Cyber Matters against all claims arising from:

• Client’s breach of this Agreement
• Client’s use of Services or Third-Party Platforms
• Client’s violation of applicable laws

(b) Cyber Matters indemnifies Client against third-party claims that Services infringe intellectual property rights

8.4 Australian Consumer Law

Nothing in this Agreement excludes, restricts, or modifies any consumer guarantees, rights, or remedies under the Australian Consumer Law that cannot be excluded, restricted, or modified.

9. TERM AND TERMINATION

9.1 Term

This Agreement commences on the date of the first Service Order and continues until terminated in accordance with this clause.

9.2 Termination for Convenience

Either party may terminate this Agreement or any Service Order by giving 60 days’ written notice.

9.3 Termination for Cause

Either party may terminate immediately by written notice if the other party:

• Materially breaches this Agreement and fails to remedy within 14 days of notice
• Becomes insolvent or subject to any form of insolvency administration
• Ceases to carry on business

9.4 Consequences of Termination

Upon termination:

• All outstanding fees become immediately due and payable
• Each party must return or destroy Confidential Information
• Cyber Matters will provide reasonable transition assistance (at Client’s cost)
• Provisions that by their nature survive termination continue in force

10. PRIVACY AND DATA PROTECTION

10.1 Privacy Compliance

Both parties must comply with:

• Privacy Act 1988 (Cth) and Australian Privacy Principles
• Any applicable industry-specific privacy requirements
• Notifiable data breach obligations

10.2 Data Handling

Cyber Matters will:

• Only collect and use personal information as necessary for Services
• Implement appropriate security safeguards
• Notify Client promptly of any data breaches
• Comply with Client’s reasonable data handling instructions

11. GENERAL PROVISIONS

11.1 Entire Agreement

This Agreement and any Service Orders constitute the entire agreement between the parties and supersede all prior agreements and understandings.

11.2 Amendment

This Agreement may only be amended in writing signed by both parties.

11.3 Assignment

Neither party may assign this Agreement without the other party’s prior written consent, except that Cyber Matters may assign to a related body corporate.

11.4 Governing Law

This Agreement is governed by the laws of New South Wales and the parties submit to the non-exclusive jurisdiction of the courts of New South Wales.

11.5 Dispute Resolution

(a) The parties must attempt to resolve disputes through good faith negotiations

(b) If not resolved within 30 days, disputes must be referred to mediation administered by the Australian Disputes Centre

(c) If mediation fails, disputes may be referred to courts of competent jurisdiction

11.6 Notices

All notices must be in writing and sent to the addresses specified in the Service Order or as otherwise notified.

11.7 Severability

If any provision is invalid or unenforceable, it will be severed and the remaining provisions continue in force.

11.8 Survival

Clauses relating to confidentiality, intellectual property, liability, and any other provisions that by their nature should survive, continue after termination.

11.9 Relationship of Parties

The parties are independent contractors. Nothing creates a partnership, joint venture, employment, or agency relationship.

11.10 Force Majeure

Neither party is liable for delays or failures due to circumstances beyond reasonable control, including acts of God, natural disasters, war, terrorism, pandemic, or government actions.

---

By entering into a Service Order, you acknowledge that you have read, understood, and agree to be bound by this Service Agreement.

Cyber Matters Pty Ltd

ACN: 647 571 079

ABN: 32 647 571 079

Address: Suite 7, Level 2, 374 Church Street, Parramatta NSW 2150, Australia

Email: [email protected]

Phone: +61 2 8091 5184