End User License Agreement for the 27k1 ROC Management System
Terms and Conditions of Use
Last updated 18 January 2024
This end user license agreement (EULA) is by and between 27k1 Ltd and the “customer”, herein referred to as “you”, “your” or “customer”. By accepting the terms of this EULA and/or using the 27k1 RMS (defined below), the person doing so thereby expressly (a) represents and warrants to 27k1 Ltd that such person has read and understands the terms of this EULA and is duly authorized by customer to execute and enter into this EULA for and on behalf of customer and (b) agrees to the terms of this EULA on behalf of customer.
For good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, 27k1 Ltd and Customer hereby agree as follows:
The “27k1 RMS” is a software product that has been developed by 27k1 Ltd solely for companies approved by the PCI Security Standards Council (PCI SSC) as Qualified Security Assessor companies (QSAs). The 27k1 RMS is intended by 27k1 Ltd to be used by QSAs to complete the PCI SSC Report On Compliance template (the ROC) for their clients.
The 27k1 RMS enables our QSA company clients to complete QSA company client assessments using the software, which will generate a version of the ROC that is automatically populated with QSA-entered inputs into the software.
27k1 RMS - User Requirements
The 27k1 RMS is developed by 27k1 Ltd in the UK. The product reflects 27k1 Ltd’s interpretation of PCI SSC’s Payment Card Industry (PCI) Data Security Standard v4.0 and is intended for use in connection with documenting PCI DSS compliance. The 27k1 RMS should not be relied upon as legal advice or to determine how the PCI DSS might be applied to clients of QSAs.
Purchasing the 27k1 RMS
As a 27k1 Ltd customer, you are entitled to the following (the Services), subject to the terms of this EULA:
- To generate via the 27k1 RMS the number of ROC Credits that you have purchased within the 27k1 RMS, for purposes of enabling you or your client to present such ROC assessments to appropriate third parties in connection with establishing PCI DSS compliance in connection with your QSA company assessments.
- To purchase additional ROC Credits to complete QSA company assessments from the 27k1 RMS.
- Standard 27k1 product support.
- Access to such additional Services, such as system upgrades and new product features as 27k1 Ltd generally provides to its other 27k1 RMS customers.
27k1 RMS – Payment Process
- To procure the 27k1 RMS, you must be a PCI SSC approved QSA company and agree to this EULA which will be sent in the e-mail attached to your invoice.
- The 27k1 RMS license key is activated upon receipt of payment, that includes the volume of ROC Credits purchased.
- A Minimum Order Quantity of 5 ROC Credits may be purchased. On receipt of payment, 27k1 Ltd will send a Product License Key and Installation Instructions, enabling the QSA company to install the 27k1 RMS on its’ IT systems.
- To purchase additional ROC Credits simply repeat Points 1 – 3, which will result in additional ROC Credits being added to the license.
Through purchase of the 27k1 RMS, you agree to be bound by the Terms and Conditions of this End User License Agreement.
3rd Party Content
To the extent the 27k1 RMS integrates any third-party materials or content (collectively, 3rd Party Content), such 3rd Party Content is the property of the respective third-party licensors (each a “Licensor”).
You and your users are required to maintain the structural integrity and content of the ROC, except that you may populate the required fields of the ROC with applicable responses in accordance with the PCI DSS, as facilitated by the 27k1 RMS.
- Your Agreement with 27k1 Ltd.
1.1 If you reside within the United Kingdom or outside its borders, your relationship is with 27k1 Ltd and the Terms are governed by the laws of England.
You may have additional rights under the law. We do not seek to limit those rights where it is prohibited to do so by law.
1.2 27k1 Ltd Services and Software are licensed, not sold, to you.
Use of Services and Software
3.1 License. Subject to your compliance with the Terms and the law, you may access and use the Services and Software.
3.2 27k1 Ltd Intellectual Property. Excepting 3rd Party Content and its use, as described above, we remain the sole owner of all right, title and interest in the Services or Software. Except as stated in the Terms, we do not grant you any rights to patents, copyrights, trade secrets, trademarks or any other rights in respect to the items in the Services or Software or any 3rd Party Content. We reserve all rights not granted under the Terms.
3.3 Sample Files. “Sample Files” means 27k1 Ltd provide files such as content images, clip art, stock images or sounds for use in tutorials, demonstrations and for other trial purposes, which may be identified as sample files. Sample Files may for example, be viewed in 27k1 Ltd Training Software. Sample Files cannot be used for any other purpose than for which they were provided. You cannot distribute Sample Files on a stand-alone basis (i.e., in circumstances in which the Sample Files constitute the primary value of the product being distributed) and you cannot claim any rights in the Sample Files.
3.4 Content Files. "Content Files" means 27k1 Ltd assets provided as part of the Services and Software. Unless documentation or specific licenses state otherwise, we grant you a personal, non-exclusive, non-sublicensable and non-transferable license to use the Content Files to create your end use (i.e., the derivative application or product authored by you) into which the Content Files or derivations thereof, are embedded for your use ("End Use"). You may modify the Content Files prior to embedding them in the End Use. You may reproduce and distribute Content Files only in connection with your End Use, however, under no circumstances can you distribute the Content Files on a stand-alone basis, outside of the End Use.
3.5 License Types.
(a) 27k1 RMS. You may install and use the 27k1 RMS only while you are a QSA, and then solely for purposes of completing ROCs as part of your PCI DSS compliance assessment services as a QSA company.
(b) Pre-release Versions. We may designate the Services or Software or a feature of the Services or Software, as a pre-release or beta version (“Pre-release Version”). A Pre-release Version does not represent the final product and may contain bugs that may cause system or other failure and data loss. We may choose not to commercially release the Pre-release Version. You must promptly cease using the Pre-release Version and destroy all copies of Pre-release Version if we request you to do so or if we release a commercial version of the Pre-release Version. Any separate agreement we enter into with you governing the Pre-release Version will supersede these provisions.
4.1 Content. "Content" means any material, such as information security data, audio files, video files, electronic documents or images, that you upload and import into the Services or Software in connection with your use of the Services.
4.2 Ownership. You retain all rights and ownership of your content. We do not store or claim any ownership rights to your content, hence data ownership and recovery is entirely within your control. You can extract all your data at any time, including at termination of the contract and retain it in electronic format.
4.3 Sharing Your Content.
Some Services and Software may provide features that allow you to Share your Content with other users or to make it public. 27k1 does not provide any facilities for sharing content.
4.4 Feedback. You have no obligation to provide us with ideas, suggestions, proposals or enhancements to the application (“Feedback”). If you submit Feedback to us however, then you grant us a non-exclusive, worldwide, royalty-free, sublicensable and transferable license to make, use, sell, have made, offer to sell, import, reproduce, publicly display, distribute, modify and publicly perform the Feedback.
5 Account Responsibility
You are responsible for all activity that occurs from your use of the Software or Services. Please notify 27k1 Ltd immediately using our Contact Us web site page if you become aware of any unauthorised use of your account, the Software, or the Services.
5.1 Responsible Use. The 27k1 Ltd community consists of users who expect a certain degree of courtesy and professionalism. You must use the Services and Software responsibly.
5.2 Misuse. You must not misuse the Services or Software. For example, you must not, and you hereby expressly agree that you will not:
(a) copy, modify, host, stream, sublicence or resell the Services or Software, or any 3rd Party Content therein, unless expressly permitted to do so by agreement with 27k1 Ltd or the applicable owner of such 3rd Party Content;
(b) access or attempt to access the Services or Software, or any 3rd Party Content therein, by any means other than the interfaces that we provide or authorize;
(c) circumvent any access or use restrictions put into place to prevent certain uses of the Services, Software or any 3rd Party Content;
(d) share Content or engage in behaviour that violates anyone’s intellectual property rights (“Intellectual Property Rights” means copyright, moral rights, trademark, trade dress, patent, trade secret, unfair competition, right of privacy, right of publicity and any other proprietary rights);
(e) upload or share any Content that is unlawful, harmful, threatening, abusive, tortious, defamatory, libelous, vulgar, lewd, profane, invasive of another’s privacy or hateful;
(f) impersonate any person or entity or falsely state or otherwise misrepresent your affiliation with a person or entity;
(g) attempt to disable, impair, alter or destroy the Services, Software, or any 3rd Party Content;
(h) upload, transmit, store or make available any Content or code that contains any viruses, malicious code, malware or any components designed to harm or limit the functionality of the Services or Software;
(i) disrupt, interfere with or inhibit any other user from using the Services or Software (such as stalking, intimidating or harassing others, inciting others to commit violence or harming minors in any way);
(j) engage in chain letters, junk mails, pyramid schemes, phishing, spamming or other unsolicited messages;
(k) place an advertisement of any products or services in the Services except with our prior written approval;
(l) use any data mining or similar data gathering and extraction methods in connection with the Services or Software, unless expressly permitted by 27k1 Ltd; or
(m) violate applicable law in connection with your use of the Services, Software or any 3rd Party Content.
- Pricing and Payment
6.1 Pricing. 27k1 Ltd reserves the right to increase the fees associated with the ROC Credits to accommodate new features or upgrades.
6.2. Taxes and Third-Party Fees. You must pay any applicable foreign exchange fees and foreign transaction fees. 27k1 Ltd are not responsible for these fees.
- Your Warranty and Indemnification Obligations
7.1 Warranty. By uploading your Content to the Services or Software, you agree that you have all necessary licenses, qualifications and permissions to use and share your content.
7.2 Indemnification. You will indemnify us and our subsidiaries, affiliates, officers, agents, employees, partners and licensors from any claim, demand, loss or damage, including reasonable lawyers’ fees, arising out of your use of the Services or Software or your violation of the Terms.
- Disclaimers of Warranties
8.1 Unless stated the Services and Software are provided “AS-IS.” To the maximum extent permitted by law, we disclaim all warranties, express or implied, including the implied warranties of non-infringement, merchantability and fitness for a particular purpose. We make no commitments about the content within the Services and Software. We further disclaim any warranty that (a) the Services or Software will meet your requirements or will be constantly available, uninterrupted, timely, secure or error-free; (b) the results obtained from the use of the Services or Software will be effective, accurate or reliable; (c) the quality of the Services or Software will meet your expectations
8.2 Subject to 27k1 Ltd being made aware of faults or defects to the software through receipt of a support request sent to 27k1 Ltd, all errors or defects, major or minor will be corrected.
8.3 We specifically disclaim all liability for any actions resulting from your misuse of any Services or Software. You may use and access the Services or Software at your own discretion and risk and you are solely responsible for any damage to your computer systems or loss of data that results from the use of and access to any Service or Software installed and deployed on your systems or those of any 3rd party.
- Limitation of Liability
9.1 Unless stated, neither 27k1 Ltd, its Licensors, nor their respective associates or advisors are or shall be liable to you or anyone else for any loss of use, loss of data, goodwill or profits, whatsoever, or for any special, incidental, indirect, consequential or punitive damages whatsoever, regardless of cause (even if we or they have been advised of the possibility of the loss or damages), including losses and damages (a) resulting from loss of use, data or profits, whether or not foreseeable; (b) based on any theory of liability, including breach of contract or warranty, negligence or other tortious action; or (c) arising from any other claim arising out of or in connection with your use of or access to the Services or Software.
9.2 The total liability of 27k1 Ltd and its Licensors in any matter arising out of or related to the Terms or the use of the Software is limited to the amount that you paid to 27k1 Ltd for your most recent purchase of ROC Credits in connection with access to the Services and Software. This limitation will apply regardless of the form or source of claim or loss, whether the claim or loss was foreseeable and whether a party has been advised of the possibility of the claim or loss.
9.3 The limitations and exclusions in this Section 9 apply to the maximum extent permitted by law.
10.1 Termination by You. You may stop using the Services and Software at any time.
Termination of your account does not relieve you of any obligation to pay any outstanding fees.
10.2 Termination by Us. If we terminate your use of the Service(s) for reasons other than for cause, we will make reasonable efforts to notify you at least 30 days prior to termination via the email address you provide to us. Unless stated, we may, at any time, terminate your right to use and access the Services or Software if:
(a) you breach any provision of the Terms (or act in a manner that clearly shows you do not intend to or are unable to, comply with the Terms);
(b) you fail to make the timely payment of fees for the Services or Software;
(c) you materially breach any provision of the Terms and (i) the breach cannot be corrected; or (ii) we notify you of the breach and you fail to correct it within 14 days of the notice;
(d) you physically, verbally or through other means abuse, threaten, bully or harass us or our personnel (in such circumstances, we may alternatively suspend or restrict your access to the Services or Software);
(e) you have repeatedly made complaints in bad faith or without a reasonable basis and continue to do so after we have asked you to stop (in such circumstances, we may alternatively suspend or restrict your access to the Services or Software);
(f) we are required to do so by law (for example, where the provision of the Services or Software to you is or becomes, unlawful);
(g) we elect to discontinue the Services or Software, in whole or in part (such as if it becomes impractical for us to continue offering Services in your region due to change of law)
10.3 Survival. Upon the expiration or termination of the Terms, some or all of the Services and Software may cease to operate without prior notice.
11.1 Disclosure. Subject to justification, we may access or disclose information about you or your use of the Services or Software: (a) when it is required by law (such as when we receive a search warrant); (b) to respond to your requests for customer service support; or (c) when we, in our discretion, think it is necessary to protect the rights, property or personal safety of us, our users or the public.
- Trade Control Laws
12.1 The Services or Software and your use of the Services and Software, are subject to UK and International laws, restrictions and regulations that may govern the import, export and use of the Services and Software. You agree to comply with all the laws, restrictions and regulations.
12.2 27k1 Ltd reserves the right to place your company logo or other brand identification on the 27k1 website. 27k1 will with your permission also place a customer reference or testimonial on the 27k1 website and other media. 27k1 Ltd will remove your logo and any testimonials and references on request within 30 days of notification or termination of the software license.
- Dispute Resolution
13.1 Process. We will make every effort to resolve and settle any dispute between our companies before the commencement of any formal, legal process.
- Updates and Availability
14.1. Updates to the General Terms and Additional Terms. We may modify these General Terms, any Additional Terms or Subscription and Cancellation terms, for example, to reflect changes to the law or changes to our Services or Software. You should look at the Terms regularly. We will post notice of modifications to these General Terms and Additional Terms on our 27k1.com web site. By continuing to use or access the Services or Software after the revisions are in effect, you agree to be bound by the revised Terms.
14.2. Updates to the Services and Software. We may modify, update or discontinue the Services or Software (including any portions or features) at any time, without liability to you or anyone else. However, for changes to paid offerings, we will make reasonable efforts to notify you of the modification, update or discontinuation. If we discontinue the Services or Software in its entirety, we will offer you a free of charge perpetual license, however this cannot be supported by 27k1 Ltd.
14.3. Availability. Web pages describing the Services are accessible worldwide, but this does not mean all Services or service features are available in your country or that user-generated content available via the Services is legal or available in your country. Access to certain Services (or certain Service features, Sample Files or Content Files) in certain countries may be blocked by us or foreign governments. It is your responsibility to make sure your use of the Services is legal or available where you use them. Services are not available in all languages.
- No Modifications, Reverse Engineering and 27k1 RMS usage
Except as expressly permitted in the Terms, you may not (a) modify, port, adapt or translate any portion of the Services or Software or 3rd Party Content; or (b) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code or any portion of Software. If the laws of your jurisdiction give you the right to decompile the Software to obtain information necessary to render the licensed portions of the Services or Software interoperable with other software, you must first request such information from us. We may, in our discretion, either provide such information to you or impose reasonable conditions, including a reasonable fee, on your decompilation of the Services or Software to ensure that 27k1 Ltd, PCI SSC, any additional 3rd parties’ and suppliers’ proprietary rights in the Services and Software and 3rd Party Content are protected.
Subject to the paragraph immediately below, you expressly agree that you will not sell, offer for sale, market, license, lease, rent, sublicense, publish, distribute, modify or create derivative works of any of the 3rd Party Content for any purpose.
You expressly agree not to copy, reproduce, disclose to any third party, or otherwise use any Integrated Form other than in accordance with this End User License Agreement and then only to the extent necessary for purposes of your (a) internal review and completion of such Integrated Form (or drafts thereof) within the Integrated Product in accordance with the instructions for the corresponding documents available from PCI SSC, and (b) delivery and submission of a completed version of such Integrated Form (or drafts thereof), as generated by the Integrated Product, to appropriate third parties for purposes of documenting, demonstrating or establishing compliance with applicable PCI SSC standards in accordance with such standards and applicable industry requirements.
Each Licensor is and shall be an express third-party beneficiary of this EULA for purposes of enforcing its rights in any of its 3rd Party Content accessible to you through or using the Software or Services and shall have available to it all rights, whether at law or in equity, to enforce the provisions hereof on its own behalf and in its own right directly against you.
16.1 English Version. The English version of the Terms will be the version used when interpreting or construing the Terms.
16.2 Notices to 27k1 Ltd. You may send notices to us at the following address:
27k1 Ltd, 22 Market Place, Kendal, Cumbria, LA9 4TN, UK.
16.3 References and Testimonial. 27k1 Ltd reserves the right to place your company logo or other brand identification on the 27k1 website. 27k1 will with your permission also place a customer reference or testimonial on the 27k1 website and other media. 27k1 Ltd will remove your logo and any testimonials and references on request within 30 days of notification or termination of the software license.
16.4 Notices to You. We may notify you by email, postal mail, postings within the Services or other legally accepted means.
16.5 Non-Assignment. You may not assign or otherwise transfer the Terms or your rights and obligations under the Terms, in whole or in part, without our written consent and any such attempt will be void. We may transfer our rights under the Terms to a third party.
16.6 Headings. Headings used in these General Terms or Additional Terms are provided for convenience only and will not be used to construe meaning or intent.
16.7 Severability. If any provision of these General Terms or any Additional Terms is held invalid or unenforceable for any reason, the General Terms and any Additional Terms will continue in full force and effect.
16.8 No Waiver. Our failure to enforce or exercise any provision of the Terms is not a waiver of that provision.