Melius Cyber
Software Subscription Service Agreement

Melius Cyber Consultancy Ltd Software Subscription Service Agreement

Valid for all clients who signed the agreement on or before 30th June 2024

This Agreement is for the provision of the Melius Cyber Consultancy Limited, Cyber Safe software service herein referred to as Cyber Safe and associated Services as defined in the contract between the parties.  By signing a Contract with Melius Cyber Consultancy Limited you are agreeing to abide by these Terms & Conditions.

This Agreement shall be governed by the laws of England and Wales and the parties hereby submit to the exclusive jurisdiction of the English court, except for enforcement proceeding where the English courts shall have non-exclusive jurisdiction.

In this Agreement “Melius Cyber” means Melius Cyber Consultancy Limited of Hadrian House, Beaminster Way East, Newcastle upon Tyne, NE3 2ER. 

The Terms “you” and “customer” in this Agreement means your company and all of its employees (including any agents, support companies or third-party advisers which you request us to liaise with).


The following definitions apply to this Contract:

Actual intrusions is the existence of a live unauthorised perpetrator, an individual or group of people, who have gained access to the Customer’s Information System.

Accredited partner a supplier (individual or body corporate), who has satisfied the procurement processes of Melius Cyber in accordance with ISO27001 and is subject to a valid confidentiality agreement.

Agreement of dates is defined as an acceptance (via email) by the Customer of an offer of a start and end date in which any security testing engagement will be carried out within.

Annual Fees or Monthly Fees means the recurring fees payable by Customer in order to continue to use the Services.  Such Fees shall be exclusive of VAT or other sales taxes.

Approval to Test means Melius Cyber’s Scope Definition Form completed and signed by the Customer prior to execution of Security Testing.

Authorised User means each individual person or third-party agent/representative employed by the Customer as using and/or accessing the Software as authorised by the Customer to use the SaaS Service.

Charges means any or all charges payable under the signed Contract including any one-off charges, Annual Fees and ad-hoc fees owing by Customer to Melius Cyber Consultancy Limited as detailed in a Statement of Work.

Cloud means the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user.

Conditions means the terms and conditions set out in this Agreement.

Confidential Information means all confidential information (however recorded or preserved) disclosed by a party or its employees, officers, representatives or advisers to the other party. including but not limited to all system configurations, user guidance, training handout, proprietary data whose disclosure to third parties may be damaging and other similar information, and any Software or materials which have been or will be supplied to the Customer by Melius Cyber in connection with this Contract.

Consultant means the individual(s) provided by Melius Cyber for the performance of the Security Testing.  On occasion such a Consultant may be an accredited partner of Melius Cyber.

Contract means the signed Contract between the Customer and Melius Cyber.  Within which are contained the details of the services to be provided to the Customer as part of the contract between you and Melius Cyber.

Customer means the entity shown on the signed Contract.

Customer Data means the personal data of which the Customer is data controller (“Customer Data”).

Cyber Safe means the software being provided by the Service.

Documentation means the standard user guides and manuals made available to the Customer by Melius Cyber, as updated from time to time.

End date means the date by which the Security Testing must cease as set out in the Authorisation to Test Scope Definition document.  If “End Date” is omitted, then the time frame for the test will be six months after the “Start Date”.

Endpoint means any device that is physically an end point on a network i.e. Laptops, desktops, mobile phones, tablets, servers, and virtual environments.

GDPR means the EU General Data Protection Regulation being Regulation (EU) 2016/679.

ICO means the Information Commissioner’s Office or any replacement authority in the UK.

Information System means the entire infrastructure, organisation, personnel and components for the collection, processing, storage, transmission, display, dissemination and disposition of information, as defined and controlled by the Customer.

Intellectual Property Rights/IPR means all intellectual and industrial property rights including copyright, licence, patents, know-how, trademarks, trade names, inventions, registered designs, applications for and rights to apply for any of the foregoing, unregistered design rights, unregistered trademarks, database rights, and any other rights in any invention, discovery or process, and all similar or equivalent rights or forms of protection which subsist or will subsist, now or in the future, in any part of the world.

Interim Report a report made verbally or by other means to the Customer on the conduct of the Security Testing prior to the delivery of the Test Report.

Maintenance Release shall mean a new release of the Software that is substantially the same as the current Software, which is issued to remove known errors or otherwise improve or enhance the Software but does not constitute a New Version.

New Version shall mean a release of the Software that incorporates significant new or additional functionality and features which is not a Maintenance Release.

Melius Cyber means Melius Cyber Consultancy Limited, company number 11803541, who’s registered office is at Suite 2, Hadrian House Street, Beaminster Way East, Newcastle upon Tyne NE3 2ER.

Open-Source Software means software that is supplied on an “as is” basis and is supplied to Customer with all of the rights granted under the applicable licence.

Penetration Testing means the authorised access to carry out Security Testing to simulate a cyber attack and record the findings.

SaaS Service means the cloud-hosted Cyber Safe solution provided by Melius, comprising the Software and the Documentation, as updated by Melius Cyber from time to time.

SaaS Service Support means any services provided by Melius Cyber under this Subscription Agreement as detailed in the signed Contract or subsequent Statement of Work (SOW) documents.

Scope Definition means the breakdown of work documented within the Authorisation to Test Scope Definition which contains the details of what is included in the test scope. 

Security Testing means an authorised penetration test or vulnerability assessment in which Melius Cyber attempts to circumvent the security measures and controls of an information system. The purpose being to identify vulnerabilities within an information system.

Software means the software, which may include Open-Source Software that is licensed to, or made available to the Customer under this Contract, as listed in the Contract, together with any updates or Maintenance Releases (but excludes New Versions).

Start Date means the date shown in the Contract when Cyber Safe is ready for use in a live environment by Customer and when Support Services start. For Penetration Testing services this means the date that Security Testing will start to be provided.

Statement of Work (SOW) means the document detailing the scope of works for services to be provided, deliverables and timetable and is governed by the terms and conditions set out in this Agreement.

Support Services means the management and maintenance services for the Software as described in the Contract.

Test Boundaries are the areas that require testing as agreed by the Customer in the Scope Definition documented in the Contract or whereby express permission has been given to Melius Cyber by the Customer, who have the authority to grant permission to the areas to be tested.

Test Report means the report produced by Melius Cyber detailing the results of the Security Testing.

Third Party Information Service Providers are entities that provide support to or implement the Customer’s information systems i.e. managed service providers.

Third Party Information Stakeholders are defined as any individuals, organisations or others, who have information concerning them or belonging to them held by or available to the Customer.

Working Day means 0900 – 1700 hours on a Monday to Friday excluding English public holidays.

Terms & Conditions

1.             Formation of Contract

1.1.         Clause, schedule and paragraph headings shall not affect the interpretation of this contract.

1.2.         Words in the singular shall include the plural and vice versa.

1.3.         Both parties agree that the Contract and the signed Contract is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous or contemporaneous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all modifications to the Contract must be in writing signed by both parties, except as otherwise provided herein.

1.4.         Where any divergence occurs between the contract and these Terms and Conditions, the Terms and Conditions shall have precedence.

2.             Contract Term

2.1.         This Contract will be in force as specified in the signed Contract, from the Start Date, and thereafter it shall continue until it is terminated:

2.1.1.         by either party on 90 days written notice to the other party, such notice to expire at the end of the initial term or the next anniversary of the Start Date; or

2.1.2.         otherwise in accordance with the terms of this Contract.

2.2       In consideration of the customer paying the charges, Melius Cyber agrees to provide the services including the Documentation in accordance with the terms and conditions of this Contract.

3.             SaaS Service

3.1.         For the term of this Contract, the SaaS Service will be provided across the agreed number of Endpoints specified in the signed Contract.  As such the service can be extended across a further 10 endpoints at no additional Charge. 

3.1.1       In the event that the Customer requires further End-points to be monitored as part of the Service then this shall be subject to a Statement of Work, agreed between the parties and will be subject to separate Charges.

3.2.         For the term of this Contract, Melius Cyber grants to you/the Customer a non-transferable, and non-exclusive right to use the SaaS Service for Customer’s own internal business purposes only.

3.3.         Customer may make such copies of the Documentation as are reasonably necessary for its use of the SaaS Service and shall reproduce all copyright and other notices in and on the Documentation. All such copies shall be subject to the terms and conditions of this Contract.

3.4.         Where a Test Report is to be provided, Copyright of the Test Report shall always remain with Melius Cyber, but the Customer is hereby granted a nonexclusive, non-transferable licence to copy and use the Test Report internally. The test report cannot be shared with any third party without explicit written consent from Melius Cyber. Any consent given in this regard will only be applicable for a single instance and version of the Test Report.

4.             Melius Cyber Obligations Security Testing

4.1.       Melius Cyber will perform the services to the Customer as specified by the Contract.

4.2.         On completion of the required Security Testing performed by Melius Cyber, a Test Report will be delivered to the Customer within ten (10) working days.

4.3.         Melius Cyber will not intentionally alter any information in the Customer’s Information System, except in circumstances where the appropriate authorisation has been received from the Customer.

4.4.         Melius Cyber will not intentionally cause interference to the operation of the Customer’s Information System, unless they have the express authority of the Customer.

4.5.         Melius Cyber will use all reasonable endeavours not to disclose information; infringe individual’s privacy rights, where applicable; or act in any manner, which could result in a breach of confidentiality or contravention of the law.

4.6.         Melius Cyber will inform the Customer of violations of any Test Boundaries that may occur. In the event of boundary violation, Melius Cyber will cease testing, document the extent of the violation, and inform the Customer.

4.7.         Melius Cyber shall, where the Consultant is present on the Customer’s premises, ensure that the Consultant complies with such reasonable site rules and procedures, including Health and Safety procedures, as are notified to Melius Cyber and/or the Consultant.

5.             Customer Obligations

5.1.         Cyber Safe

5.1.1       The Customer agrees it will:

5.1.2       only use the Products, Services and Software for its own internal business purposes;

5.1.3       comply with the terms and conditions of this Agreement,

5.1.4       Except to the extent permitted by law, Customer shall not, nor permit any third party to, adapt or modify the SaaS Service, or decompile, reverse engineer, disassemble or otherwise derive the source code or derivative works of the SaaS Service.

5.1.5       It will take security measures sufficient to reasonably safeguard the SaaS Service and Documentation from access by unauthorised third persons.

5.1.6       The Customer undertakes to keep all usernames, passwords, and other access details relating to the Administrative Functions confidential and Customer agrees that Customer will be liable for any loss or damage arising from Customer’s failure to do so.

5.1.7       Customer may permit Authorised Third Parties to access the SaaS Service and Documentation provided that:

5.1.8       It obtains Melius Cyber prior written approval before any access is granted;

5.1.9       Customer remains responsible for the acts and omissions of such Authorised Third Parties as if they were the Customer’s own acts and omissions; and such access is for the Customer’s sole benefit e.g. a third party which provides outsourced services to Customer under a written agreement.

5.1.10    pay the Charges to Melius Cyber;

5.1.11    permit reasonable access by Melius to its sites in order for Melius Cyber to perform its obligations under this Agreement and cooperate, as necessary, with Melius Cyber in relation to the provision of the Services;

5.1.12    ensure that its network and systems comply with the relevant specifications provided by Melius Cyber from time to time;

5.1.13    where Melius Cyber personnel are required to work at Customer premises, ensure that its personnel provide all reasonable assistance to them including desk space and wireless connection, as and when required by Melius Cyber to discharge its obligations, and in particular take all measures necessary to comply acts, regulations and codes of practice relating to health and safety, which may apply;

5.1.14    when notified by Melius Cyber implement promptly any Maintenance Releases or other fixes, patches or upgrades of any system software necessary for the successful operation of the Software;

5.1.15    make its own arrangements for internet access in order to access the SaaS Service, with the required type and version of browser as notified to the Customer by Melius Cyber from time to time. Melius Cyber shall not be liable for Customer’s inability to access the SaaS Service if it is due to the Customer’s inability to establish an internet connection, or not having their browser set to the correct type and version, for accessing the SaaS Service

5.1.16    the Customer shall indemnify Melius Cyber, keep Melius Cyber indemnified and hold Melius Cyber harmless from and against all claims, liabilities, proceedings, costs, damages, losses, or expenses incurred by Melius Cyber caused by, or in any way connected with Customer’s use of the SasS Service or the unauthorised use of the SaaS Service by any third party whether through breach of this Contract or any other negligent or wrongful act.

5.1.17    Customer shall allow Melius Cyber reasonable access, as required, to provide the Services and/or undertake an audit of its use of the Software.

5.1.18    Customer represents and warrants that it possesses the full power and authority to enter into and perform its obligations under this Agreement.

5.2.       Security Testing

5.2.1.      The Customer consents, for itself and on behalf of all group companies, to Melius Cyber performing Security Testing and that it has procured, where necessary, the consent of all its (and its group companies) employees, agents and sub-contractors that Melius Cyber shall be permitted to carry out the Security Testing. Melius Cyber will be carrying out the Security Testing in the belief that it has all appropriate consents, permits and permissions from the Customer and its group companies (and their employees, agent and subcontractors);

5.2.2.      The Customer permits Melius Cyber to access the IT systems to enable the Security Testing to be performed in accordance with the signed Contract.

5.2.3.      The Customer has informed and provided the appropriate details, where required, as to the nature of the Security Testing on the Information System, to individuals, users, Third Party Information Stakeholders, Third Party Information Service Providers or any other parties likely to be affected by the Security Testing carried out by Melius Cyber.

5.2.4.      The Customer will, where necessary, inform individuals, users, Third Party Information Service Providers, Third Party Information Stakeholders or any other parties likely to be affected by the Security Testing of the date and time of the Security Testing.

5.2.5.       The Customer will verify that any proposed date and time of the Security Testing is convenient to individuals, users, Third Party Information Service Providers, Third Party Information Stakeholders, or any other parties likely to be affected by the Security Testing.

5.2.6.      The Customer will gain the appropriate consent, where required, to enable Melius Cyber to conduct the Security Testing, from individuals, users, Third Party Information Stakeholders, Third Party Information Service Providers or other parties likely to be affected or concerned with the impact of Security Testing on the Information System.

5.2.7.      The Customer confirms that, if applicable, it has obtained all consents required from data subjects to enable personal data (as defined in the General Data Protection Regulation) to be disclosed to Melius Cyber to the extent required to carry out the Security Testing.

5.2.8.      The Customer agrees to take responsibility to ensure compliance with law in so far as it relates to the impact of the Security Testing on individuals, users, Third Party Information Stakeholders, Third Party Information Service Providers or other parties likely to be affected by the Security Testing on the Information System.

5.2.9.      The Customer agrees that, in accordance with The Computer Misuse Act (1990), all necessary authorisations for access to target systems will be provided to Melius Cyber for the purposes of Security Testing, including, where necessary, modifications that demonstrate the impact of exploitation of a vulnerability.

5.2.10.   The Customer agrees to take all reasonable measures as provided by Melius Cyber and as agreed with the Customer to protect the Information System from any loss or damage that may arise as a consequence of the Security Testing. Prior to commencement of the Security Testing, the Customer will take copies of information and applications or use any other methods available to them, to ensure the safety and protection of material within the Information System. Melius Cyber shall not be liable for any unintentional data loss that cannot be recovered due to inadequate protection by the Customer.

5.2.11.   The Customer agrees that, where the Security Testing is to take place on the Customer’s premises, the Customer shall ensure that a suitable working environment is provided for the Consultant which shall include network access where necessary.

5.2.12.   That should the Customer require a laptop or other device to be security tested by Melius Cyber at Melius Cyber’s offices the Customer will deliver the laptop and/or other device to Melius Cyber’s offices.

5.2.13.   To assume all liability and keep indemnified Melius Cyber, its officers, employees, agents, contractors and subcontractors from and against all and any claims, proceedings, direct loss and/or damages, demands, costs, expenses (including all court and legal fees) and other liabilities of whatever nature suffered, reasonably incurred or sustained by Melius Cyber as a result of or in connection with any claims of alleged/actual infringement by the Customer of Melius Cyber’s Intellectual Property Rights arising out of or in connection with all dealings by Melius Cyber.

5.2.14.   To provide Melius Cyber with at least one employee who shall have significant experience on the Customer’s Information Systems, to act as liaison between the Customer and Melius Cyber.

5.2.15.   To co-operate with Melius Cyber and to provide it promptly with such information about its Information System, network, premises, equipment, data structures, protocols, software, hardware and firmware as are reasonably required by Melius Cyber to perform the Security Testing.

5.2.16.   To ensure that, where the Security Testing is taking place on its premises, the premises are safe.

6.             Services

6.1.       Melius Cyber shall provide the SaaS Service using reasonable care and skill.

6.2.         Support Services will be provided by MeliusCyber subject to Customer paying the Charges each year from the Start Date until this Contract is properly terminated. No refund will be given for Charges paid in advance on termination.

6.3.         The Support Services will be provided by Melius Cyber on Working Days, either at Melius Cyber sites or at the Customer’s sites.

6.4.         Customer will give to Melius Cyber promptly on request such information and documents as Melius Cyber reasonably requires for the provision of the Services.

6.5.         If the dates scheduled for delivery of the SaaS Services are deferred or cancelled by the Customer, Melius Cyber may revise any scheduled date for completion of any part of the Services and/or by giving seven days written notice suspend the SaaS Services.

6.6.         Melius Cyber shall not be liable for any failure to provide or delay in providing the Services, arising out of or in connection with any:

6.6.1.         act or omission of Customer or its employees, agents or subcontractors which affects Melius's ability to provide the Services;

6.6.2.         inaccurate or incomplete data, information or documentation provided by the Customer;

6.6.3.          failure by any third party to fulfil its obligations to the Customer;

6.7.         Acceptance of the SaaS Service will be when the SaaS Service is ready for use by the Customer.

6.8.         If the Customer or any of its Authorised Users requests the same or substantially the same advice or assistance on more than one occasion; or makes requests which may reasonably be considered excessive or an abuse of the Support Service, or requests advice or assistance for matters which a reasonable trained user ought to be able answer or solve for themselves, then Melius Cyber may do all or any of the following at its sole discretion:

6.8.1.         require the Customer to take reasonable action with respect to the particular Authorised User(s) concerned;

6.8.2.         refuse to answer any further such requests for advice or assistance: or

6.8.3.         require the Customer to provide further training to its Authorised Users, and the Customer shall pay an additional charge for any such training provided by Melius Cyber.

6.9.         Occasionally Melius Cyber may provide specific contracted Services via one of our approved accredited partners.  Such partners shall be bound by the same terms of Confidentiality and Information Security as Melius Cyber.

6.10.       This Contract also acts as an umbrella agreement, which sets out the general terms for the supply of additional related software and services by Melius Cyber to the Customer, when so requested from time to time. Such additional software and services and any particular special terms and conditions applicable to the supply thereof shall be set out in a Statement of Work order. If Melius Cyber provides any additional software or services Customer shall be charged separately for the provision of these at Melius Cyber’s then prevailing rates for such software or services.

7.             Customer Data

7.1.         Melius Cyber may access or process personal data of which the Customer is data controller (“Customer Data”).  Melius Cyber shall process such Customer Data strictly in accordance with the Customer’s instructions and as detailed in the data protection schedule hereto.

7.2.         Melius Cyber shall promptly without undue delay notify Melius Cyber Consultancy Limited if any Customer Data comes into Melius Cyber possession, or if it accidentally accesses such Customer Data; and

7.3.         At the Customer’s option and expense, Melius Cyber shall immediately and securely return or destroy any Customer Data in its possession and certify to the Customer that this has been done.

8.             Warranties

8.1.       Customer acknowledges that:

8.1.1.             software in general is not error free and that the existence of such errors in the Software shall not by themselves constitute a breach of this Contract;

8.1.2.             the SaaS Service is not bespoke and has not been prepared to meet Customer’s individual requirements.

8.2.         Melius Cyber warrants that it will carry out the Services with reasonable skill and care. In the event of a breach of the warranty under this clause 10.2 and provided such breach is reported to Melius Cyber within a reasonable time (given the nature of the Service) after completion of the Service and, Melius Cyber shall re-perform the Service without additional charge to Customer within a reasonable period of time.

8.3.         Melius Cyber warrants that it shall use its commercially reasonable efforts so that no viruses are coded or introduced into the systems used to provide the SaaS Service.

8.4.         Melius Cyber does not warrant that the SaaS Service will be entirely error free nor that the Customer's use of the SaaS Service will be uninterrupted and is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet. The Customer acknowledges that the SaaS Service and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.

8.5.         Melius Cyber warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this Contract.

8.6.         This Clause 10 constitutes the only warranties given by Melius Cyber in respect of the Services. Express terms of this Contract are in lieu of all warranties, conditions, terms, undertakings and obligations implied by statute, common law, custom, trade usage, course of dealing or otherwise, all of which are excluded to the fullest extent permitted by law.

8.7.         The customer shall warrant that for the duration of the contract and for a period of 3 years after termination that they shall not seek to develop and or build a product that replicates and or seeks to replicate the intellectual property and the software included in the services provided by Cyber Safe.

9.             Intellectual Property Rights

9.1.         All Intellectual Property Rights in the SaaS Service including the Software belong to Melius Cyber or a third party licensor. At no time shall any rights, interests or title in any intellectual property in the SaaS Service, including the Software, pass to the Customer.

9.2.         Melius Cyber shall have a royalty-free, worldwide, irrevocable perpetual licence to use and incorporate into the SaaS Service any suggestions, enhancement requests or other feedback provided by the Customer or its Authorised Users relating to the SaaS Service without restriction.

9.3.         The Customer hereby grants to Melius Cyber a non-exclusive, non-transferrable (except as part of a permitted assignment of this Contract), royalty free licence to copy, modify, and use the Customer data as reasonably appropriate for the purposes of this Contract.

9.4.         Melius shall defend or, at its option, settle any claim brought against Customer that its authorised use of the SaaS Service, excluding third party software and open-source software, in the UK and in accordance with this Contract infringes any Intellectual Property Rights of any third party and shall pay any damages finally awarded against Customer in respect of such claim and any reasonable costs and expenses incurred by Customer provided that:

9.4.1.             Customer notifies Melius Cyber immediately;

9.4.2.             Customer provides all information and assistance as Melius reasonably requires at Melius Cyber’s cost, and Customer does not prejudice the defence of such claim;

9.4.3.             Melius Cyber is given immediate and complete control of such claim; and

9.4.4.             the claim does not arise from any unauthorised use or alteration to the SaaS Service or Customer’s use of the SaaS Service after notice of alleged infringement is known.

9.5.         In the event that a claim as contemplated by clause 11.3 is made or in Melius Cyber’s opinion is likely to be made, Melius Cyber may at its option:

9.5.1.             obtain the right for Customer to continue to use the SaaS Service;

9.5.2.             change or replace all or any part of the SaaS Service; or

9.5.3.             terminate this Contract immediately on written notice.

9.6.         Clauses 11.4 and 11.5 state the entire liability of Melius Cyber in respect of any claim as contemplated by clause 8.4.

10.           GDPR Data Protection & Privacy

10.1.       Our policy is to respect the privacy of our users. We shall hold information such as your name, address and telephone number to enable us to fulfil the Contract. 

10.1.1.          Such information may from time to time be used to help improve Melius Cyber’s offerings, promote additional services and communicate other information that we believe would be useful.

10.1.2.          We will not share, rent, sell, or trade personal information (including e-mail addresses) that identifies our customers or users to third parties without the consent of the Customer.  We will not share, rent, sell, or trade data contained in your account.

10.2.       Customer shall, as a Controller, comply with, and not cause Melius to breach, the Data Protection Legislation.

10.3.       The Customer shall ensure it has a legal basis to and has fulfilled all its obligations that entitles it to share the Contract Personal Data with Melius.

10.4.       In interpreting the Data Protection Legislation the parties shall have regard to all guidance and codes of practice issued by the ICO or any other body with regulatory authority in relation to the Processing of the Contract.

11.           Confidentiality

11.1.       Both parties shall keep the other party’s Confidential Information confidential and unless it has the prior written consent of the other shall not:

11.1.1.             use or exploit the Confidential Information in any way except for carrying out its obligations under this Contract;

11.1.2.             disclose or make available the Confidential Information in whole or in part to any third party, except as expressly permitted by this Contract;

11.1.3.             copy, reduce to writing or otherwise record the Confidential Information except as necessary for this Contract; and use, reproduce, transform, or store the Confidential Information in an externally accessible computer system or transmit it in any form or by any means whatsoever outside of its usual places of business.

11.2.       A party may disclose Confidential Information to the extent required by law, by any governmental or other regulatory authority, or by a court or other authority of competent jurisdiction provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of this disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause 13.2 it takes into account the reasonable requests of the other party in relation to the content of this disclosure.

11.2.1.             can be shown by the Recipient to the reasonable satisfaction of the Discloser to have been known by the Recipient and to be at its free disposal before disclosure by the Discloser;

11.2.2.             came lawfully into the possession of the Recipient from a third party who is free to make a non-confidential disclosure of the same, without any obligation of confidentiality being imposed upon the Recipient in respect thereof by such third party.

11.3.       Melius Cyber may publicise the fact that it has been engaged by the Customer to provide the SaaS Service, and is licensed to copy and reproduce any names or logos of the Customer for this purpose on its website and in any promotional materials, proposals and tenders. No press release will be issued without the Customer’s prior consent.

12.           Charges

12.1.       The Customer shall pay the Charges in accordance with the Contract and this clause 14.

12.2.       All amounts and fees stated or referred to in this Contract shall be payable in pounds sterling and are exclusive of value added tax, which shall be added to Melius Cyber's invoice(s) at the appropriate rate.

12.3.       Where SaaS Service Support Services are provided on a time and materials basis they will be at the rates current at the time of provision of the service. Where specific daily rates are quoted these are only valid for 3 months following the date of signing this Contract (or any later date noted in the signed Contract or Statement of Work). Unless otherwise stated in these documents, invoices for work carried out on a time and materials basis will be raised monthly in arrears based on time actually worked on the chargeable activities covered by this Contract (as recorded by Melius Cyber staff on Melius Cyber’s internal systems).

12.4.       Any SaaS Service Support Services provided outside of a Working Day will be chargeable at the then current time and materials rates plus 50%.

12.5.       If Melius Cyber has not received payment within 14 days after the due date, and without prejudice to any other rights and remedies of Melius Cyber, Melius Cyber may, without liability to the Customer, disable the Customer's password, account and access to all or part of the SaaS Service and Melius shall be under no obligation to provide any or all of the SaaS Service while the invoice(s) concerned remain unpaid.

12.6.       If the provision of the SaaS Services is cancelled, suspended or deferred under clause 6.5 Melius Cyber will:

12.6.1.      be entitled to payment by Customer for all work done up to such deferment cancellation or suspension (including payment of the Annual Fees); and

12.6.2.      where able redeploy such staff but in the event the days cannot be re-assigned Melius Cyber may charge for these. The rates chargeable for cancellation or deferment where there is: (I) less than 48 hours’ notice is 100% per day; (ii) less than 7 days’ notice is 75% per day; and (iii) more than 7 days’ notice is 50% per day; together with any expenses already incurred or non-refundable e.g. train or air fares.

12.7.       Melius Cyber may modify its fees and Charges in line with the then current prices of Melius Cyber and its suppliers, as follows:

12.7.1.      except for third party costs, the percentage increase shall not exceed the percentage increase (if any) of the United Kingdom rate of the retail prices index as published by the Office for National Statistics from time to time but not more than once per year, or as otherwise agreed in the signed Contract; and

12.7.2.      in respect of third-party costs over which Melius Cyber has no control (for example Microsoft licensing charges) the percentage increase shall match the increase applied by the third party.

12.8.       Melius Cyber may increase the charges at any time to take into account third party costs, over which Melius Cyber has no control (for example, energy and Microsoft licensing charges) and apply the increase to the charges to match the increase applied by such third party, in respect of that element of the charges. Melius Cyber may not apply such increase retrospectively and will not pass on such increase to Customer where the increase is less than 5% of the third party element. On request Melius Cyber shall provide evidence of such increase applied by the third party.

12.9.       Unless specifically shown as inclusive of expenses in the Contract, all prices referred to in this Contract are exclusive of transport, travel, subsistence or out of pocket expenses incurred by Melius Cyber in carrying out the Services. Such reasonable expenses will be charged to Customer in accordance with Melius Cyber’s expenses policy.

12.10.    Where the Customer requires a purchase order to be raised in order to facilitate payment of invoices, the Customer agrees to raise such purchase order in a timely fashion so as not to delay payment of Melius Cyber invoices in accordance with this clause 14.9. Notwithstanding this, the Customer agrees that any failure to raise a purchase order does not prevent Melius Cyber from raising invoices and any delay or lack of a purchase order does not relieve the Customer from paying valid invoices.

12.11.    Melius Cyber reserves the right (in addition to any other remedies which may be available to it) to charge an administrative fee on overdue amounts on a daily basis from the original due date at the uncompounded rate of Bank of England base rate plus 8.00%, calculated daily on the total outstanding amount inclusive of VAT, the Customer agrees that such administrative fee is a genuine pre-estimate of the cost and loss suffered by Melius Cyber for late payment of invoices.

13.           Termination

13.1.       Either party may, without prejudice to any other remedies it may have, terminate this Contract forthwith at any time by giving notice in writing to the other party:

13.1.1.      if the other party commits any material breach of this Contract provided that if the breach is remediable then the notice of termination shall not be effective unless the party in breach fails within thirty (30) days of the date of such notice to remedy the breach complained of; or

13.1.2.      if one party suffers for a period of 30 consecutive days or more a force majeure event described in clause 18.2; or

13.1.3.      if the other party ceases to carry on business or a substantial part thereof, commits an act of bankruptcy or is adjudicated bankrupt or enters into liquidation whether compulsory or voluntary other than for the purposes of amalgamation or reconstruction or compounds with its creditors generally or has a receiver or manager appointed over all or any part of its assets or suffers execution or distress or takes or suffers any similar action in consequence of debt or becomes unable to pay its debts as they fall due or other similar event.

13.1.4.      Melius Cyber reserves the right to withdraw from Security Testing without notice if, in its reasonable opinion, information required for satisfactory completion of the Security Testing and requested by Melius Cyber in writing is either not provided or, if provided, is inaccurate or inadequate. The Customer shall be liable for any fees and expenses for services delivered which are incurred up to and including the date of withdrawal.

13.2.       If the Customer fails to pay any payment which is payable under this Contract by the due date and Melius Cyber serves notice of this fact on the Customer, and the Customer fails to pay same within a further 14 days after such notice, then Melius Cyber shall be entitled to terminate this Contract by further notice given at any time after the expiry of such 14 day period.

13.3.       On expiry or termination of this Contract, Melius Cyber shall cease to be obliged to provide the SaaS Service under this Contract.

13.4.       On expiry or termination of this Contract the right to use the SaaS Service including the Software and Documentation granted under this Contract shall cease and the Customer shall not use the SaaS Service.

13.5.       On termination each party shall return and make no further use of the Software or Documentation.

13.6.       On termination of the SaaS Service, for any reason other than a valid termination of this Contract by Melius under clause 15.1, Melius Cyber will, if requested before or within 7 days after such termination, for an additional charge, provide services to assist the Customer to migrate to a replacement, service including assisting in the transfer of any Customer data held by Melius Cyber.

13.7.       Termination of this Contract shall not affect any accrued liabilities, rights, obligations or liability of the parties as at the date of termination, or arising as a result of termination.

13.8.       The accrued rights and remedies of the parties as at termination shall not be affected by clauses which expressly or by implication have effect after termination shall continue in full force and effect.

14.           Limits of Liability

14.1.       Neither party excludes or limits liability to the other party for:

14.1.1.      any breach of any obligations implied by section 12 of the Sale of Goods Act 1979; or 16.3 fraud or fraudulent misrepresentation.

14.2.       Each party's liability to the other in respect of any loss of, or damage to, physical property of the other whether in contract, or otherwise arising from, or in connection with, this Contract shall be limited to £1,000,000 in aggregate.

14.3.       Notwithstanding anything to the contrary in this Contract, but subject to clause 16.1 neither Melius Cyber nor the Customer shall be liable to the other for any of the following (whether or not the party being claimed against was advised of, or knew of, the possibility of such losses) whether arising from negligence, breach of contract or otherwise:

14.3.1.      loss of profits, loss of business, loss of revenue, loss of contract, loss of goodwill, loss of anticipated earnings or savings (whether any of the foregoing are direct, indirect or consequential loss or damage); or

14.3.2.      loss of use or value of any data or equipment including software, wasted management, operation or other time (whether any of the foregoing are direct, indirect or consequential); or

14.3.3.      any indirect, special or consequential loss or damage; or

14.3.4.      the poor performance, or lack of connectivity, or lack of availability of the Internet or telecommunications or hardware;

14.3.5.      is loss or damage to the other party's or any third party’s data or records; however arising.

14.4.       Nothing in this clause excludes or limits the liability of either Party for fraudulent misrepresentation or for death or personal injury caused by a Party’s negligence. Save as aforesaid the following provisions set out the entire financial liability of a Party (including any liability for the acts or omissions of its employees, agents and subcontractors) to the other Party, its Third-Party Information Service Providers and its Third-Party Information Stakeholders.

14.5.       Melius Cyber shall not be liable for any loss, damage, costs, expenses or other claims for compensation arising from any material or instruction supplied by the Customer which are incomplete, incorrect, inaccurate, illegible or defective in any other way.

14.6.       A Party shall not be liable for any loss or damage caused to the other Party (or Third Party Information Service Providers or Third Party Information Stakeholders) either jointly or severally except to the extent that such loss or damage is caused by the negligent acts or omissions of or a breach of any contractual duty by a Party, its employees, agents or subcontractors in performing its obligations under the Agreement. A Party’s total liability in respect of all claims arising under or by virtue of this Contract or in connection with the performance of this Contract shall be limited to 3 times the sum equal to fees payable to Melius Cyber for the provision of the contract.

14.7.       Neither Party shall not be liable to the other Party (or Third Party Information Service Providers or its Third Party Information Stakeholders) for any indirect or consequential loss or damage whether for loss of profit, loss of business, depletion of goodwill or otherwise whatsoever or howsoever caused which arise out of or in connection with this Contract even if such loss was reasonably foreseeable or a Party had been advised of the possibility of incurring the same by the other Party Third Party Information Service Providers or Third Party Information Stakeholders or any third party.

14.8.       The Charges have been set by Melius Cyber on the basis of the exclusions and restrictions of liability in this clause 16.8 and would be higher without those provisions.

15.           Corruption

15.1.       Both parties agree to act in accordance with current UK ant-bribery and corruption legislation.  Any breach of such legislation shall give rise to termination provisions previously detailed in Clause 15.

16.           Statutory and Other Regulations

16.1.       Nothing in this Contract is intended to, or shall be deemed to, constitute a partnership or joint venture of any kind between any of the parties, nor constitute any party the agent of another party for any purpose. No party shall have authority to act as agent for, or to bind, the other party in any way.

16.2.       Neither party will be liable to the other for any failure or delay or for the consequences of any failure or delay in performance of this Contract, excluding Customer’s obligation to pay the Charges, if it is due to a force majeure event: any event beyond the reasonable control of a party to this Contract including, without limitation, acts of God, war, industrial disputes, pandemic, protests, fire, flood, storm, tempest, explosion, an act of terrorism, strikes, lock-outs and other industrial disputes, breakdown of systems or network access and national emergencies. The party subject to such event shall, as soon as practicable, give notice of the event to the other party, such notice to include a reasonable forecast of the duration of the force majeure event. If such delay or failure continues for at least 30 days, either party shall be entitled to terminate this Contract in accordance with clause 15.1.2.

16.3.       All disputes arising out of or under this Contract that are not resolved by the Customer’s contract manager and shall be escalated internally by both parties for resolution.  If the parties fail to settle the dispute within 30 days of the third level escalation, or such longer period as the parties may agree, the dispute may be referred to the English courts. Subject to clause 15.4, this Contract and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims), shall be governed by and construed in accordance with English law and the parties irrevocably submit to the exclusive jurisdiction of the courts of England.

17.           Exclusion of Third-Party Rights

17.1.       A person who is not a party to this Contract shall not have any rights under the Contract (Rights of Third Parties) Act 1999 to enforce any term of this Contract.


Legacy Terms & Conditions

If you signed up as a customer between 1st August 2022 & 1st May 2023 please click here for a copy of your Ts&Cs

If you signed up as a customer on or before 31st July 2022 please click here for a copy of your Ts&Cs


  • Newcastle office: 0191 249 3003
  • London office: 0203 793 9679