Terms & Conditions
| 1. | Customers who subscribe to the TrustCSI™ MSS and TrustCSI™ IAS contract with a minimum value of Monthly Recurring Charge (MRC) HKD 20,000 are eligible for a complimentary one-time Incident Response (IR) service during the first year. |
| 2. | The TrustCSI™ IAS offer includes a one-time black-box vulnerability scanning service and penetration testing service. This service is applicable to infrastructures with a maximum of 50 hosts or websites with a single URL. |
| 3. | This offer is exclusively applicable to the TrustCSI™ IAS Service located in Hong Kong and cannot be combined with other prevailing offers. |
| 4. | The TrustCSI™ IAS service includes one man-day of on-site or remote vulnerability scanning & penetration testing. Service time from Monday to Friday, 0900-1800 HKT, excluding public holidays. |
| 5. | CITIC Telecom CPC bears no responsibility for any system failures, hardware or software issues, network device malfunctions, server problems, application errors, or data loss experienced by the customer during or after the service period. The customer is solely responsible for any related financial losses. |
| 6. | The Service Commencement Date for TrustCSI™ MSS Service(s) is determined by the earlier of the following: (i) the date on which CPC notifies the customer that the first log from the Monitored Device(s) has been received by the Monitoring Platform, which will apply to all other Monitored Device(s) covered by the agreement, regardless of the actual date of log receipt; or (ii) five (5) working days after CPC informs the customer that the installation of the TrustCSI™ MSS Local Appliance (if applicable) has been completed. |
| 7. | The customer is responsible for properly configuring the Monitored Device(s) to enable the Monitoring Platform to receive logs from them. |
| 8. | The customer must promptly notify CPC of any Monitored Device(s) failure or maintenance activities to ensure the proper provision of TrustCSI™ MSS Service(s). CPC will not be held liable for any interruption in the TrustCSI™ MSS Service if the customer fails to provide timely notification as stated in this clause. |
| 9. | The customer must promptly inform CPC of any changes to the Customer Environment, Monitored Device(s), or changes in the nomination and authorization of personnel involved in the performance of TrustCSI™ MSS Service(s). CPC will not be held liable for any interruption in the TrustCSI™ MSS Service if the customer fails to inform CPC of these activities as stated in this clause. |
| 10. | The customer acknowledges that modifications to the Monitored Device(s) or the Customer Environment may cause interoperability issues or malfunctions. The customer agrees that it is their responsibility, at their own expense, to maintain the Customer Environment to ensure interoperability with the Monitored Device(s) and the availability and accessibility of the services. |
| 11. | CPC is not obligated to provide TrustCSI™ MSS Service(s) for Monitored Device(s) that: a) have been subjected to unusual physical or electrical stress or misuse; b) have been modified, merged, relocated, repaired, or serviced by a party other than CPC without prior written consent; c) are "end-of-life" or obsolete, or run unsupported versions of operating systems or application software; or d) have configuration or interoperability issues with the Hardware and/or TrustCSI™ MSS Local Appliance. |
| 12. | This complimentary one-time TrustCSI™ Incident Response (IR) service offer during the first year is exclusively designed for customers in the Asia Pacific region with an annual revenue of less than USD 50 million. Customers exceeding this annual revenue threshold will undergo a separate evaluation by our sales team, and there may be associated costs involved for the IR service. |
| 13. | Customers must have never subscribed to CPC's Incident Response Service to enjoy the free Incident Response Service. Customers subscribed Incident Response (IR) with CPC before will undergo a separate evaluation by our sales team, and there may be associated costs involved for the IR service. |
| 14. | A cyber incident is defined as an event involving Basic Web Application Attacks, System Intrusion, Business Email Compromise, Malware, or Ransomware. If the incident falls outside of these predefined categories, our sales team will evaluate the customer's specific requirements and offer a customized solution. Please note that depending on the nature of the incident and the required solution, there may be associated costs for the service. |
| 15. | Upon receiving a customer's Incident Response activation request, CPC will activate our responders to immediately investigate the suspected incident. Regardless of whether the investigation confirms the incident's eligibility for TrustCSI™ IR services, the TrustCSI™ IR service credit will be redeemed. CPC will determine whether on-site support (limited to HK region) or remote support (for HK region and other regions in Asia Pacific) is appropriate based on the specific circumstances. |
| 16. | The TrustCSI™ IR service includes a final report that contains recommendations for further remediation actions and long-term security improvements. |
| 17. | There is no guarantee that CPC's TrustCSI™ IR service will fully recover the customer from cyber-attacks. |
| 18. | The price stated is in Hong Kong dollars. |
| 19. | This offer is valid until December 31, 2023, on a first-come, first-served basis. |
| 20. | CITIC Telecom CPC reserves the right to terminate, suspend, or withdraw the promotion offer and to change the terms and conditions of the promotion offer at any time without prior notice. |
| 21. | In the event of any disputes, CITIC Telecom CPC reserves the right to make the final determination, which shall be conclusive and binding on the subscriber. |