The Agreement consists of the following documents:
Additional terms may apply where the Scope of Services includes non-standard Services (such as development services). Where the Scope of Services identifies that additional terms apply, those additional terms apply in addition to these Terms & Conditions.
This Master Services Agreement begins on the Commencement Date and continues until the earlier of:
Fortify may review and amend the terms of the Agreement on each anniversary of the Commencement Date. Fortify will notify CLIENT of any amendments to apply to the Agreement following such review, and such amendments will take effect 30 days from the notice date. If the amendments will have a material adverse effect on CLIENT, and CLIENT does not accept the amendments CLIENT may terminate the Agreement without penalty by providing Fortify with written notice prior to the date the amendments will take effect. Unless CLIENT terminates the Agreement in accordance with this clause 2.1(b), the Agreement will continue in force as amended.
Each Scope of Services commences on its Effective Date and continues:
(unless terminated earlier in accordance with this Agreement (Scope of Services Term)).
This clause 2.3 applies to a Scope of Services to which clause 2.2(a) applies.
Either party may terminate the Scope of Services by giving at least 30 days’ written notice to the other party before the expiry of the Initial Term or a Renewal Term (as applicable), in which case the termination is effective immediately upon the expiry of that period.
Prior to the expiry of the Initial Term or a Renewal Term (as applicable), Fortify will review the terms applicable to the Scope of Services and give CLIENT written notice at least 45 days before the expiry of that period of any changes to apply to the subsequent Renewal Term.
Unless notice is given under clause 2.3(b), the Scope of Services shall automatically renew for the Renewal Term, on the same terms, save as varied under clause 2.3(c).
The parties may enter into Scopes of Services from time to time during the Term.
Each Scope of Service entered into by the parties constitutes a separate agreement, and will be governed by the terms and conditions of this Agreement.
Services shall be charged as per the Pricing & Investment specified in the relevant Scope of Services, or otherwise as per the Rate Card where not specified in the relevant Scope of Services. Additional services beyond the Scope of Services (e.g., after-hours support, special projects) shall be charged separately in accordance with the Rate Card, unless otherwise agreed by Fortify. Fortify will notify CLIENT where requested services are out of scope, and provide an estimate of additional Fees prior to incurring them where reasonably practicable.
Unless otherwise specified in the relevant Scope of Services, Fortify will issue invoices monthly in arrears at end of month, payable by CLIENT within 14 days via direct debit or recurring card payment (in accordance with Annexure A).
All payments must be in Australian dollars unless otherwise agreed between the parties.
In addition to any other rights Fortify may have, Fortify reserves the right to:
Where CLIENT seeks to vary a Scope of Services to include additional locations, hardware, software, support requirements, or services, Fortify reserves the right to renegotiate the rates and Fees set out in the Scope of Services. Any modifications must be documented and agreed by the parties in writing.
Fortify may amend any Fees specified for Services or Products at any time on written notice to CLIENT as a result of:
In the event Fortify notifies CLIENT of a Fee increase under clause 4.3(b), CLIENT may notify Fortify within 15 days of such notice that CLIENT no longer wishes to receive the Services to which the Fee increase relates, in which case the relevant provisions of clause 8 will apply.
Fortify may amend the Rate Card by 90 days’ notice in writing to CLIENT from time to time, and such amendments will come into effect at the expiry of the 90-day notice period. Fortify may not amend the Rate Card more than once in each 6-month period. For the avoidance of doubt, where the Rate Card is amended in accordance with this clause, the parties each acknowledge and agree that the amended Rate Card will have no impact on fees payable under any Scope of Services already agreed between the parties unless such fees are calculated in accordance with the Rate Card (for example, where pricing is provided with reference to a set number of hours charged at an hourly rate).
If CLIENT reasonably believes an invoice contains an error and wishes to dispute the invoice, CLIENT must:
Fortify will investigate the dispute and if it agrees that the invoice contains an error, Fortify will issue a replacement invoice and refund any overpaid amount to CLIENT.
Any terms used in this clause 4.5 that are not otherwise defined in this Agreement have the meaning given in the A New Tax System (Goods and Services Tax) Act 1999 (Cth).
If GST has application to any supply made under or in connection with this Agreement, the supplier may, in addition to any amount or consideration payable under this Agreement, recover from the recipient an amount on account of GST, such amount to be calculated by multiplying the amount or consideration payable by the recipient for the supply by the prevailing GST rate.
Any additional amount on account of GST recoverable from the recipient under this clause will be calculated without any deduction or set off of any other amount and is payable by the recipient.
CLIENT’s IT network must be in good condition and meet Fortify’s serviceability standards. Fortify reserves the right to inspect CLIENT’s network at any time during the Term. Fortify may suspend or terminate Services where CLIENT’s IT network does not meet Fortify’s serviceability standards, and Fortify is not liable to CLIENT for any Loss suffered or incurred by CLIENT as a result of such suspension or termination.
CLIENT is responsible for notifying Fortify 5 days in advance of any system changes that may impact Service provision.
Where Services require Fortify to attend CLIENT’s site, CLIENT must provide a safe working environment. Fortify reserves the right to suspend services if site conditions pose a health or safety risk to Fortify Personnel.
Subject to payment of the Fees, Fortify will provide remote and/or on-site Services per each agreed Scope of Services and in accordance with the Service Levels. On-site visits shall be scheduled by agreement between the parties based on technician availability and CLIENT priorities. CLIENT will have real-time access to request progress updates via the customer portal.
CLIENT must promptly notify Fortify of any incidents or Service-impacting events. Fortify shall respond via phone, email, remote access, or on-site visits in line with the Service Levels. Additional services outside regular Business Hours will be provided subject to technician availability.
Fortify shall provide scheduled remote support and proactive monitoring as per each Scope of Services during Business Hours. CLIENT must provide full network access to facilitate support operations. All standard support Services are covered during regular Business Hours, unless stated otherwise in the relevant Scope of Services.
CLIENT must provide Fortify 60 days’ advance notice for any relocation or modifications to primary or data centre locations.
Fortify shall prioritize emergency and non-emergency service requests, subject to proper notification in accordance with the Service Levels.
Within 10 Business Days of Fortify notifying CLIENT that Services have been completed or Products have been delivered under a Scope of Services, CLIENT must review the Services and Products and provide written notice of any identified Defects. If no written notice is provided within this timeframe, and the Services and Products meet the specifications outlined in the relevant Scope of Services (determined by Fortify acting reasonably), the Services and Products will be deemed accepted. Where CLIENT has identified Defects in the Services and Products and Fortify agrees the Products and Services are Defective, the parties will negotiate in good faith on an appropriate resolution.
In addition to the limitations and conditions outlined in this Agreement, the following service and support exclusions apply:
Fortify must deliver the Products to CLIENT’s location in accordance with the relevant Scope of Service.
Time is not of the essence in relation to delivery of Products. Delivery dates notified by Fortify are target delivery dates only.
Unless the relevant Scope of Services states otherwise, title to Products will pass to CLIENT once CLIENT has paid all outstanding Fees for that Product.
Risk of loss and damage will pass to CLIENT upon Fortify’s delivery of the Product to CLIENT’s agreed delivery address.
Fortify does not provide any express warranties in relation to Products supplied under this Agreement. Where available, Fortify will pass on the manufacturer’s warranty to CLIENT.
Fortify is responsible for supplying all Fortify Equipment required to perform its obligations under this Agreement.
Title to Fortify Equipment remains with Fortify at all times.
Where Fortify Equipment is located at CLIENT’s site or otherwise in CLIENT’s possession or control:
This Agreement or any Scope of Services (or both) may be terminated by either party immediately by written notice if the other party:
Fortify may terminate this Agreement or any Scope of Services on 10 days’ written notice if CLIENT fails to pay Fortify’s invoices within 30 days of the due date and fails to remedy the failed payment prior to expiry of the notice period.
CLIENT may terminate the Agreement or any Scope of Services (or both) at any time during the Term on 30 days’ written notice to Fortify.
If CLIENT terminates the Agreement or a Scope of Services under clause 8.2(a), CLIENT shall be liable to pay 25% of the remaining Fees payable for Services to the end of the Term.
For clarity, in the case of Ongoing Services, a reference to Term in clauses 8.2(a) and 8.2(b) is the then-current Initial Term or Renewal Term, as applicable.
Termination of a Scope of Services does not automatically terminate any other Scope of Services then on foot, or the Agreement.
Termination of the Agreement:
On expiry or termination of a Scope of Services for any reason (including in circumstances under clause 8.3(b)):
Upon termination or expiry of this Agreement for any reason:
If CLIENT terminates this Agreement or a Scope of Services under clause 8.1 CLIENT is entitled to a refund of prepaid Fees for Services not yet rendered and Products not yet delivered in connection with the Agreement or Scope of Services (as applicable).
If termination of this Agreement or a Scope of Services results from non-payment or contractual breach by CLIENT, and without limiting any other rights Fortify may have, Fortify reserves the right to:
Termination or expiry of this Agreement or any Scope of Services will not affect clauses 1.1, 1.2, 4, 5.1(a), 5.7, 8.3, 9.3, 10, 11, 12, 13, 15, 18 or any provision of this Agreement or any Scope of Services which is expressly or by implication intended to come into force or continue on or after the termination or expiry.
Fortify Technology ensures compliance with Australian Privacy Laws.
Fortify takes all reasonable steps to ensure CLIENT data remains strictly confidential and protected.
In the event that Fortify becomes aware of a Security Incident which affects the Services or CLIENT data, Fortify will follow its incident response protocols and notify CLIENT in accordance with applicable laws.
CLIENT must nominate a dedicated 24/7 point of contact for Priority 1 (P1) Security Incidents to ensure timely response and resolution. This designated contact must be available at all times to coordinate incident management, authorise necessary actions, and facilitate communication between Fortify Technology and CLIENT’s internal teams. Failure to provide a 24/7 contact may result in delays in addressing critical security threats, which could impact CLIENT’s operations and data security. Fortify is not liable for any Loss CLIENT suffers or incurs in connection with a Security Incident where CLIENT has not provided a 24/7 contact, or where the 24/7 contact provided is not available when required. Fortify Technology will work closely with the nominated representative to ensure a swift and effective resolution of Security Incidents.
CLIENT must implement and maintain its own security controls and risk mitigation strategies to prevent Security Incidents and mitigate any Loss CLIENT may suffer or incur as a result of a Security Incident.
Each party agrees to, and must ensure each of its Personnel:
Each party acknowledges that:
Confidentiality obligations shall survive termination or expiry of this Agreement and any Scope of Services.
Other than those outlined in the Service Level Agreement, Fortify Technology provides no additional express or implied warranties. Any warranties of merchantability or fitness for a particular purpose are expressly disclaimed to the extent permitted by governing law.
Unless otherwise prohibited at law and subject to clauses 11(c), 11(d), and 11(e):
Clause 11(a) does not apply for a breach by a party of its obligations under clause 9.3, in which case Fortify’s liability to CLIENT is limited to an amount Fortify recovers from an insurer under a relevant policy of insurance held by Fortify.
Neither party shall be liable to the other for any Consequential Loss, even if such Losses were foreseeable or the party had been advised of their possibility.
If the Australian Consumer Law or any other legislation states that there is a guarantee in relation to any good or service supplied by Fortify in connection with this Agreement, and Fortify’s liability for failing to comply with that guarantee cannot be excluded but may be limited, clauses 11(a) and 11(c) do not apply to that liability. Instead Fortify’s liability for that failure is limited (at Fortify’s election) to, in the case of a supply of goods, Fortify replacing the goods or supplying equivalent goods or repairing the goods, or in the case of a supply of services, Fortify supplying the services again or paying the cost of having the services supplied again.
Nothing in this Agreement excludes or limits the liability of a party:
Each party must mitigate any Loss they suffer or incur as a result of a breach of the Agreement by the other party, or a breach of warranty by the other party, including where such Loss gives rise to a Claim for indemnity.
The liability of a party (including under an indemnity) will be reduced proportionately to the extent that the Claim or Loss was caused or contributed to by the acts or omissions of the other party.
CLIENT indemnifies and defends Fortify Technology and its Personnel from any Claims arising out of or related to CLIENT’s use of Services, Products, software, or hardware provided or made available by Fortify, including but not limited to:
CLIENT is responsible for all legal costs and judgments resulting from such Claims, except where Fortify Technology is found to be directly negligent or at fault.
Both parties agree not to solicit or hire each other’s employees during the Term and for one (1) year thereafter. If CLIENT directly hires a Fortify Technology employee, they agree to pay 50% of the employee’s total annual compensation as liquidated damages. This clause applies reciprocally, preventing Fortify Technology from soliciting CLIENT employees.
Fortify Technology maintains the following insurance policies for the Term:
The insurance policies must be issued by reputable insurers.
Fortify must comply with the terms of the insurance policies and not do or omit to do any act that would constitute grounds for an insurer to refuse to pay a claim made under any of the insurance policies.
Upon CLIENT’s written request, Fortify will deliver to CLIENT a copy of its certificates of currency for all insurance policies maintained under clause 14(a), provided that such request cannot be made more than once per calendar year.
All Materials created by Fortify Technology during the performance of this Agreement, and all Intellectual Property Rights subsisting in such Materials, shall remain the sole property of Fortify Technology unless expressly transferred to CLIENT through a separate written agreement.
CLIENT is granted a non-exclusive, non-transferable, non-sublicensable, revocable licence to use such Materials solely for the purposes for which the Materials have been provided under this Agreement.
Ownership of Pre-Existing Materials, and all Intellectual Property Rights subsisting in them, shall remain with the originating party.
CLIENT grants to Fortify a worldwide, non-exclusive, royalty-free, sublicensable licence for the Term to use CLIENT’s Pre-Existing Materials for the purpose of Fortify performing its obligations and exercising its rights under this Agreement.
Each party must use reasonable endeavours to prevent any infringement of the other’s Intellectual Property Rights in connection with this Agreement and must promptly report to the other any such infringement that comes to its attention.
Neither party may commence court proceedings concerning any Dispute, unless the party starting the proceedings has complied with this clause 16.
A party claiming that a Dispute has arisen must notify the other party in writing, specifying the nature of the Dispute (Dispute Notice).
Following the Dispute Notice being given, both parties agree to attempt resolution through good-faith negotiations within 30 days of the date of the Dispute Notice.
If the Dispute is not resolved within 14 days of the Dispute Notice being given, either party may commence court proceedings.
Nothing in this clause prevents a party from seeking urgent interlocutory relief in a court.
A notice, consent or communication under this Agreement must be in writing, signed by or on behalf of the person giving it, addressed to the person to whom it is to be given and delivered by hand, sent by prepaid mail or sent by email to that person’s address as specified in the Scope of Services or as the person notifies the sender.
A notice, consent or communication is given and received:
Any amendments to this Agreement must be made in writing and agreed upon by both parties.
This document represents the entire agreement between the parties and supersedes prior agreements.
A clause or part of a clause of this Agreement that is illegal or unenforceable may be severed from this Agreement and the remaining clauses or parts of the clause of this Agreement continue in force.
Failure by a party to enforce provisions (in full or in part) does not constitute a waiver and does not affect the right of that party to require performance subsequently. A right under this Agreement may only be waived in writing signed by the party granting the waiver, and is effective only to the extent specifically set out in that waiver.
This Agreement is governed by the laws of Queensland, Australia. Each party irrevocably submits to the exclusive jurisdiction of the Queensland, Australia courts and the Federal Courts of Australia (Queensland registry) and courts competent to hear appeals from those courts.
This Agreement cannot be assigned by a party without prior written consent of the other party.
Neither party shall be liable for external events beyond their control (e.g., natural disasters, power failures, or third-party attacks).
This Agreement may be signed in any number of counterparts. All counterparts together make one instrument.
If this Agreement or any document forming part of the agreement between the parties is signed by any person using an Electronic Signature, the parties:
A person signing this Agreement on behalf of a party warrants they have authority to bind that party or that person.
In this Agreement, unless context deems otherwise, the following definitions apply:
This Annexure A only applies where the Scope of Services provides that direct debit applies to payments of invoices by CLIENT under the Agreement, or CLIENT otherwise elects in writing to pay invoices via direct debit.
For the purposes of this Annexure A:
By authorising a Direct Debit Request, CLIENT has authorised Fortify to arrange for funds to be debited from CLIENT’s account.
CLIENT should refer to the Direct Debit Request and this Annexure A for the terms of the arrangement between Fortify and CLIENT.
Fortify will only arrange for funds to be debited from CLIENT’s account as authorised in the Direct Debit Request.
If the Debit Day falls on a day that is not a Banking Day, Fortify may direct CLIENT’s Financial Institution to debit CLIENT’s account on the following Banking Day.
If CLIENT is unsure about which day CLIENT’s account has or will be debited, CLIENT should ask CLIENT’s Financial Institution.
Upon expiry or termination of the Terms, CLIENT may stop a Debit Payment from the effective date of expiry or termination, provided that any cessation will not relieve CLIENT from any obligations to pay any amounts which have accrued prior to the effective date of expiry or termination.
It is CLIENT’s responsibility to ensure that there are sufficient clear funds available in CLIENT’s account to allow a debit payment to be made in accordance with the Direct Debit Request. If there are insufficient clear funds in CLIENT’s account to meet a debit payment:
CLIENT should check CLIENT’s account statement to verify that the amounts debited from CLIENT’s account are correct.
If CLIENT believes that there has been an error in debiting CLIENT’s account, CLIENT should notify Fortify promptly, and in any event within 7 days of the debit occurring. If Fortify concludes as a result of investigations that CLIENT’s account has been incorrectly debited, Fortify will respond to CLIENT’s query by arranging for CLIENT’s Financial Institution to adjust CLIENT’s account accordingly. If Fortify has concluded that as a result of investigations that CLIENT’s account has not been incorrectly debited, Fortify will respond to CLIENT’s query by providing CLIENT with reasons and any reasonable evidence for this finding.
CLIENT should check:
Without limiting Fortify’s obligations under clause 1.24 of these Terms, Fortify will keep any information (including CLIENT’s account details) in the Direct Debit Request confidential. Fortify will make reasonable efforts to keep any such information held secure and to ensure that any of Fortify’s employees or agents who have access to information about CLIENT do not make any unauthorised use, modification, reproduction, or disclosure of that information.
Fortify will only disclose information held about CLIENT:
Notwithstanding any other provision of this Agreement relating to the provision of notices:
To ensure uninterrupted business operations, Fortify Technology provides guaranteed response times for support and incident resolution.
| Priority Level | Example Issue | Guaranteed Response Time | Response Time Objective |
|---|---|---|---|
| Critical (P1) | Server down impacting financial operations, security breach | 1 hour | 5 minutes |
| High (P2) | Email system outage, multiple users affected | 2 hours | 30 minutes |
| Medium (P3) | Slow performance, minor security alert | 5 hours | 2 hours |
| Low (P4) | General IT request, software installation | 8 hours | 4 hours |
SLAs are bound by the following guaranteed service periods:
| Priority | Service Period |
|---|---|
| Critical (P1) | 24 hours a day, 7 days a week |
| High (P2) | 9am to 7pm AEST, 7 days a week |
| Medium (P3) & Low (P4) | 9am to 7pm AEST, Monday to Friday |
fortifytechnology.ai — Page 1
3442-6003-9733, v. 4
fortifytechnology.ai — Page 1
3446-0004-5880, v. 1