Special Terms and Conditions

Last update: 2023-11-06

CyberUpgrade’s Special Terms and Conditions Version 1.0.

1. Onboarding services

CyberUpgrade may offer onboarding services for an additional fee. The prices for such services are decided on a case-by-case basis and are calculated based on an hourly rate. The details for such services are agreed between the CyberUpgrade and Client and are defined in the OF. CyberUpgrade may offer discounts at its own discretion. 

2. Consultancy services

CyberUpgrade may offer bespoke legal/technical/compliance consulting services for an additional fee. The price for such services is decided on a case-by-case basis and is calculated based on an hourly rate. The details for such services are agreed between the CyberUpgrade and Client and are defined in the OF. CyberUpgrade may offer discounts at its own discretion. 

3. Cybersecurity consulting services

CyberUpgrade provides automated cybersecurity Services via its Platform. Thereby the Client can (i) assess its cybersecurity posture; (ii) get recommendations on needed actions, cybersecurity tools, etc; (iii) get continuous improvement tasks, and (iv) conduct other tasks to achieve cyber resilience and cybersecurity compliance. Details on how it works are provided in the CyberUpgrade’s communication, and training manuals/materials, which are provided after the Parties sign an agreement. Moreover, instructions on how the Services work may be provided on the Platform. To receive these Services the Client must conduct an assessment within the Platform, perform provided tasks, and provide the proof of completion. Completion of provided tasks is solely the Client’s responsibility. Moreover, CyberUpgrade provides recommendations on cybersecurity tools that must be implemented by the Client. The price of such tools is not included in the monthly Service fee. Moreover, CyberUpgrade may charge a fee for each Client’s user. In order to provide access to the Services the Client must provide (via email) name, surname, email of its employees or other persons that will use the Services.

4. Tech Automated Cybersecurity Consulting Services

CyberUpgrade provides automated cybersecurity consulting services for technology companies. These services include:

A. Evaluation, which assesses:

Organizational Context

  1. Identification of external and internal issues important to the organization.
  2. Assessment of stakeholder needs and expectations.
  3. Scope of the Information Security Management System (ISMS).
  4. Establishment, implementation, maintenance, and improvement of the ISMS.

Management

  1. Ensuring that the information security policy and objectives align with the strategic direction of the organization.
  2. Integration of the ISMS into organizational processes.

Organizational Controls

  1. Defining and approving the information security policy.
  2. Defining and distributing information security roles and responsibilities.
  3. Separating conflicting duties and responsibilities.
  4. Ensuring employees adhere to information security policies.
  5. Establishing relationships with relevant government institutions and special interest groups (as needed).

Human Resource Controls

  1. Conducting employee checks.
  2. Establishing employee and organizational responsibilities for information security in employment contracts.
  3. Developing information security training programs.
  4. Establishing a process for information security policy violations.
  5. Defining responsibilities that remain valid after termination or alteration of employment contracts.

Support

  1. Determining and providing necessary resources for ISMS support.
  2. Ensuring competency of individuals affecting information security effectiveness.
  3. Promoting awareness about information security and its importance.
  4. Establishing needs for internal and external communication related to ISMS.

Protection Against Physical and Environmental Threats

  1. Creating and implementing protection against physical and environmental threats.
  2. Implementing security measures in secure zones.
  3. Establishing “clean desk and screen” rules.
  4. Ensuring equipment is safely placed and protected.
  5. Protecting assets off-site and managing data storage media throughout their lifecycle.
  6. Protecting information processing facilities from power disturbances and other disruptions.
  7. Protecting cables providing electricity and data.
  8. Maintaining equipment to ensure information availability, integrity, and confidentiality.

Technical Controls

  1. Implementing secure authentication technologies and procedures.
  2. Monitoring and adjusting resource usage.
  3. Implementing protection against malware.
  4. Receiving information about technical threats and taking appropriate preventive measures.
  5. Establishing, documenting, implementing, monitoring, and reviewing configurations, including security configurations.
  6. Preparing information deletion processes.
  7. Establishing data masking according to organizational policy.
  8. Establishing data leakage prevention measures.

Preparation (Review) of Documents and Policies:

  1. InfoSec Policy
  2. Cloud Services Policy
  3. Patch Management Policy
  4. Personal Data Breach Policy
  5. Critical Incident Management Policy
  6. Encryption Policy
  7. Data Protection Policy
  8. Data Storage Policy
  9. Access Control Policy
  10. Training Policy
  11. Acceptable Use Policy
  12. Clean Desk and Screen Policy
  13. Backup Policy
  14. Business Continuity Policy
  15. Remote Work Policy
  16. Network Security Management Policy
  17. Monitoring (Logging) Policy
  18. Supply Chain Risk Management Policy
  19. Safe SaaS Usage Policy
  20. Safe Social Media Usage Policy
  21. Resource Management Policy
  22. Change Management Policy
  23. DDoS Policy
  24. Information Classification and Handling Policy
  25. Social Engineering Prevention Policy
  26. Phishing Prevention Policy
  27. Malware and Virus Management Policy
  28. Information Transmission Policy
  29. IN Policy
  30. Secure Development Policy
  31. Continuous Improvement Policy
  32. Disaster Recovery Plan/Policy
  33. Risk Management Policy
  34. Data Management Agreement
  35. Physical Security Policy

B. After the evaluation, CyberUpgrade will provide the client access to the results. The results will be hosted in a secure digital environment (data room) accessible through the CyberUpgrade Platform. 

C. Based on the evaluation results, tasks will be provided to the client to rectify the deficiencies identified during the audit, along with tool recommendations, consultations, etc. 

D. Company documentation (as listed above) will be automatically updated to reflect the actual situation in the organization; vigilance training for employees will be prepared and conducted. 

E. Additional tests, such as assessing the effectiveness of recommended tools and other measures, will be performed if necessary.

F. Monitoring Services. Once the above processes are implemented, monitoring services will be provided to maintain the continuity of the measures implemented in the client’s organization and the application of best practices.

Tech consulting services are typically provided through the CyberUpgrade platform.

5. Platform Services

CyberUpgrade may offer its Platform as a service. In this way, the Client on the Platform can (i) submit information about the current cyber security situation; (ii) receive recommendations for cyber security continuity; (iii) receive continuous improvement tasks, reminders about periodic work; (iv) receive periodic employee vigilance training; and (v) receive a review of cyber security documents. The Platform also serves as an evidence repository function (i.e., It is possible to access the evidence of completed cyber security tasks/actions, document version history), and the CyberUpgrade chatbot performs a communication function (informing Client personnel about changes, providing vigilance training). More detailed information about how the Platform services operate is provided in CyberUpgrade communication and training guides/material, which are provided to the parties upon signing a contract. In addition, instructions on how the Services operate may be provided on the Platform. Only the Client is responsible for the performance of cyber security support tasks. Furthermore, CyberUpgrade may provide recommendations on cyber security measures that the Client must implement. The cost of such measures is not included in the monthly Service fee. Additionally, CyberUpgrade may charge a reasonable fee for each Client user. To provide access to the Services, the Client must specify (by email, or another method convenient to the Parties) the name, surname, and email of their employees or other individuals who will use the Services.