ADDITIONAL SUPPORT ADDENDUM TO SUBSCRIPTION SERVICES AGREEMENT
In addition to any other terms and conditions applicable to Customer’s purchase of Invicti services, these terms (“Addendum”) shall apply if Customer purchases Additional Support (as defined below) from Invicti, as identified on an applicable Order Form. This Addendum shall be incorporated as part of the Subscription Services Agreement (“SSA”) between Customer and Invicti, provided that if there is a conflict between this Addendum and the terms of the SSA, this Addendum shall prevail. Capitalized terms used herein but not otherwise defined shall have the meaning ascribed to them in the SSA.
1. ADDITIONAL DEFINED TERMS.
“Additional Support” means any or all of Premium Support, Guided Success, Advanced Guided Success and/or Professional Services, more fully described below, as may be provided by Invicti to Customer in connection with an Order Form signed by the parties.
“Additional Support Term” means the period, more fully described in section 5, during which Additional Support will be made available to Customer.
2. ACTIVE SUBSCRIPTION; APPLICABILITY. When Customer purchases a Subscription that includes Additional Support, all active Subscriptions under Customer’s account shall be covered by Additional Support and Customer shall be invoiced accordingly. Targets purchased at a later date will be automatically enrolled in Additional Support at a pro-rated rate. Invicti does not offer partial license coverage under Additional Support. As of the Effective Date of the applicable Order Form pursuant to which Additional Support is purchased, Customer represents and warrants that all Targets which Customer purchases and uses Additional Support have an active Subscription.
3. ADDITIONAL SUPPORT. Upon receipt, processing, and invoicing of an Order Form that includes any or all of the below, and subject to the terms of this Addendum and the SSA, Invicti will provide Customer with the relevant Additional Support during the Additional Support Term:
3.1. Premium Support. Premium Support shall include: (i) assistance with the adoption of the Invicti Solution, and training thereon, including the provision of basic configuration examples and a training session covering essential dynamic application security best practices; (ii) bug fixes to bring the Invicti Solution into substantial conformance with its then-current Documentation; (iii) maintenance services, including maintenance releases, enhancements, new versions, additions, and modifications to the Invicti Solution, that it provides to all other customers under Support for no additional fee. Following a support request, an Invicti support representative will work with the Customer’s designated technical support team to assist in the resolution of identified and reproducible issues; (iv) a quarterly business review, set on a date that is mutually agreed in writing by Customer and Invicti, to address any operational issues and/our outstanding support tickets and discuss strategies to ensure alignment with the Customer’s business objectives; (v) based on the assigned designation at time of request, and using commercially reasonable efforts, Invicti shall implement in favour of Customer the following target initial response times:
| Designation | Definition | Target Initial Response Time |
| Severity 1: Urgent | The Invicti Solution is non-functional and/or has an unrecoverable service failure. Critical business impact. | 1 hour or less from Customer’s case creation. 24×7 priority routing. |
| Severity 2: High | The Invicti Solution is functional but with consistent issues or one product area is nonfunctional. Functionality is severely degraded. Some business impact. | 2 hours or less from Customer’s case creation during the following hours: 24×7 priority routing. |
| Severity 3: Medium | The Invicti Solution is functional with minor or intermittent issues. Occasional functionality degradation. Minimal business impact. | 4 hours or less from Customer’s case creation during the following hours 24×7 priority routing. |
| Severity 4: Low | The Invicti Solution is functional with no apparent issues. No business impact. | 6 hours or less from Customer’s case creation during the following hours: 24×7 priority routing. |
3.2. Guided Success. Guided Success shall include the following services:
3.2.1. Advisory Services
(i) initial deployment and implementation guidance, including: asset discovery, web application import, website grouping, scan configuration and optimization, reporting, internal scan engine setup, and discovery service configuration;
(ii) guidance and support for third-party tools that integrate with the Invicti Solution. Such third-party tools can be found here and may be updated by Invicti from time to time; and
(iii) assistance with producing custom internal documentation (for example, how-to guides and articles) from Customer’s selected topics with regard to solutions architecture.
3.2.2. Best Practices
(i) at least one (1) advanced dynamic application security testing (DAST) best practices enablement session (Adoption or Team Training Sessions) delivered live and recorded for future use;
(ii) standard integration & API support, which may include: configuration assistance for supported continuous integration and continuous deployment (CI/CD) and issue tracking systems, setup for single sign-on and password vault, and assistance with API automation;
(iii) a quarterly health check in which Invicti will review Customer’s Invicti Solution environment. This may include Invicti Solution configuration best practices, a high-level overview of Customer’s implementation, and information related to improving Invicti Solution performance, based on the Documentation; and
(iv) ongoing expert assistance from a named application security manager, including bi-weekly technical check-in calls.
3.2.3. Project Management Services
(i) guidance in establishing a project plan and developing milestones; and
(ii) ongoing, quarterly project planning support.
3.2.4. Configuration Assistance
(i) assistance configuring 10% of licensed Targets.
3.3. Advanced Guided Success. Advanced Guided Success shall include the services provided under the Guided Success Advisory Services in Section 3.2.1., Best Practices in Section 3.2.2., and Project Management Services in Section 3.2.3. above, in addition to the following services:
3.3.1 Best Practices
(i) manual vulnerability analysis to confirm false positives and false negatives; and
(ii) training related to and assistance in the development of custom security checks, pre-request scripts, and REST API-related scripts and tools.
3.3.2 Configuration Assistance
(i) assistance configuring 50% of licensed Targets.
3.4. Professional Services. Customers may purchase Advanced Guided Success on an hourly basis as Professional Services.
3.4.1. Professional Services – Limitations. Professional Services hours shall (i) be purchased in ten (10) hour allotments, and (ii) not roll over to the succeeding Subscription Term and/or Additional Support Term.
3.5. Additional Support Contact. Customer may obtain Additional Support from Invicti by logging a support request in the Invicti support portal (presently found at the following URL: http://support.invicti.com) or sending a support request to the following email address: support@invicti.com or support@acunetix.com.
3.6. US BASED TIER 1 ADDITIONAL SUPPORT OPTION. Upon mutual agreement of Invicti and Customer in an applicable Order Form under which Customer has purchased Additional Support, and subject to an additional fee, Invicti will provide Customer with Tier 1 Additional Support from United States based support personnel (“US Tier 1 Support”). Notwithstanding anything to the contrary, US Tier 1 Support is only provided Monday through Friday, 8am to 5pm EST/EDT, excluding US Federal public holidays. US Tier 1 Support customers may obtain support pursuant to this section by sending a support request to the following address: https://ussupport.invicti.com/.
3.6.1. Federal Government Only. US Tier 1 Support is only available to Invicti’s United States Federal government customers. Invicti reserves the right to unilaterally amend this policy in its sole and exclusive discretion.
3.6.2. US Tier 1 Support – Escalations. Support escalations above US Tier 1 Support are handled by Invicti’s global support team. Prior to escalation of a support request to the global support team, Invicti will ask Customer’s permission and confirmation of the informational content and data it intends to share. CUSTOMER IS SOLELY RESPONSIBLE FOR CONFIRMING OR DENYING THE SUPPORT ESCALATION IN WRITING AND CONFIRMING SUITABILITY OF THE INFORMATIONAL CONTENT AND DATA OF THE SUPPORT ESCALATION IN WRITING. Following Customer’s confirmation and upon support escalation, Invicti will obfuscate the Customer account name associated with the support request such that Invicti’s global support personnel will have no knowledge of the support request’s origin unless shared directly by Customer. In the event a support request is approved by Customer for escalation, Customer’s support request will no longer be limited to United States based support personnel.
3.6.3. US Tier 1 Support – After Hours. Subject to the following disclaimers, Customer is permitted to make support requests outside of the US Tier 1 Support hours, set out above. After-hours support requests may be made to the email address provided in section 3.5, above. AFTER-HOURS SUPPORT IS PROVIDED BY INVICTI’S GLOBAL SUPPORT TEAM OPERATING OUTSIDE OF THE UNITED STATES.
4. CUSTOMER RESPONSIBILITIES. Customer will comply with the following requirements to facilitate Invicti’s successful provision of Additional Support:
4.1. Customer Contact. Customer shall identify a primary point of contact with whom Invicti can interface. Customer’s primary point of contact will: (i) have all requisite authority to act on Customer’s behalf in resolving questions arising out of or in relation to Invicti’s provision of Additional Support; (ii) ensure that any information communicated by Invicti is conveyed to Customer’s resources with appropriate technical skill and knowledge to effectuate the updates, modifications, workarounds, or changes suggested by Invicti; and (iii) coordinate personnel schedules and resource allocation for Customer and ensure those resources participate in meetings, as necessary.
4.2. Information Requirements. Customer shall provide Invicti timely responses and access to accurate and complete information relative to Additional Support requests, as reasonably requested, and such responses and information will be communicated to appropriate Invicti personnel through the support portal or email address provided herein, or as otherwise mutually agreed by Customer and Invicti.
4.3. Responsibility for Data and Applications. Customer is responsible for its own data and applications, and the support of its end-users, stakeholders, and other third parties.
4.4. Feedback. Customer will provide prompt agreement, approval, acceptance, consent, feedback, assistance, or similar action, as requested by Invicti, to facilitate all aspects of Additional Support delivery, and such action will not be unreasonably delayed or withheld.
5. TERM & TERMINATION. The Additional Support Term begins on the earlier of (i) the day Invicti invoices Customer for Additional Support or (ii) the day Invicti notifies Customer in writing (electronic communication acceptable) that Customer’s order for Additional Support has been processed. The Additional Support Term shall be coterminous with the Subscription Term of the Invicti Solution for which Additional Support has been purchased. The SSA shall govern Customer’s and Invicti’s rights and obligations with respect to suspension or termination of Additional Support.
6. GENERAL EXCLUSIONS & LIMITATIONS.
6.1. Invicti has no obligation to provide Additional Support: (i) outside the scope of the SSA, Order Form, and this Addendum, or (ii) for issues arising out of or in connection with the unauthorized use of the Invicti Solution, (iii) if Customer fails to pay all applicable fees when due; (iv) for issues arising out of or in connection with unauthorized third-party products and services or issues arising exclusively from authorized third-party products and services; and (v) for modifications or changes to the Invicti Solution not performed, directed, or authorized by Invicti.
6.2. Customer acknowledges that Additional Support does not include: (i) developing custom scripts, templates, or queries; (ii) analyzing or troubleshooting performance issues resulting from or related to third party products; and/or (iii) performing installations, migrations, or upgrades in any Customer environment.
6.3. Invicti does not perform on-site support; Additional Support is remote only.
6.4. Customer acknowledges that Invicti is not authorized to make decisions on Customer’s behalf and that the Support does not contemplate that Invicti will be empowered to make any decisions on Customer’s behalf.
6.5. INVICTI SHALL HAVE NO OBLIGATION TO INDEPENDENTLY VERIFY THE ACCURACY OR COMPLETENESS OF THE INFORMATION PROVIDED BY CUSTOMER OR ITS AGENTS THROUGHOUT THE ADDITIONAL SUPPORT TERM. CUSTOMER IS SOLELY RESPONSIBLE FOR THE INFORMATIONAL CONTENT AND DATA PROVIDED TO INVICTI AND/OR CONFIRMED BY CUSTOMER FOR SUPPORT ESCALATIONS, AFTER-HOURS SUPPORT REQUESTS, OR THROUGHOUT THE ADDITIONAL SUPPORT TERM GENERALLY. THE INFORMATION AND GUIDANCE PROVIDED BY INVICTI TO CUSTOMER ARE FOR INFORMATIONAL PURPOSES ONLY.
Last updated 11 February 2025