Common use of Additional Service Days Clause in Contracts

Additional Service Days. Customers of Incident Response Retainer Services (Base) may purchase Additional Service Day(s) as needed during an Incident Investigation. Any and all Services purchased must be delivered by Symantec within the Region(s) for which fees have been paid as set forth in the Subscription Instrument. Incident Response Retainer Services (Base) does not offer any pre‐purchase of Service Days. Any Service Days that Customer may have pre‐purchased outside Incident Response Retainer Services (Base) cannot be applied to Services offered under Incident Response Retainer Services (Base). TABLE OF CONTENTS‌  Technical/Business Functionality and Capabilities o Service Features o Customer Responsibilities  Service‐Specific Terms o Service Conditions  Definitions  Optional Services TECHNICAL/BUSINESS FUNCTIONALITY AND CAPABILITIES SERVICE FEATURES. The following table illustrates the Service features associated with the Incident Response Retainer Services (Base). SERVICE FEATURE SERVICE FEATURE DESCRIPTION 24x7 PHONE AND EMAIL ACCESS Customer will have access to a 24x7 phone number to contact Symantec’s Incident Response delivery team to request incident response assistance (“Incident Response Assistance Call”). Customer may also contact the Incident Response delivery team 24x7 by email. CALL‐BACK OBJECTIVE Symantec’s Incident Response delivery team will make reasonable efforts to return Customer’s Incident Response Assistance Call within 3 hours following receipt of such call by Symantec. REMOTE SERVICE Incident Response Retainer Services (Base) include one (1) remotely conducted Incident Investigation (“Remote Service”) for one (1) endpoint* not to exceed five (5) Service Days every twelve (12) month during the Term. Customer cannot roll over an unused Remote Service into the following year. * Microsoft® Windows® platforms (not including mobile) only. Must be Windows® XP or newer. • Symantec will analyze Customer data, including, without limitation, hardware, software, images, memory, network, logs (“Customer Data”). • Remote Service of Customer Data shall be scheduled by Customer via the Incident Response deliveryteam. • All Remote Services performed by Symantec shall be during Normal Business Hours only. • If Customer is shipping Customer hardware to Symantec, Customer acknowledges and agrees that any such Remote Service performed by Symantec shall be subject to the following: (a) Customer shall, at its sole cost and expense, be solely responsible for the delivery of Customer Data (on a medium to be mutually agreed with Symantec) to Symantec and the return of such Customer Data to Customer following conclusion of Remote Service; (b) Customer Data shall be delivered to Symantec at a location mutually agreed between Customer and the Incident Response delivery team, in a tamper‐evident container (where applicable). Where applicable, Customer shall provide Symantec with the applicable delivery tracking number and shall ensure that Symantec’s physical acknowledgement of receipt is required upon delivery; (c) Symantec shall have no responsibility whatsoever with respect to Customer Data, including, without limitation, to any Customer Data that may remain within any Customer hardware (whether accessible, readable or not). • If Customer is using Customer Self‐Service Evidence Collection Tool, the use by Customer shall be governed by the license agreement accompanying the tool. If no XXXX accompanies the Customer Self‐Service Evidence Collection Tool, it shall be governed by the terms and conditions located at: xxxx://xxx.xxxxxxxx.xxx/content/en/us/enterprise/eulas/b‐hosted‐service‐component‐xxxx‐eng.pdf. • Each Remote Service concludes with an email summarizing the findings. Requesting a Service. Customer shall contact Symantec to request a Service. Symantec will then provide Customer with a Work Authorization Form or “WAF” describing the service to be rendered, and Customer must sign and return the WAF to Symantec (“Incident Investigation Registration”). Incident Investigation Registration is the date of receipt by Symantec of the signed WAF. To augment the Incident Response Retainer Services (Base), Customer may purchase Additional Services Day(s) as described below:

Additional Service Days. Customers of Incident Response Retainer Services (Base) may purchase Additional Service Day(s) as needed during an Incident Investigation. Any and all Services purchased must be delivered by Symantec within the Region(s) for which fees have been paid as set forth in the Subscription Instrument. Incident Response Retainer Services (Base) does not offer any pre‐purchase of Service Days. Any Service Days that Customer may have pre‐purchased outside Incident Response Retainer Services (Base) cannot be applied to Services offered under Incident Response Retainer Services (Base). TABLE OF CONTENTS‌ CONTENTS  Technical/Business Functionality and Capabilities o Service Features o Customer Responsibilities  Service‐Specific Terms o Service Conditions  Definitions  Optional Services TECHNICAL/BUSINESS FUNCTIONALITY AND CAPABILITIES SERVICE FEATURES. The following table illustrates the Service features associated with the Incident Response Retainer Services (Base). SERVICE FEATURE SERVICE FEATURE DESCRIPTION 24x7 PHONE AND EMAIL ACCESS Customer will have access to a 24x7 phone number to contact Symantec’s Incident Response delivery team to request incident response assistance (“Incident Response Assistance Call”). Customer may also contact the Incident Response delivery team 24x7 by email. CALL‐BACK OBJECTIVE Symantec’s Incident Response delivery team will make reasonable efforts to return Customer’s Incident Response Assistance Call within 3 hours following receipt of such call by Symantec. REMOTE SERVICE Incident Response Retainer Services (Base) include one (1) remotely conducted Incident Investigation (“Remote Service”) for one (1) endpoint* not to exceed five (5) Service Days every twelve (12) month during the Term. Customer cannot roll over an unused Remote Service into the following year. * Microsoft® Windows® platforms (not including mobile) only. Must be Windows® XP or newer. •  Symantec will analyze Customer data, including, without limitation, hardware, software, images, memory, network, logs (“Customer Data”). •  Remote Service of Customer Data shall be scheduled by Customer via the Incident Response deliveryteamdelivery team. •  All Remote Services performed by Symantec shall be during Normal Business Hours only. •  If Customer is shipping Customer hardware to Symantec, Customer acknowledges and agrees that any such Remote Service performed by Symantec shall be subject to the following: (a) Customer shall, at its sole cost and expense, be solely responsible for the delivery of Customer Data (on a medium to be mutually agreed with Symantec) to Symantec and the return of such Customer Data to Customer following conclusion of Remote Service; (b) Customer Data shall be delivered to Symantec at a location mutually agreed between Customer and the Incident Response delivery team, in a tamper‐evident container (where applicable). Where applicable, Customer shall provide Symantec with the applicable delivery tracking number and shall ensure that Symantec’s physical acknowledgement of receipt is required upon delivery; (c) Symantec shall have no responsibility whatsoever with respect to Customer Data, including, without limitation, to any Customer Data that may remain within any Customer hardware (whether accessible, readable or not). •  If Customer is using Customer Self‐Service Evidence Collection Tool, the use by Customer shall be governed by the license agreement accompanying the tool. If no XXXX accompanies the Customer Self‐Service Evidence Collection Tool, it shall be governed by the terms and conditions located at: xxxx://xxx.xxxxxxxx.xxx/content/en/us/enterprise/eulas/b‐hosted‐service‐component‐xxxx‐eng.pdf. •  Each Remote Service concludes with an email summarizing the findings. Requesting a Service. Customer shall contact Symantec to request a Service. Symantec will then provide Customer with a Work Authorization Form or “WAF” describing the service to be rendered, and Customer must sign and return the WAF to Symantec (“Incident Investigation Registration”). Incident Investigation Registration is the date of receipt by Symantec of the signed WAF. To augment the Incident Response Retainer Services (Base), Customer may purchase Additional Services Day(s) as described below:

Additional Service Days. Customers of Incident Response Retainer Services (Base) may purchase Additional Service Day(s) as needed during an Incident Investigation. Any and all Services purchased must be delivered by Symantec within the Region(s) for which fees have been paid as set forth in the Subscription Instrument. Incident Response Retainer Services (Base) does not offer any pre‐purchase of Service Days. Any Service Days that Customer may have pre‐purchased outside Incident Response Retainer Services (Base) cannot be applied to Services offered under Incident Response Retainer Services (Base). TABLE OF CONTENTS‌  CONTENTS ▪ Technical/Business Functionality and Capabilities o Service Features o Customer Responsibilities  ▪ Service‐Specific Terms o Service Conditions  ▪ Definitions  ▪ Optional Services TECHNICAL/BUSINESS FUNCTIONALITY AND CAPABILITIES SERVICE FEATURES. The following table illustrates the Service features associated with the Incident Response Retainer Services (Base). SERVICE FEATURE SERVICE FEATURE DESCRIPTION 24x7 PHONE AND EMAIL ACCESS Customer will have access to a 24x7 phone number to contact Symantec’s Incident Response delivery team to request incident response assistance (“Incident Response Assistance Call”). Customer may also contact the Incident Response delivery team 24x7 by email. CALL‐BACK OBJECTIVE Symantec’s Incident Response delivery team will make reasonable efforts to return Customer’s Incident Response Assistance Call within 3 hours following receipt of such call by Symantec. REMOTE SERVICE Incident Response Retainer Services (Base) include one (1) remotely conducted Incident Investigation (“Remote Service”) for one (1) endpoint* not to exceed five (5) Service Days every twelve (12) month during the Term. Customer cannot roll over an unused Remote Service into the following year. * Microsoft® Windows® platforms (not including mobile) only. Must be Windows® XP or newer. • Symantec will analyze Customer data, including, without limitation, hardware, software, images, memory, network, logs (“Customer Data”). • Remote Service of Customer Data shall be scheduled by Customer via the Incident Response deliveryteamdelivery team. • All Remote Services performed by Symantec shall be during Normal Business Hours only. • If Customer is shipping Customer hardware to Symantec, Customer acknowledges and agrees that any such Remote Service performed by Symantec shall be subject to the following: (a) Customer shall, at its sole cost and expense, be solely responsible for the delivery of Customer Data (on a medium to be mutually agreed with Symantec) to Symantec and the return of such Customer Data to Customer following conclusion of Remote Service; (b) Customer Data shall be delivered to Symantec at a location mutually agreed between Customer and the Incident Response delivery team, in a tamper‐evident container (where applicable). Where applicable, Customer shall provide Symantec with the applicable delivery tracking number and shall ensure that Symantec’s physical acknowledgement of receipt is required upon delivery; (c) Symantec shall have no responsibility whatsoever with respect to Customer Data, including, without limitation, to any Customer Data that may remain within any Customer hardware (whether accessible, readable or not). • If Customer is using Customer Self‐Service Evidence Collection Tool, the use by Customer shall be governed by the license agreement accompanying the tool. If no XXXX accompanies the Customer Self‐Service Evidence Collection Tool, it shall be governed by the terms and conditions located at: xxxx://xxx.xxxxxxxx.xxx/content/en/us/enterprise/eulas/b‐hosted‐service‐component‐xxxx‐eng.pdf. • Each Remote Service concludes with an email summarizing the findings. Requesting a Service. Customer shall contact Symantec to request a Service. Symantec will then provide Customer with a Work Authorization Form or “WAF” describing the service to be rendered, and Customer must sign and return the WAF to Symantec (“Incident Investigation Registration”). Incident Investigation Registration is the date of receipt by Symantec of the signed WAF. To augment the Incident Response Retainer Services (Base), Customer may purchase Additional Services Day(s) as described below:

Additional Service Days. Customers of Incident Response Retainer Services (Base) may purchase Additional Service Day(s) as needed during an Incident Investigation. Any and all Services purchased must be delivered by Symantec within the Region(s) for which fees have been paid as set forth in the Subscription Instrument. Incident Response Retainer Services (Base) does not offer any pre‐purchase of Service Days. Any Service Days that Customer may have pre‐purchased outside Incident Response Retainer Services (Base) cannot be applied to Services offered under Incident Response Retainer Services (Base). TABLE OF CONTENTS‌  ▪ Technical/Business Functionality and Capabilities o Service Features o Customer Responsibilities  ▪ Service‐Specific Terms o Service Conditions  ▪ Definitions  ▪ Optional Services TECHNICAL/BUSINESS FUNCTIONALITY AND CAPABILITIES SERVICE FEATURES. The following table illustrates the Service features associated with the Incident Response Retainer Services (Base). SERVICE FEATURE SERVICE FEATURE DESCRIPTION 24x7 PHONE AND EMAIL ACCESS Customer will have access to a 24x7 phone number to contact Symantec’s Incident Response delivery team to request incident response assistance (“Incident Response Assistance Call”). Customer may also contact the Incident Response delivery team 24x7 by email. CALL‐BACK OBJECTIVE Symantec’s Incident Response delivery team will make reasonable efforts to return Customer’s Incident Response Assistance Call within 3 hours following receipt of such call by Symantec. REMOTE SERVICE Incident Response Retainer Services (Base) include one (1) remotely conducted Incident Investigation (“Remote Service”) for one (1) endpoint* not to exceed five (5) Service Days every twelve (12) month during the Term. Customer cannot roll over an unused Remote Service into the following year. * Microsoft® Windows® platforms (not including mobile) only. Must be Windows® XP or newer. • Symantec will analyze Customer data, including, without limitation, hardware, software, images, memory, network, logs (“Customer Data”). • Remote Service of Customer Data shall be scheduled by Customer via the Incident Response deliveryteam. • All Remote Services performed by Symantec shall be during Normal Business Hours only. • If Customer is shipping Customer hardware to Symantec, Customer acknowledges and agrees that any such Remote Service performed by Symantec shall be subject to the following: (a) Customer shall, at its sole cost and expense, be solely responsible for the delivery of Customer Data (on a medium to be mutually agreed with Symantec) to Symantec and the return of such Customer Data to Customer following conclusion of Remote Service; (b) Customer Data shall be delivered to Symantec at a location mutually agreed between Customer and the Incident Response delivery team, in a tamper‐evident container (where applicable). Where applicable, Customer shall provide Symantec with the applicable delivery tracking number and shall ensure that Symantec’s physical acknowledgement of receipt is required upon delivery; (c) Symantec shall have no responsibility whatsoever with respect to Customer Data, including, without limitation, to any Customer Data that may remain within any Customer hardware (whether accessible, readable or not). • If Customer is using Customer Self‐Service Evidence Collection Tool, the use by Customer shall be governed by the license agreement accompanying the tool. If no XXXX accompanies the Customer Self‐Service Evidence Collection Tool, it shall be governed by the terms and conditions located at: xxxx://xxx.xxxxxxxx.xxx/content/en/us/enterprise/eulas/b‐hosted‐service‐component‐xxxx‐eng.pdf. • Each Remote Service concludes with an email summarizing the findings. Requesting a Service. Customer shall contact Symantec to request a Service. Symantec will then provide Customer with a Work Authorization Form or “WAF” describing the service to be rendered, and Customer must sign and return the WAF to Symantec (“Incident Investigation Registration”). Incident Investigation Registration is the date of receipt by Symantec of the signed WAF. To augment the Incident Response Retainer Services (Base), Customer may purchase Additional Services Day(s) as described below: