《e Cloud vulnerability scanning service agreement》 is jointly signed by the user (Party A) and China Telecom Global Limited. (Party B). Party B shall provide Party A with the vulnerability scanning service of e Cloud through the official website platform of China Telecom e Cloud(website: www.ctclouds.com). Party A shall use the service in accordance with the agreement.
Party A shall fully read, understand and agree to accept and abide by this agreement before using the e Cloud vulnerability scanning service. If Party A accepts this agreement by clicking on consent, it shall be deemed that Party A agrees and accepts all contents of this agreement, and this agreement shall constitute binding legal documents between Party A and Party B. If Party A does not agree to accept this agreement, please do not use the e Cloud vulnerability scanning service.
1.1 "e Cloud vulnerability scanning service" (hereinafter referred to as "the service") refers to a kind of security service provided by Party B to timely discover security vulnerabilities and objectively assess the system risk level through scanning the network host, including host system vulnerability detection, open port scanning, weak password detection and configuration vulnerability detection.
1.2 "Management console" refers to the service system platform provided by Party B to Party A through e Cloud platform to manage and maintain the products ordered in its account“ Management console "means https://soc.ctclouds.com/main/riskPerceptionMain.
1.3 "Fault acceptance" refers to Party A's application or complaint through the customer service hotline provided by Party B and Party B's reply when Party A's use of Party B's vulnerability scanning service is affected.
1.4 "Non fault acceptance" refers to that when Party A encounters problems that do not affect the business use in the process of using Party B's vulnerability scanning service, Party A shall consult, declare or complain to Party B through the customer service hotline provided by Party B and get Party B's reply.
1.5 "Response time" refers to the time from Party B receiving Party A's consultation, application or complaint to Party B's reply.
1.6 "This website" or "e Cloud platform" refers to the official website platform of China Telecom e Cloud (website: www.ctclouds.com).
1.7 "This Agreement" includes the text and annex of the China Telecom vulnerability scanning service agreement and all rules, notices, announcements, etc. concerning the service that Party B has issued or may issue in the future (collectively referred to as "service rules"). All service rules are integral parts of this Agreement and have the same legal effect as the text of the agreement.
1.8 "User agreement" refers to the "China Telecom e Cloud user agreement" signed by Party A and Party B when registering the account of this website.
2.1 Party B shall provide e Cloud vulnerability scanning service to Party A in accordance with this agreement. The specific content of this service shall be subject to the service actually provided by Party B to Party A after being displayed on this website and applied by Party A. Party B has the right to constantly update the service content.
2.2 Service Premise: In order to use the service, Party A shall first meet all the following conditions:
(1) Agree and accept the user agreement, successfully register as a user of this website, and continuously have a legal and valid user account of this website when signing and performing this Agreement;
(2) Agree and accept this Agreement;
(3) Apply for the use of this service according to the service rules of this website;
(4) Submit corresponding qualification documents in accordance with this Agreement and pass Party B's review;
(5) Other business use preconditions specified in this agreement.
3、 Service Fee
3.1 Party A shall pay the service fee to Party B in accordance with the agreement when using the service. This service is charged according to the number of scanning times.
3.2 The specific service types and corresponding service fees under this service shall be subject to the service rules of this website and the information listed on the order page of this service. Party A may choose the specific service types by itself, and shall pay the corresponding service fees according to the current effective price system on this website.
3.3 Party A may use [account balance or voucher (the issuance and use of voucher shall be subject to the voucher rules formulated by Party B separately)] to pay Party B expenses. Party A shall ensure that the balance in the account is sufficient and complete the payment within 48 hours after ordering the service and generating the order. Party B has the right to cancel the order which has not been paid within the time limit.
3.4 If Party A needs Party B to issue an invoice when purchasing the service, Party A shall apply for issuing an invoice on the product ordering interface of this website when ordering the service, and fill in the payment unit, payment, invoice type and mailing address according to the format and requirements; Party B shall issue and mail the invoice of corresponding amount for Party A according to law; Party A uses the voucher to pay part of the corresponding amount, and Party B does not provide the invoice; Party B will issue an invoice for Party A at the request of Party A from the 8th day after the successful payment of the order.
3.5 If Party A has any objection to the payment, it shall submit a verification application to Party B in writing. In case of any error confirmed by both parties, Party B shall adjust the corresponding expenses.
4. Service Opening
4.1 After Party A pays the fee and successfully purchases the ordered service, Party B shall open and provide corresponding vulnerability scanning service for Party A. After the opening of the service, Party A can log in to this website and complete the configuration of e Cloud vulnerability scanning service in the management console.
4.2 Party A shall keep the account balance sufficient to ensure the continuous use of the service. If the balance of Party A's account is insufficient, Party B has the right to terminate the service provided to Party A.
5、Customer Service Assurance
5.1 Party B's customer service hotline: 852-31000000.
5.2 The time for Party B to provide after-sales service for Party A: 7 days × 24 hours.
5.3 Party B shall provide Party A with a response time of no more than 30 minutes after fault acceptance; The response time after non fault acceptance shall not exceed 12 hours.
6、 Technical Support Guarantee
6.1 Party B shall provide technical support guarantee for Party A according to the specific situation and Party A's needs after accepting the fault or non fault of Party A. The service time of Party B's engineer is 5 days × 8 hours.
6.2 Party B will arrange security experts to scan the target devices authorized by Party A through vulnerability scanning tools, so as to comprehensively detect the vulnerability of the devices in the system, find the security vulnerabilities and security configuration problems in the information system, check the weak passwords in the system, collect the open service ports of the system, and form the overall security risk report, Help Party A's security management personnel find security problems before attackers and repair them in time. In view of the existence of a violent password guessing item in the scanning process, which may cause the account of the device to be locked and affect the normal login management of the device, Party A shall inform whether to detect the item before the vulnerability scanning.
6.3 In order to ensure the normal operation of Party A's equipment, Party B will conduct vulnerability scanning at the time agreed with Party A, and only scan the equipment scope designated by Party A each time. Party B will inform Party A in advance to make necessary preparations before providing vulnerability scanning service.
6.4 In view of the complexity of the technology of the operating system and other application products manufacturers, Party B shall formulate the risk avoidance strategy in advance during the vulnerability scanning process and fully communicate with Party A, so as to avoid abnormal situations in the scanning process as far as possible. In order to ensure business continuity, Party A shall make data backup and recovery plan. If Party B receives feedback from Party A during the scanning test and detects any abnormality in the equipment, it shall immediately stop the scanning and report to Party A, but Party B shall not be responsible for the above abnormalities.
6.5 In view of the sensitive information of Party A involved in the process of vulnerability scanning service, Party B guarantees that its service personnel have good professional ethics, Party B and its service personnel will strictly keep the scanning process and results confidential, and Party B shall not disclose them to a third party without the written authorization of Party A.
6.6 In view of the continuous innovation and change of security attack and defense technology, Party A understands that it is difficult for Party B to exhaust all the security weaknesses of the equipment in the vulnerability scanning process. After the scanning, Party B will not be responsible for any new security problems or attacks on Party A's equipment.
6.7 Party A shall have the right to know the process and results of vulnerability scanning. After the completion of vulnerability scanning service, Party B will submit the vulnerability scanning report to Party A, explain the scanning results, and answer Party A's questions within 3 working days after submitting the report.
7、 Rights and Obligations of Party A
7.1 Party A guarantees that its use of the service is in accordance with the national / regional laws and regulations, legal and authentic, and does not infringe the legitimate rights and interests of any third party.
7.2 Party A guarantees that Party A shall not reverse engineer, decompile or disassemble the service except for activities explicitly permitted by law.
7.3 When using the service, Party A shall make data backup and bear the risk of data loss, omission and damage caused by its own reasons, and Party B shall not be responsible for this.
7.4 Party A shall provide Party B with necessary technical parameters, including but not limited to IP address segment and corresponding application type, server related parameters, network structure and network resources, and actively cooperate with Party B to complete the implementation and debugging of vulnerability scanning service project, so as to ensure the normal operation of the service.
7.5 If Party A violates any of the guarantees in this Agreement and the user agreement, including but not limited to not having all the qualification licenses and performing the relevant procedures required to carry out the business at the time of signing this agreement, or losing all or part of the qualification licenses within the validity period of this agreement, Party B has the right to suspend the provision of e Cloud vulnerability scanning service and require Party A to correct it within the time limit; If Party A fails to correct within the time limit, Party B has the right to terminate this Agreement without any responsibility. Party A shall be liable for breach of contract and compensate Party B for the corresponding losses.
7.6 Party A understands and fully recognizes that the scanning results shall be subject to the real-time state of the system at the time of scanning. Party A shall agree with the professional security report obtained by scanning and inspecting the scanned assets with an authoritative vulnerability scanning tool and analyzing the scanning results in combination with security experts, Threat Intelligence Analysis and other auxiliary methods. Party A shall fill in the information as required by Party B, and ensure the authenticity and validity of the information. When purchasing the vulnerability scanning service, Party A should provide the real and effective public network address of the system to be scanned. If Party A need to scan the intranet equipment, Party A should also provide a jump server that can access the intranet from the public network to deploy the scanner and carry out vulnerability scanning.
7.7 This product will take effect immediately upon ordering. Except for force majeure, cancellation is not supported.
8、 Term and Termination of the Agreement
8.1 This Agreement shall come into effect from the date of the successful purchase or application of the products, and terminate upon the expiration of the service period ordered by Party A, unless otherwise agreed by both parties.
8.2 This Agreement may be terminated in advance if both parties agree upon it.
8.3 Party B shall have the right to terminate this agreement in the following circumstances:
8.3.1 According to laws and regulations or the requirements of government authorities.
8.3.2 Party B believes that continuing to provide services to Party A will cause huge economic or technical burden or major safety risk to Party B.
8.3.3 It is not practical for Party B to continue to provide services to Party A due to any change of laws or policies.
8.3.4 Party A fails to pay the relevant expenses in full and on time.
8.3.5 Party A violates the letter of responsibility for Internet cloud service users entering the network, letter of commitment for network information security and legal statement of this website.
8.3.6 Party A no longer meets any of the service prerequisites stipulated in article 2.2 of this Agreement.
8.3.7 Party A violates other terms of this agreement.
8.4 If any provision of this agreement is invalid or unenforceable for any reason, the rest of this Agreement shall remain valid and binding.
9.1 Termination of this Agreement shall not affect the effectiveness of the user agreement between Party A and Party B. If the user agreement between Party A and Party B is terminated, this agreement will be terminated automatically.
9.2 If this agreement is not agreed, both parties shall abide by the agreement of the user agreement at the same time; In case of any conflict between this Agreement and the agreement of the user on the same matter, this Agreement shall prevail.
9.3 The text of this agreement has the same legal effect as the annex. If there is any conflict between the text and the annex, the “text of agreement” shall prevail.