SoteriaSec Pte Ltd General Terms and Conditions

Version 1.1 — June 2026

1. Formation of Agreement

1.1 These general terms and conditions apply to any engagement where a letter of engagement, proposal, sales quotation, or statement of work issued by SoteriaSec Pte Ltd (SoteriaSec) references or incorporates these terms.

1.2 SoteriaSec may provide Services as requested by the Client. Services will be detailed in a letter of engagement, proposal, sales quotation, or statement of work (as the case requires). Once the relevant document has been executed, a separate agreement is formed between the parties incorporating these general terms and conditions (each, an Agreement). Where Services are commenced without a signed Agreement document, clause 2.9 provides an alternative basis for Agreement formation.

1.3 By accepting a letter of engagement, proposal, or quotation, the Client agrees to these terms and conditions. Together with the letter of engagement, these terms and conditions form the complete agreement between the Client and SoteriaSec and supersede all prior communications, negotiations, arrangements, and agreements, whether oral or written, between the Client and SoteriaSec with respect to the subject matter of the Agreement.

1.4 These general terms and conditions and any Agreement shall be interpreted in the following order of priority:

(a) an amendment agreed in writing between the parties;

(b) the terms contained in the applicable Agreement;

(d) these general terms and conditions.

1.5 Except as agreed in writing, no other terms or conditions contained in any Client document will apply to or be incorporated into an Agreement, including any purchase order or other contractual documentation provided by the Client.

1.6 Changes or additions to an Agreement must be made in writing by the signatory of the relevant letter of engagement and agreed in writing by SoteriaSec.

2. Provision of Services

2.1 SoteriaSec will perform Services in accordance with any specifications and as described in the Agreement.

2.2 When performing any Services, SoteriaSec agrees to:

(a) comply with all reasonable directions of the Client and all applicable Laws in the performance of its obligations;

(b) comply with all reasonable health and safety policies of the Client while on the Client’s site, as provided to SoteriaSec prior to commencing work; and

(c) use reasonable endeavours to have any specific personnel identified in the Agreement available to perform the Services, and will provide the Client with reasonable notice if it intends to replace or reassign such personnel.

2.3 The Client agrees to reasonably facilitate SoteriaSec’s supply of Services, including by:

(a) providing SoteriaSec with safe and timely access and authorisation to access and use the Client’s Systems, personnel, facilities, site, and utilities as reasonably required;

(b) providing SoteriaSec with any requested information relevant to the provision of the Services in a timely and accurate manner;

(d) complying with all reasonable requests or directions of SoteriaSec.

2.4 Where the Client fails to provide information, access, or approvals necessary for SoteriaSec to perform the Services, SoteriaSec will not be responsible for any resulting delay or failure to deliver. SoteriaSec may, by written notice to the Client, adjust any delivery timeline affected by such failure and may invoice the Client for reasonable costs and time incurred as a result of the delay. If the Client’s failure to cooperate continues for more than ten (10) Business Days after written notice from SoteriaSec, SoteriaSec may at its discretion suspend or cancel the engagement, in which case clauses 16.2 and 17.2 apply to the costs of the cancelled or suspended engagement.

2.5 The Client is responsible for any delays caused or contributed to by the Client, including failure to provide any information or access to Client premises or Systems necessary for the Services at least five (5) Business Days prior to commencement of the applicable Services.

2.6 If the Client requests SoteriaSec to cancel, delay, reschedule, or suspend the Services with less than three (3) Business Days’ notice, the Client must pay SoteriaSec its reasonable costs associated with such cancellation, delay, rescheduling, or suspension.

2.7 The Client acknowledges that, due to the nature of some Services, SoteriaSec’s proper performance of those Services may have an impact on the Client’s Systems. The Client should create and maintain a backup of its relevant Systems prior to SoteriaSec commencing any work on those Systems.

2.8 In performing the Services, SoteriaSec will not be deemed to have knowledge or information from other Services or prior engagements unless expressly agreed otherwise in writing.

2.9 Where the Client requests SoteriaSec to mobilise personnel or commence Services prior to the execution of a formal letter of engagement or other Agreement document, whether on an emergency basis or otherwise, the Client’s request to proceed (whether made orally, by email, by purchase order, or by any other conduct indicating authorisation to proceed) constitutes the Client’s acceptance of these General Terms and Conditions in respect of the relevant engagement. All Services performed from the time of the request to proceed are governed by these General Terms and Conditions, and the Client will be liable for all fees and costs incurred from that time in accordance with clause 7. For the avoidance of doubt, SoteriaSec’s standard rates apply to all time incurred from the point of commencement unless otherwise agreed in writing. SoteriaSec will use reasonable endeavours to issue a confirmatory letter of engagement as soon as practicable after commencement, and the parties will execute that document promptly. The absence of a signed letter of engagement does not affect the validity or enforceability of these General Terms and Conditions or SoteriaSec’s entitlement to fees for Services performed.

3. Authorisation

3.1 The Client authorises SoteriaSec and SoteriaSec’s personnel to access and use the Client’s networks and Systems as reasonably required to provide the Services, and confirms that this authorisation is given in compliance with all relevant Laws (including applicable privacy laws).

3.2 Client Warranty — Authority to Provide Data and Materials

The Client warrants and represents that:

(a) all data, information, devices, media, system images, logs, records, and any other materials provided to SoteriaSec in connection with an engagement (Client Materials) are either owned by the Client, or the Client holds all necessary rights, consents, authorities, and releases required to provide those Client Materials to SoteriaSec for the purposes of the Services;

(b) the provision of Client Materials to SoteriaSec does not breach any obligation owed to any third party, including but not limited to obligations of confidentiality, privacy, data protection, or any applicable law or regulation;

(c) where Client Materials contain Personal Information of third parties, the Client has obtained all consents and authorities required under applicable Privacy Laws to permit SoteriaSec to collect, hold, access, use, and process that Personal Information in the performance of the Services; and

(d) the Client has obtained any authorisation required from the owner or custodian of any device, system, account, or data source before providing that device, system, account, or data source to SoteriaSec, and the Client confirms it has the legal right to submit that material for examination and analysis.

3.3 No Knowledge and Client’s Risk

(a) SoteriaSec accepts Client Materials in good faith and acts upon the Client’s warranties in clause 3.2. SoteriaSec has no obligation to verify, and does not represent that it has verified, the ownership, provenance, or authorisation status of any Client Materials provided to it.

(b) Where Client Materials include devices, accounts, or data that the Client was not authorised to provide to SoteriaSec, whether as a result of the Client’s error, oversight, or otherwise, the Client bears sole responsibility for any resulting claim, liability, loss, damage, regulatory action, or third-party demand arising from or in connection with that provision.

(c) The Client indemnifies SoteriaSec and its personnel against any Loss, claim, demand, or proceeding arising from or in connection with any breach of the warranties in clause 3.2, including any claim by a third party asserting rights in respect of any Client Materials provided to SoteriaSec.

3.4 The warranties in this clause supplement and do not replace those in clause 3.2. Where the performance of the Services involves the transfer, processing, or storage of Client Data or Personal Information across international borders, including between jurisdictions in which SoteriaSec’s personnel are located, the Client warrants and represents that:

(a) it has obtained all authorisations, consents, and approvals required under applicable Privacy Laws and any other applicable law or regulation to permit SoteriaSec to transfer, access, process, and store Client Data and Personal Information in any jurisdiction in which SoteriaSec or its subcontractors carry out the Services;

(b) the cross-border transfer and processing of Client Data and Personal Information as contemplated by the Agreement does not breach any obligation owed by the Client to any individual, regulatory authority, or third party; and

(c) the Client will promptly notify SoteriaSec in writing if any authorisation, consent, or approval referred to in clause 3.4(a) is withdrawn, expires, or is otherwise no longer in force during the Term.

SoteriaSec will take reasonable steps to ensure that Client Data transferred across borders is handled in accordance with the Privacy Laws applicable in the jurisdiction from which the data originates, to the extent those obligations are known to SoteriaSec at the time of transfer.

4. Subcontractors

4.1 SoteriaSec may utilise subcontractors to deliver part of an engagement. Where subcontractors are used to contribute to final deliverables for the Client, or handle any Client data or evidence, the Client will be notified before the subcontractor commences any work on the engagement.

4.2 All subcontractors providing input to the deliverables, or handling any evidence from the Client, will do so under a Non-Disclosure Agreement.

4.3 SoteriaSec remains responsible for the performance of its obligations by its subcontractors.

5. Governance, Risk, Compliance, and Privacy Advisory

5.1 The Client is responsible for ensuring that the selection and use of Services satisfies all of the Client’s legal, regulatory, and compliance obligations.

5.2 Unless expressly set out in an Agreement, SoteriaSec is not responsible for any of the Client’s legal, regulatory, or compliance obligations.

5.3 SoteriaSec does not provide legal advice, financial statement audits, attest procedures, or professional engineering services in the course of its Services. The Client is solely responsible for implementing any advice or recommendations and for ensuring that any such implementation complies with applicable law.

6. Term

Unless otherwise terminated in accordance with clause 16, an Agreement commences on the earlier of SoteriaSec providing the Services or as otherwise agreed in writing, and continues for the duration set out in the applicable Agreement (Term).

7. Invoices and Payments

7.1 The Client agrees to pay SoteriaSec for the provision of Services as set out in a valid tax invoice issued by SoteriaSec.

7.2 The Client agrees to pay SoteriaSec for all travel and related expenses reasonably incurred by SoteriaSec to meet the Client’s written direction or delivery requirements.

7.3 SoteriaSec will issue invoices as set out in the applicable Agreement, or otherwise at the end of the month in which the Services are delivered.

7.4 Payment of all invoiced amounts will be made within fourteen (14) days of receipt of an invoice, or the due date listed on the invoice, whichever is later.

7.5 All fees and prices are provided exclusive of all applicable taxes, duties, goods and services tax, and government charges (Taxes). If Taxes are payable for, or charged on, any supply made by SoteriaSec under an Agreement, the Client must pay an amount equal to the Taxes charged on such supply at the same time as the amounts due.

7.6 Interest on any payment past due will accrue at the lower of 1.5% per month or the maximum rate permitted by applicable law. The Client will be responsible for SoteriaSec’s costs of collection for any payment default, including court costs, filing fees, and reasonable legal fees.

7.7 The Client may not set off, counterclaim, or deduct any amount from an amount owing to SoteriaSec, unless it has notified SoteriaSec in writing of any disputed invoices within five (5) Business Days of receipt, detailing the amount and the reason for the dispute. In such circumstances, the Client must pay SoteriaSec the portion of the invoiced amounts not in dispute by the due date for payment.

8. Intellectual Property

8.1 Each party retains all title and ownership in its own Background IP.

8.2 Subject to clauses 8.1 and 8.3, all intellectual property rights in the Deliverables, the Services, and any other material created by or for SoteriaSec in delivering the Services remain the property of SoteriaSec.

8.3 Subject to full payment of all amounts due under the Agreement, SoteriaSec grants to the Client a non-exclusive, non-transferable, non-sub-licensable, royalty-free licence for the Term (except for documentary Deliverables for which the licence will be perpetual) to use the intellectual property rights in the Deliverables and the Services for the sole and limited purpose of enjoying the benefit of the Services as set out in the Agreement.

8.4 Any methodologies, processes, techniques, ideas, concepts, trade secrets, know-how, and other intellectual property embedded in the Deliverables that SoteriaSec may develop or supply remain the sole and exclusive property of SoteriaSec.

8.5 In providing the Services, SoteriaSec may provide the Client with software, services, or deliverables that include material owned by or proprietary to a third party (Third Party Material). The Client agrees that:

(a) all Third Party Material is provided as a facilitator by SoteriaSec without warranty of any kind from SoteriaSec or its affiliates; and

(b) title in any Third Party Material remains at all times with the third party.

8.6 Where SoteriaSec provides software, tools, or technology under a licence granted by a third-party vendor as part of the Services:

(a) the Client agrees to be bound by the applicable end-user licence agreement or terms of use of the relevant third-party vendor, as notified to the Client by SoteriaSec prior to or at the time of provision;

(b) SoteriaSec’s obligations in respect of that software or tool are limited to those of a reseller or facilitator and SoteriaSec does not assume any obligations of the primary licensor, including in relation to software performance, maintenance, updates, or support, except to the extent expressly stated in the Agreement;

(c) if the third-party vendor modifies, suspends, or revokes its licence terms or the availability of the software or tool, SoteriaSec will use reasonable endeavours to notify the Client promptly but will not be liable for any Loss arising from such modification, suspension, or revocation; and

(d) the Client must not use any software or tool provided under a third-party licence in a manner that exceeds the scope of the licence as notified by SoteriaSec, and will indemnify SoteriaSec against any Loss arising from the Client’s breach of the applicable third-party licence terms.

9. Confidentiality

9.1 Each party agrees that where it, its personnel, or its related entities receive Confidential Information of the other party (the Disclosing Party), the receiving party (the Recipient) must:

(a) treat all Confidential Information as confidential and not use it except as reasonably necessary for the purposes of the Agreement;

(b) hold the Confidential Information in strict confidence and not disclose it to any third party (subject to any legal requirement to disclose), except to members of that party’s personnel or professional advisors who need such information to perform their duties and who are bound by equivalent confidentiality obligations;

(c) notify the Disclosing Party in writing within seventy-two (72) hours of becoming aware that any Confidential Information may have been accessed, used, disclosed, or disseminated by any unauthorised party, and provide reasonable details of the circumstances of the suspected or actual breach to the extent known at the time of notification. Where a suspected or actual breach of Confidential Information also constitutes a Security Breach, the notification obligations of clause 11.2 apply and satisfy the notification requirement under this clause 9.1(c);

(d) use, at a minimum, the same degree of care with respect to its obligations under this Agreement as it employs with respect to its own confidential or proprietary information, but in no event less than reasonable care; and

(e) upon request by the Disclosing Party or termination of the Agreement, promptly deliver to the Disclosing Party any Confidential Information in its custody, control, or possession.

9.2 The obligations of confidentiality under clause 9.1 do not apply to the extent the Confidential Information:

(a) has been lawfully disclosed to the Recipient by a third party free from obligations of confidentiality; or

(b) is in the public domain other than through a breach of the Agreement.

9.3 The Services, including all Deliverables and reports, are provided solely for the Client’s use and the purpose set out in the Agreement. The Client may not disclose or discuss the Services or any Deliverable or report, or make the benefit of the Services available to any other person, except:

(a) as specifically stated in the Agreement;

(b) with SoteriaSec’s prior written consent on terms to be agreed in writing;

(c) where SoteriaSec is providing expert witness services or advice for the purpose of litigation, to any other party to the litigation and to the court or forum with conduct of the litigation; or

(d) where required by Law or regulation, in which case the procedure in clause 9.4 applies to the extent legally permitted.

9.4 Where a party (the Compelled Party) is required by Law, regulation, court order, subpoena, or demand from a regulatory, self-regulatory, or legislative body of competent jurisdiction to disclose the other party’s Confidential Information, the Compelled Party must, to the extent legally permitted:

(a) give the Disclosing Party prompt written notice of the requirement or demand prior to making any such disclosure, and in any event as soon as practicable after receiving the requirement or demand;

(b) provide the Disclosing Party with a reasonable opportunity to seek a protective order, confidential treatment, or other appropriate remedy before disclosure is made; and

(c) disclose only that portion of the Confidential Information that the Compelled Party is legally required to disclose, and use reasonable endeavours to ensure that any Confidential Information so disclosed is afforded confidential treatment.

9.5 Where the Compelled Party is required to disclose the Disclosing Party’s Confidential Information in connection with legal proceedings to which the Disclosing Party is a party but the Compelled Party is not, the Disclosing Party must reimburse the Compelled Party for all reasonable and documented out-of-pocket costs and legal fees incurred by the Compelled Party in complying with such requirement, including reasonable costs of preparing for and participating in any related depositions, hearings, or other proceedings. This clause applies in addition to, and does not limit, the cost reimbursement obligations in Schedule 2 (Expert Witness Services).

9.6 Upon written request by the Disclosing Party, the Recipient must use commercially reasonable efforts to destroy or permanently delete the Disclosing Party’s Confidential Information and any copies or extracts thereof in the Recipient’s possession or control. Upon completion, the Recipient must provide the Disclosing Party with written confirmation that destruction has been carried out in accordance with this clause. The Recipient is not required to destroy Confidential Information that:

(a) it is required to retain under applicable Law, professional standards, or the order of a court or regulatory authority;

(b) is contained in electronic systems, archives, or automated back-up or disaster recovery systems that cannot practicably be deleted without disproportionate effort or cost, provided that any such retained information remains subject to the confidentiality obligations in this clause 9 for so long as it is retained; or

(c) forms part of SoteriaSec’s work papers, reports, or records that SoteriaSec is required to retain under its internal document retention policies or applicable professional obligations.

9.7 Each party acknowledges that a breach or threatened breach of this clause 9 may cause the other party irreparable harm for which monetary damages would not be an adequate remedy. Accordingly, notwithstanding the dispute resolution procedure in clause 22.2, either party may apply to a court of competent jurisdiction for urgent injunctive, interlocutory, or other equitable relief to prevent or restrain a breach or threatened breach of this clause 9, without first being required to exhaust the mediation process in clause 22.2 and without being required to post any bond or other security. This clause does not limit any other rights or remedies available to either party at law or in equity.

9.8 The provisions of this clause 9 continue in force indefinitely following the termination of the Agreement. For the avoidance of doubt, confidentiality obligations survive for a minimum of three (3) years post-termination.

10. Privacy

10.1 Both parties agree to comply with the Privacy Laws applicable in the relevant jurisdiction in relation to the provision and use of the Services.

10.2 Where the Client discloses Personal Information to SoteriaSec, or permits SoteriaSec to collect, access, or handle such information under an Agreement, the Client represents and warrants that it has obtained (and will maintain) any authorisations or consents from relevant individuals required under all applicable Privacy Laws.

10.3 SoteriaSec will only collect, access, use, disclose, or handle Client Personal Information to the extent necessary for performance of the Services.

10.4 SoteriaSec may use certain Client Data when analysing cybersecurity incidents or threats, including attack vectors, methods, defences, and other similar items, and for the purposes of quality assurance and service integrity and enhancement. When analysing such threats, SoteriaSec will not collect Personal Information unless necessary and relevant to the nature or occurrence of the threat.

10.5 SoteriaSec may share anonymised results of its cybersecurity research and analysis with other cybersecurity providers, customers, government or regulatory bodies, or law enforcement that have an interest in cybersecurity threats and prevention. Any sharing under this clause is subject to SoteriaSec’s confidentiality obligations under clause 9 and will not include any information that would identify, or could reasonably be used to identify, the Client or any individual associated with the Client.

11. Data Security

11.1 SoteriaSec will take reasonable technical and administrative precautions to prevent any Security Breach of SoteriaSec’s Systems.

11.2 Each party must notify the other in writing as soon as practicable, and in any event within seventy-two (72) hours of becoming aware of a Security Breach. Each party must provide the other with reasonable assistance in investigating and managing any Security Breach, including cooperating with any notifications required under applicable Privacy Laws. For the avoidance of doubt, the notification obligation in this clause 11.2 applies only to a Security Breach and does not apply to a security incident affecting SoteriaSec’s systems that does not involve Client Data or Personal Information of the Client.

11.3 SoteriaSec may remove all electronic evidence and Client Data held by SoteriaSec fourteen (14) days after completion of the engagement. The Client may request an extension of this period, which SoteriaSec may agree to at the Client’s cost. Notwithstanding the foregoing, SoteriaSec retains the right to retain a copy of its reports or work papers as necessitated by internal policies, archiving procedures, or pursuant to Law or regulation.

12. Warranties

12.1 Each party warrants that:

(a) it has the power, capacity, and authority to enter into and observe its obligations under the Agreement; and

(b) the Agreement has been duly executed and is a legal and binding agreement enforceable against it in accordance with the terms of the Agreement.

12.2 The Client warrants that, unless expressly stated otherwise in an Agreement, it is not the trustee of any trust. Where an Agreement indicates that the Client is the trustee of a trust, the Client warrants that:

(a) it enters into the Agreement in its own right and as trustee of each trust stated in that Agreement;

(b) the relevant trust has been duly established and is subsisting;

(d) no administrators, receivers, or trustees in bankruptcy have been appointed to the relevant trust or threatened to be appointed in the past two (2) years;

(e) the Client is the duly appointed, current, and only trustee of the relevant trust;

(f) as trustee, the Client has the power to enter into and perform its obligations under the Agreement;

(g) it has a sufficient right of indemnity out of the assets of the trust in respect of its obligations under the Agreement;

(h) no breach of the trust deed exists or would arise as a result of entering into the Agreement; and

(i) on request, it will provide SoteriaSec with a copy of the trust deed for each relevant trust (including any deeds of variation, amendment, or restatement).

12.3 SoteriaSec warrants that:

(a) it and its personnel will provide the Services by exercising the same degree of skill, care, and diligence that would be exercised by a professional services provider of similar size in the same industry in similar circumstances; and

(b) its personnel are appropriately trained and experienced to provide the Services.

12.4 SoteriaSec provides no warranty or guarantee as to the outcome of any Services or any resulting legal or other proceedings.

12.5 In performing the Services, SoteriaSec will rely on all information, data, instructions, specifications, and other materials provided by the Client as being true, accurate, complete, and not misleading. Unless otherwise expressly agreed in writing, SoteriaSec will not independently verify, audit, or validate any information or materials provided by the Client, and will not be liable for any Loss arising from Services performed in reliance on information or materials that were inaccurate, incomplete, or misleading, where that inaccuracy or incompleteness was not caused by SoteriaSec.

12.6 The Client acknowledges and agrees that SoteriaSec does not warrant or guarantee that the Services will identify, locate, or detect all threats, vulnerabilities, malware, malicious software, compromised systems, unauthorised access, or other security risks present in or affecting the Client’s environment, networks, or Systems. The inherent limitations of cybersecurity services, including the availability of evidence, the state of the Client’s Systems at the time of the engagement, and the nature of threat actor activity, mean that the absence of a finding does not constitute a representation that no threat, vulnerability, or compromise exists. The Client agrees not to hold SoteriaSec liable for threats, vulnerabilities, or security incidents that were not identified in the course of the Services.

12.7 Except as set out in an Agreement, and to the extent permitted by law, SoteriaSec makes no warranty or representation, express or implied, in relation to the Services or any Third Party Material.

12.8 Nothing in the Agreement excludes, restricts, or modifies any condition, guarantee, warranty, right, or remedy conferred on the parties by applicable consumer protection legislation that cannot be excluded, restricted, or modified by agreement.

13. Indemnity

13.1 The Client indemnifies SoteriaSec against any action, claim, demand, loss, cost, damage, or liability caused by or arising from the Client’s acts or omissions in connection with the Services, except to the extent caused by SoteriaSec’s gross negligence, wilful misconduct, or fraud.

13.2 SoteriaSec indemnifies the Client for any direct Loss suffered by the Client arising from any third-party claim that the Client’s use of the Deliverables or other materials provided by SoteriaSec in the performance of its Services infringes the intellectual property rights of a third party, except that SoteriaSec will not be liable for any such Loss caused or contributed to by:

(a) any modification of the Deliverables by the Client;

(b) use of the Deliverables not in accordance with any directions given by SoteriaSec;

(c) the Client’s failure to take all reasonable steps to mitigate any Loss upon becoming aware of any such third-party claim; or

(d) SoteriaSec having followed specific instructions given by the Client as to the tools, methods, software, or other materials to be used in performing the Services, where the infringement arises directly from compliance with those instructions.

13.3 Where SoteriaSec has an indemnity obligation under clause 13.2, SoteriaSec has the right, at its election and upon written notice to the Client, to assume sole control of the defence and settlement of the relevant third-party claim. The Client must provide SoteriaSec with all reasonable assistance in connection with the defence or settlement of such claim at SoteriaSec’s cost and expense. SoteriaSec will not settle any claim in a manner that requires the Client to admit liability or that imposes any financial obligation on the Client without the Client’s prior written consent.

13.4 If SoteriaSec does not elect to assume sole control of the defence within fourteen (14) days of receiving the Client’s written notice of the relevant claim, the Client may conduct the defence at its own cost. SoteriaSec’s indemnity obligation under clause 13.2 will apply to any settlement or judgment arising from that defence, subject to the cap in clause 13.5.

13.5 SoteriaSec’s total aggregate liability under clause 13.2 is capped at $50,000 AUD (or the equivalent in Singapore dollars at the exchange rate published by the Monetary Authority of Singapore on the date the liability arose, where the Agreement is governed by the laws of Singapore). This cap applies in addition to, and does not reduce, the general aggregate cap in clause 14.1.

14. Liability

14.1 SoteriaSec’s total aggregate liability to the Client in respect of all Losses incurred by the Client (whether for breach of contract, in tort including negligence, or otherwise) arising out of or in connection with the performance of Services under an Agreement is limited to the lesser of:

(a) the amount paid by the Client to SoteriaSec under the applicable Agreement in the twelve (12) months preceding the event giving rise to the Loss; and

(b) $150,000 AUD (or the equivalent in Singapore dollars at the exchange rate published by the Monetary Authority of Singapore on the date the liability arose, where the Agreement is governed by the laws of Singapore).

This cap is an aggregate cap applying across all claims, causes of action, and theories of liability arising under or in connection with the Agreement, and shall not be expanded or multiplied by the existence of multiple claims or causes of action whether arising from the same or separate events.

14.2 Except in the event of gross negligence, wilful misconduct, or fraud, SoteriaSec will not be liable for:

(a) loss or corruption of data from the Client’s systems;

(b) loss of profit, goodwill, business opportunity, anticipated savings, or benefits; or

14.3 The limitation of liability in clauses 14.1 and 14.2 does not apply to:

(a) personal injury or death of any person to the extent caused by SoteriaSec;

(b) damage to tangible property caused by SoteriaSec’s negligent act or omission;

(c) breach of clause 9 (Confidentiality) by SoteriaSec, for which SoteriaSec’s total aggregate liability is limited to $250,000 AUD (or the equivalent in Singapore dollars at the exchange rate published by the Monetary Authority of Singapore on the date the liability arose, where the Agreement is governed by the laws of Singapore); or

(d) breach of clause 10 (Privacy) by SoteriaSec, for which SoteriaSec’s total aggregate liability is limited to $1,000,000 AUD (or the equivalent in Singapore dollars at the exchange rate published by the Monetary Authority of Singapore on the date the liability arose, where the Agreement is governed by the laws of Singapore).

14.4 The limit of liability in clause 14.2 does not apply to personal injury or any other liability that cannot be lawfully excluded.

14.5 No action, regardless of form, relating to the Agreement or the Services provided under it may be brought by either party more than one (1) year after the cause of action has accrued, except that an action for non-payment may be brought no later than one (1) year following the due date of the last payment owing to the party bringing such action.

15. Conflicts of Interest

15.1 SoteriaSec is involved in a range of activities from which conflicting interests or duties may arise. SoteriaSec has undertaken an inquiry of its records in accordance with its standard business practices and, based on the parties identified to it, has determined that it may proceed.

15.2 Should an actual conflict come to the attention of SoteriaSec during the course of an engagement, SoteriaSec will notify the Client immediately and take appropriate action.

15.3 The Client represents and warrants that it has informed SoteriaSec of the parties in interest to any matter and agrees to inform SoteriaSec of any additions to, or name changes for, those parties.

15.4 During the course of the engagement, SoteriaSec will not provide services of the nature described in the Agreement that are directly adverse to the Client without the Client’s prior written consent.

15.5 Information that is held elsewhere within SoteriaSec but is not publicly available will not be taken into account in determining SoteriaSec’s responsibilities to the Client under the engagement. SoteriaSec will not have any duty to disclose to the Client any non-public information acquired in the course of providing services to any other person.

16. Cancellation

16.1 This document is a confirmed letter of engagement, and the Client is entitled to rely upon it for the performance of Services. SoteriaSec reserves the right to cancel an engagement at any time by giving written notice to the Client.

16.2 In the event of a cancellation initiated by SoteriaSec, SoteriaSec will immediately cease work on the engagement and take all actions necessary to minimise the cost to the Client. The Client must pay SoteriaSec an amount equal to the proportion of work completed at the time of cancellation, plus an amount equal to the cost of any goods or materials procured by SoteriaSec in reliance on the engagement.

17. Termination

17.1 Either party may terminate an Agreement with immediate effect if the other party:

(a) is in material breach of the Agreement, and such breach is incapable of remedy, or such breach is remediable, but the defaulting party fails to remedy the breach within fourteen (14) days of receiving written notice of the breach;

(b) is subject to an Insolvency Event; or

17.2 Upon termination of an Agreement for any reason:

(a) SoteriaSec will cease providing the Services;

(b) the Client must pay to SoteriaSec all outstanding amounts for Services actually performed or amounts that SoteriaSec has paid or owes to third parties that it cannot reasonably avoid paying in connection with the Agreement; and

17.3 Termination does not affect any liability or obligation of a party arising prior to termination, nor affect any damages or other remedies to which a party may be entitled.

17.4 On expiry or termination, clauses 9 (Confidentiality), 10 (Privacy), 11 (Data Security), 12 (Warranties), 13 (Indemnity), 14 (Liability), 17.2 (Payment Obligations on Termination), and 18 (Non-Solicitation) continue in full force and effect, and all rights, obligations, and liabilities accrued before expiry or termination continue.

18. Non-Solicitation

18.1 During the Term and for a period of twelve (12) months after completion of the Term, the Client must not offer work to, solicit or induce for employment, employ, or contract with SoteriaSec’s personnel who were involved with the provision of the Services, without first obtaining the prior written consent of SoteriaSec (which SoteriaSec may withhold at its absolute discretion). This clause does not apply to a bona fide publicly listed job advertisement by the Client.

19. Modern Slavery

19.1 SoteriaSec operates in compliance with the Modern Slavery Act 2018 (Cth) in Australia and, to the extent applicable, the provisions of the Prevention of Human Trafficking and Slavery Act 2012 and related legislation in Singapore.

19.2 As at the date of entering into the Agreement, SoteriaSec has no knowledge of any modern slavery offence currently occurring within its organisation or supply chains and takes reasonable commercial steps to identify the risk of and prevent modern slavery offences.

19.3 If SoteriaSec becomes aware of any modern slavery offence within its organisation or supply chain that directly or adversely impacts the obligations in the Agreement, SoteriaSec will notify the Client in writing.

20. Anti-Money Laundering

20.1 SoteriaSec may, in addition to making searches of appropriate databases, request from the Client certain information and documentation for the purposes of verifying the Client’s identity in order to comply with applicable anti-money laundering regulations and legislation. If satisfactory evidence of identity is not provided within a reasonable time, it may be necessary for SoteriaSec to cease work.

20.2 Where SoteriaSec believes there are circumstances that may give rise to a money laundering offence under applicable legislation, SoteriaSec may consider it necessary to make a report to the appropriate authorities. SoteriaSec will not be liable to the Client for any loss or damage suffered as a result of making such a report, including any delay to a matter or completion being prohibited by such authorities.

21. Miscellaneous

21.1 If any provision of an Agreement is deemed to be unenforceable, invalid, or illegal, the interpretation is to be applied to reflect the intention of the parties as far as possible without affecting the validity of the remainder of the Agreement.

21.2 Neither party may assign or novate its rights under an Agreement without the other party’s prior written consent, provided, however, that SoteriaSec may assign or novate its rights under an Agreement to a related entity without prior written consent (or, in the case of novation, with consent not to be unreasonably withheld).

21.3 SoteriaSec may use artificial intelligence (AI) tools, services, and models for its own internal operations and operational efficiency. Any use of AI by SoteriaSec will be in compliance with all applicable laws.

21.4 All notices and consents must be sent by email to, in the case of the Client, the email address for the Client or its representative set out in the Agreement, and in the case of SoteriaSec, to [email protected] , with any legal notices or notices of dispute copied to the same address.

21.5 No party is authorised to bind another party, and nothing in an Agreement is construed as creating a relationship of principal and agent, partners, trustee and beneficiary, or employer and employee.

21.6 An Agreement may only be amended or replaced with the written agreement of all parties.

21.7 An Agreement may be signed in counterparts. If an electronic signature is used, it has the same effect as a handwritten signature.

21.8 SoteriaSec will not be liable for any delay or failure to supply the Services if such delay or failure was due to an Event of Force Majeure.

21.9 No party shall have any rights against any direct or indirect holders of equity interests or securities of SoteriaSec, affiliates of SoteriaSec, or any director, officer, employee, representative, or agent of SoteriaSec or of an affiliate of SoteriaSec beyond those expressly provided in the Agreement.

21.10 Unless the Client notifies SoteriaSec in writing to the contrary at any time, the Client agrees that SoteriaSec may identify the Client by name and logo (in accordance with any trademark guidelines provided by the Client) as a client of SoteriaSec in SoteriaSec’s marketing materials, capability statements, proposals, and website. Any such reference will be limited to confirming the existence of a commercial relationship between the parties and will not describe the nature, subject matter, or scope of the Services provided, nor suggest that the Client endorses any specific SoteriaSec service or product. SoteriaSec will remove any such reference promptly upon receipt of a written request from the Client.

22. Governing Law and Dispute Resolution

22.1 Governing law. The governing law of an Agreement depends on the jurisdiction in which the Services are principally performed:

(a) where the Services are principally performed in Australia, the Agreement is governed by the laws of the State or Territory of Australia in which the Services are performed; and

(b) where the Services are principally performed in Singapore, the Agreement is governed by the laws of the Republic of Singapore.

Where the Agreement does not clearly indicate a single jurisdiction, the parties will agree in writing at the time of execution which jurisdiction’s laws apply.

22.2 Dispute resolution. Any dispute relating to the subject matter of an Agreement must be submitted to mediation prior to any other dispute resolution process being invoked. The parties will agree on a mediator within twenty-one (21) days of either party giving the other written notice of intention to invoke mediation. If the parties cannot agree on a mediator, the dispute will be referred to the Singapore International Mediation Centre (SIMC) and conducted in accordance with the SIMC Mediation Rules.

22.3 Jurisdiction. For the purposes of any legal proceedings, and to the extent not resolved through mediation, the parties irrevocably submit to the non-exclusive jurisdiction of the courts of Singapore, without prejudice to any right of a party to seek urgent or interim relief in any jurisdiction.

23. Australian Consumer Law

23.1 This clause applies where the Client is a Consumer within the meaning of the Competition and Consumer Act 2010 (Cth) and the Australian Consumer Law.

23.2 SoteriaSec’s goods and services come with guarantees that cannot be excluded under the Australian Consumer Law. For major failures with the service, the Client is entitled:

(a) to cancel its service contract with SoteriaSec; and

(b) to a refund for the unused portion, or to compensation for its reduced value.

23.3 The Client is also entitled to choose a refund or replacement for major failures with goods. If a failure with the goods or a service does not amount to a major failure, the Client is entitled to have the failure rectified in a reasonable time. If this is not done, the Client is entitled to a refund for the goods and to cancel the contract for the service and obtain a refund of any unused portion. The Client is also entitled to be compensated for any other reasonably foreseeable loss or damage from a failure in the goods or service.

23.4 Nothing in the Agreement excludes, restricts, or modifies any condition, guarantee, warranty, right, or remedy conferred on the Client by the Competition and Consumer Act 2010 (Cth) or any other Law that cannot be excluded, restricted, or modified by agreement.

24. Digital Forensic Services

Where SoteriaSec provides Digital Forensic Services under an Agreement, the additional terms set out in Schedule 1 apply to that engagement and are incorporated into the Agreement. In the event of any inconsistency between Schedule 1 and any other provision of these general terms and conditions, Schedule 1 prevails to the extent of the inconsistency.

25. Expert Witness Services

Where SoteriaSec is engaged to provide expert witness services, the additional terms set out in Schedule 2 apply to that engagement and are incorporated into the Agreement. In the event of any inconsistency between Schedule 2 and any other provision of these general terms and conditions, Schedule 2 prevails to the extent of the inconsistency.

26. Staff Augmentation

Where SoteriaSec provides personnel under a staff augmentation arrangement, the additional terms set out in Schedule 3 apply to that engagement and are incorporated into the Agreement. In the event of any inconsistency between Schedule 3 and any other provision of these general terms and conditions, Schedule 3 prevails to the extent of the inconsistency.

27. Definitions and Interpretation

27.1 Definitions

Agreement has the meaning given in clause 1.2.

Background IP means a party’s intellectual property rights in any materials developed independently of, or prior to, the provision of the Services and Deliverables, and includes any third-party licensed intellectual property.

Business Day means a day that is not a Saturday, Sunday, public holiday, or bank holiday in the location where the Services are being provided.

Client means the person or entity that has requested the Services to be performed by SoteriaSec.

Client Data means the data owned or supplied by the Client which is accessed by SoteriaSec or its subcontractors in the course of performing the Services.

Client Materials has the meaning given in clause 3.2(a).

Confidential Information means any and all information, in any form or media, of a confidential nature that is made available directly or indirectly before, on, or after the date of an Agreement, including financial, client, employee, and supplier information, product specifications, policies and procedures, processes, statements, trade secrets, Client Data, and data not in the public domain. For the avoidance of doubt, Confidential Information includes research, analyses, names, business plans, valuations, databases, and management systems.

Deliverables means the materials, reports, and other deliverables to be provided by SoteriaSec as set out in the relevant Agreement.

Digital Forensic Services includes digital forensic investigation, digital forensic analysis, forensic reporting and opinions, threat hunting, cyber threat intelligence and risk assessment, and any other activities related to those, carried out for or on behalf of the Client under an Agreement.

Event of Force Majeure means any event or circumstance, or a combination of events or circumstances, beyond the reasonable control of an affected party (but does not excuse any obligation to make payment).

Insolvency Event means: bankruptcy proceedings commenced against a party; appointment of a receiver, receiver and manager, trustee in bankruptcy, liquidator, provisional liquidator, administrator, or judicial manager to the party or to any part of its assets or business; the party commencing negotiations with creditors with a view to rescheduling debts or entering into a compromise or arrangement with creditors; the passing of a resolution or making of an order for winding up or dissolution; the party ceasing or threatening to cease to carry on all or a substantial part of its business; the party being unable to pay its debts as they fall due; or anything having substantially similar effect occurring in any jurisdiction.

Laws means all laws including rules of common law, statutes, regulations, subordinate legislation, proclamations, ordinances, by-laws, rules, regulatory principles and requirements, mandatory codes of conduct, writs, orders, injunctions, judgments, and awards applicable in the jurisdiction in which SoteriaSec or its personnel perform their obligations under the Agreement.

Loss means any loss, cost, liability, or damage, including reasonable legal costs on a solicitor/client basis.

Personal Information has the meaning given to that term under the applicable Privacy Laws.

Personnel means, in relation to a party, its employees, related entities, secondees, officers, agents, advisers, and contractors.

Privacy Laws means all applicable privacy and data protection laws in force from time to time that regulate the collection, use, disclosure, storage of, and granting of access rights to Personal Information, including the Privacy Act 1988 (Cth) and the Personal Data Protection Act 2012 (Singapore) as applicable.

Security Breach means any unauthorised access to, acquisition of, use of, or interference with Client Data or Personal Information of the Client that is in the possession or control of SoteriaSec or its subcontractors.

Services means the services to be provided to the Client by SoteriaSec as set out in the relevant Agreement.

Systems includes networks, software, applications, computers, servers, mobile devices, cloud services, and any other IT systems or equipment.

Term has the meaning given in clause 6.

Third Party Material has the meaning given in clause 8.5.

27.2 Interpretation

In an Agreement, unless the context requires otherwise:

(a) clause and subclause headings are for reference purposes only;

(b) the singular includes the plural and vice versa;

(d) a reference to a person includes any other entity recognised by law and vice versa;

(e) where a word or phrase is defined, its other grammatical forms have a corresponding meaning;

(f) a reference to a party includes its successors and permitted assigns;

(g) a reference to any agreement or document includes that agreement or document as amended from time to time;

(h) the use of ‘includes’ or ‘including’ is not to be taken as limiting the meaning of the words preceding it;

(i) a reference to any legislation includes all delegated legislation made under it and amendments, consolidations, replacements, or re-enactments of any of them; and

(j) an agreement, representation, or warranty by two or more persons binds them jointly and severally.

Schedule 1: Digital Forensic Services — Additional Terms

1. Application of these Terms

1.1 The terms in this Schedule apply in addition to the General Terms and Conditions where Digital Forensic Services are provided by SoteriaSec to the Client. In the event of any inconsistency between this Schedule and any other provision of the General Terms and Conditions, this Schedule prevails to the extent of the inconsistency.

1.2 The Client warrants that it is aware of the nature of the Digital Forensic Services and that, should SoteriaSec form a reasonable belief or identify evidence of serious criminal conduct during an engagement, SoteriaSec may be required by law to notify law enforcement or a relevant regulatory authority. SoteriaSec will use reasonable endeavours to notify the Client before making any such report, except where doing so would be unlawful or would prejudice any investigation.

2. Acknowledgement and Liability

2.1 The Client acknowledges and agrees that:

(a) Digital Forensic Services will be performed by SoteriaSec personnel located in Australia, Singapore, India or the USA. Where necessary to provide the Client with timely access to specialist expertise, SoteriaSec may engage personnel located in other jurisdictions, provided that all such personnel are bound by SoteriaSec’s confidentiality and security requirements;

(b) to the extent necessary for the performance of the Digital Forensic Services, any Client Data that is retrieved and stored will be held within SoteriaSec’s Systems and accessed only by SoteriaSec personnel on a need-to-know basis; and

(c) the Client Materials warranty in clause 3.2 of the General Terms and Conditions applies in full to all devices, media, accounts, and data provided to SoteriaSec in connection with the Digital Forensic Services.

2.2 The Client acknowledges and agrees that the Digital Forensic Services:

(a) subject to clause 2.2(b), are intended for the Client only, and outputs may not be provided to any third party without SoteriaSec’s prior written consent;

(b) may, with SoteriaSec’s prior written consent, be shared with a third party on a need-to-know basis, on the condition that the recipient has agreed to keep the outputs strictly confidential and not to further disseminate them;

(c) are not intended to provide any specific result other than to identify factual findings, analysis of evidence, and responses to specific questions related to the provision of SoteriaSec’s expert opinion; and

(d) are not delivered against any particular standard or guideline unless otherwise agreed in writing.

2.3 In carrying out Digital Forensic Services, the Client agrees that SoteriaSec:

(a) is expressly authorised by the Client to perform the Services and all tasks and tests reasonably necessary to perform the Services, and the Client gives that authorisation in compliance with all relevant Laws, including applicable privacy laws;

(b) once engaged, is authorised to accrue reasonable costs to provide the Services. The Client accepts and will meet all such costs until conclusion of the engagement or until the Client instructs SoteriaSec in writing to suspend or terminate the Services;

(c) as agent of the Client, is considered to be party to any private communication intercepted on the Client’s Systems in the course of performing the Services; and

(d) may leverage cyber threat intelligence gained through previous engagements with other clients. Any external use of such intelligence will not include information that may identify the Client organisation, its networks, Systems, sensitive information, staff, customers, or related parties, or include any Client confidential information.

2.4 The liability limitations, indemnity provisions, and dollar caps set out in clauses 13 and 14 of the General Terms and Conditions apply to Digital Forensic Services.

Schedule 2: Expert Witness Services — Additional Terms

1. Application of these Terms

1.1 The terms in this Schedule apply in addition to the General Terms and Conditions where SoteriaSec is engaged to provide expert witness services. In the event of any inconsistency between this Schedule and any other provision of the General Terms and Conditions, this Schedule prevails to the extent of the inconsistency.

2. Compensation and Costs

2.1 If SoteriaSec or any of its personnel are requested or required to appear as a witness, attend court, arbitration, mediation, or any other proceeding in connection with or arising from the engagement, the Client agrees to:

(a) compensate SoteriaSec for all associated time at SoteriaSec’s standard rates in effect at the time; and

(b) reimburse SoteriaSec for all documented out-of-pocket expenses incurred in connection with such appearances or preparations, including the fees and disbursements of legal counsel of SoteriaSec’s choosing.

2.2 SoteriaSec will also be compensated and reimbursed for any time and expense, including the fees and expenses of legal counsel, incurred in considering or responding to discovery requests, subpoenas, or other formal information requests in connection with any proceeding related to the Services.

2.3 Once engaged for expert witness services, SoteriaSec is authorised to accrue reasonable costs to provide the Services. The Client accepts and will meet all such costs until conclusion of the engagement or until the Client instructs in writing that the Services be suspended or terminated.

3. Paramount Duty to the Court

3.1 Where SoteriaSec is engaged to provide expert witness services, whether as an independent expert, a consulting expert, or in any other expert capacity, SoteriaSec’s paramount duty is to the court, tribunal, arbitral panel, or other forum before which the matter is conducted, and not to the Client or any other party. The Client acknowledges and agrees that:

(a) this paramount duty takes precedence over any instruction, direction, or request from the Client that is inconsistent with SoteriaSec’s duty to the forum;

(b) SoteriaSec will comply with all applicable rules, codes of conduct, and procedural requirements governing expert witnesses in the relevant jurisdiction;

(c) SoteriaSec’s expert opinion will be based solely on SoteriaSec’s honest and independent professional assessment of the evidence and matters within its expertise, and will not be influenced by the Client’s desired outcome or the exigencies of the litigation; and

(d) the Client will not be entitled to require SoteriaSec to alter, omit, or qualify any finding or opinion in SoteriaSec’s expert report or testimony for any reason other than factual correction or the provision of additional information that materially affects the analysis.

Nothing in this clause limits SoteriaSec’s right to be instructed and compensated in accordance with Schedule 2, clauses 2.1 to 2.3.

Schedule 3: Staff Augmentation — Additional Terms

1. Application of these Terms

1.1 The terms in this Schedule apply in addition to the General Terms and Conditions where SoteriaSec provides personnel under a staff augmentation arrangement. In the event of any inconsistency between this Schedule and any other provision of the General Terms and Conditions, this Schedule prevails to the extent of the inconsistency.

1.2 SoteriaSec remains responsible for its employment obligations in respect of its personnel, including remuneration, applicable payroll tax and PAYG withholding obligations in Australia, Central Provident Fund contributions in Singapore, and superannuation contributions as required by the applicable jurisdiction.

2. Client Requests for Staff Augmentation

2.1 When the Client makes a request for SoteriaSec personnel to provide staff augmentation services, the Client must provide SoteriaSec with:

(a) the date on which the Client requires the personnel to commence work and the duration, or likely duration, of the services;

(b) the position the Client is seeking to fill, including the type of work the personnel in that position are required to perform, the location at which, and the hours during which, the personnel would be required to work;

(c) a description of the work environment (if on the Client’s premises), including a statement detailing any known health and safety risks, the steps the Client has taken to prevent or control such risks, and any reasonable precautions the SoteriaSec personnel must take prior to commencing work;

(d) the experience, training, qualifications, and any authorisations that the Client considers necessary, or that are required by Law or by any professional body, for the personnel to possess in order to work in the position; and

(e) any expenses payable by or to the personnel.

3. Acknowledgement and Liability

3.1 The Client acknowledges and agrees that:

(a) SoteriaSec personnel providing staff augmentation services will work under the direction and control of the Client, whether at the Client’s premises or remotely. The Client is solely responsible for all work output, decisions, directions, omissions, and project outcomes arising from that direction and control;

(b) SoteriaSec warrants that its personnel have the knowledge, skill, and experience to perform the agreed role or tasks; and

(c) the only deliverable from staff augmentation services is the provision of SoteriaSec personnel to perform the agreed tasks or role.

3.2 All outputs, including any intellectual property rights in those outputs, from staff augmentation services will be owned by the Client upon full payment of the relevant invoices.

3.3 During the term of any staff augmentation services, the Client must not induce, solicit, or otherwise make an offer of employment to any SoteriaSec personnel. This obligation is in addition to, and does not limit, the non-solicitation obligations in clause 18 of the General Terms and Conditions.

3.4 SoteriaSec is responsible for the remuneration of its personnel, including salary, superannuation, Central Provident Fund contributions, or associated taxes, as applicable.

3.5 SoteriaSec personnel are not required to undertake any activities for the Client that are outside the scope of works set out in the Agreement, or any activity that would be unlawful or place the individual in an unsafe situation.

3.6 The Client represents and warrants that:

(a) SoteriaSec personnel will not be given any financial delegation or authority to bind the Client, except where expressly stated otherwise in an Agreement; and

(b) the Client will not ask, nor place, any SoteriaSec personnel in a position where they would be in breach of, or in conflict with, their obligations or duties to SoteriaSec as their employer.

4. Virtual CISO Engagements

4.1 This clause applies where the Client has requested SoteriaSec to provide one or more of its personnel in a Chief Information Security Officer or similar senior advisory role (vCISO).

4.2 The Client must not:

(a) require or request the SoteriaSec personnel acting in a vCISO role to participate in any board meetings or board-level decision making of the Client; or

(b) hold the SoteriaSec personnel out as being an officer of the Client to any other person, and must not appoint them as an officer in any corporate documentation or registers.

For the purposes of this clause, ‘officer’ has the meaning given to it in the Corporations Act 2001 (Cth) where the engagement is performed in Australia, or the Companies Act 1967 (Singapore) where the engagement is performed in Singapore.

4.3 Where the Client has engaged SoteriaSec to provide a vCISO role, the Client agrees and acknowledges that SoteriaSec will not be prevented from obtaining subsequent work with the Client by virtue of the SoteriaSec personnel having acted in the vCISO role. Each party agrees to maintain appropriate information barriers to identify and resolve any perceived or actual conflicts of interest.

4.4 In the event that a SoteriaSec personnel member performing a vCISO role is deemed to be an officer of the Client, the Client indemnifies and holds harmless SoteriaSec and that personnel member from any loss, damage, action, or claim that may arise asserting that the personnel member has breached a duty or obligation as an officer of the Client under applicable corporations or companies legislation.