STATEMENT OF WORK – SECURITY SCORECARD

We want to thank you for allowing REDW LLC (“REDW”) to serve as your trusted advisor. Our firm is committed to providing you with a reliable and responsive team that has the skills needed to address your needs as they arise.

This Statement of Work (“SOW”) confirms the nature and scope of the services that REDW LLC (“REDW”) will provide to you. This SOW is subject to the terms and conditions of the Master Services Agreement (“MSA”) between you and REDW, as described below.

SCOPE OF WORK

The Security Scorecard service procedures include an initial analysis of your cybersecurity and enterprise-wide risks by analyzing 10 critical risk factors identified from an attacker’s perspective.

From our analysis, REDW will produce a graded A-F report card, as well as a report with Security Scorecard findings and recommendations (“Security Scorecard”), then discuss any recommendations for future potential projects with management at your discretion.

YOUR RESPONSIBILITIES

  • Verify you are providing the “correct” domain name for your company. DO NOT assume, that your domain name is simply companyname.com
  • Make relevant personnel available, as required
  • Review report, including recommendations and respond in a timely manner with questions, suggested changes, and management response

These services are limited to providing a Security Scorecard from information that you provide. If, as a result of the findings in the Security Scorecard, we recommend further security actions, consulting, or projects (collectively “Recommended Projects”), any such Recommended Projects will be subject to mutual agreement in a future SOW, for an incremental fee.

Our services do not include authorizing, executing, or consummating transactions or otherwise exercising authority on your behalf, preparing source documents evidencing the occurrence of a transaction, having custody of the assets, supervising the employees in performing their normal recurring duties, or reporting to the board of directors on behalf of management. It is the responsibility of management to designate a member of management who will oversee the services we provide, evaluate the adequacy of the services we perform and any findings that result, make management decisions, including accepting responsibility for the results of our services and determining which recommendations made by our firm (if any) should be implemented, and establish and maintain internal controls, including ongoing monitoring responsibilities. If, for any reason, we are unable to complete any of the reporting, we will describe any such restrictions, or not issue a report and withdraw from this engagement

You understand that the report should not be used by anyone other than these specified parties. Our report may contain a paragraph indicating that had we performed additional procedures, other matters might have come to our attention that would have been reported to you.

We, in our sole professional judgment, reserve the right to refuse to carry out any procedure or take any action that could be construed as making management decisions or performing management functions.

You may request that we perform additional services not contemplated by this SOW. If this occurs, we will communicate with you regarding the scope of the additional services and the estimated fees. We may also issue a separate SOW covering the additional services. In the absence of any other written communication from us documenting such additional services, our services will continue to be governed by the terms of this SOW.

TIMELINE FOR PROVIDING OUR SERVICES

Once the signed SOW is received, we will coordinate with management to identify a project timeline. We are available to start new projects by gathering planning information within 1-2 weeks once this signed SOW is returned. We typically can initiate the work within a day or two, however delays may occur based on the number of simultaneous requests. If information is not provided in a timely manner and this is causing significant delays in the project, we will discuss the extra time needed to complete the project’s scope.

This is a short-term project. The typical expected timeline for preparing and delivering a Security Scorecard is expected to take about 1-2 weeks. Any further work thereafter will be subject to a new SOW.

Once the project work is completed, we will be available to present the report to management via a Virtual (Zoom or MS Teams) internet conference.

FEES FOR THE SERVICES INCLUDED IN THIS SOW

The fee is based on anticipated cooperation from your personnel and the assumption that unexpected circumstances will not be encountered. If significant additional time is necessary, or if the scope of this project significantly expands beyond the objectives and procedures described above, we will discuss it with you and arrive at a new fee estimate.

All other provisions of this letter will survive any fee adjustment.

REDW provides information security consulting services and is dedicated to assisting clients with the improvement of their information security, but we cannot guarantee the prevention of electronic attack, intrusion or other compromises of security or loss of data. REDW assumes no responsibility for loss or damages resulting from electronic attachments, intrusion or other compromises of security or the client’s use or misuse of any information, apparatus, product, or process provided. The ultimate responsibility for information security lies with you, the client. In performing our work, REDW will treat all information, data, and systems characteristics it observes as private and proprietary.

We are not responsible for the internal control environment maintained by you and its compliance with internal controls, which may or may not include controls related to data processing systems and data backup. Furthermore, this engagement does not include any procedures designed to discover errors, misrepresentation, fraud, illegal acts, or theft, and you agree that we have no responsibility to do so.

SPECIAL TERMS AND CONDITIONS

By signing this agreement, you are committing and confirming that you are authorized by your company to execute this Statement of Work (“SOW”) to purchase the services listed. Your commitment to purchase becomes binding upon acceptance by REDW LLC (“REDW”) and is not subject to the issuance of any further confirmations or to other events.

REDW Standard Terms and Conditions apply and are governed by our Master Services Agreement (“MSA”) and by signing this SOW you are also agreeing to the Terms and Conditions contained in the MSA. Our MSA may be viewed at: Master Service Agreement - Online (redw.com) 

The REDW LLC MSA and this SOW represent the entire Agreement between the parties and cannot be overridden by terms contained in any later received document unless the additional terms are accepted in writing by both parties.

Thank you for this opportunity to serve as your trusted advisor and to provide those services described in this SOW.