DeepSeas shall contract with Redpoint Cybersecurity, LLC (“Redpoint Cyber”) to provide professional services (“Services”) as set forth below. The Services will consist of the following:

• Core Incident Response Services
• Containment
• Investigation
• Threat Actor Negotiations
• Recovery

The Incident Response methodology typically consists of the following phases:

1.    TRIAGE – Initial and cursory identification of incident type, variant, timeline, and key indicators of compromise.

2.    DETECTION & ANALYSIS – Deriving from initial findings from incident triaging, Redpoint Cyber enumerates all relevant information and evidence to the security incident.

3.    CONCLUSIVE ANALYSIS – Based on findings observed during the security incident, conclusions based on findings are obtained to communicate the post-incident impact, as well as controls to mitigate information security risk.

4.    DOCUMENTATION – Redpoint Cyber documents findings, conclusions based on findings, and recommendations in a centralized, formal Incident Response report. This document is provided to and reviewed with Client.

5.    FINDINGS PRESENTATION – Redpoint Cyber will conduct a presentation to review the findings, conclusions, and recommendations related to the incident.

Incident Response services provided by Redpoint Cyber can include the following activities:

1.    INCIDENT COMMAND – Redpoint Cyber will command Incident Response activities, including public relations, digital forensics, information technology, legal, and other internal or external activities, where necessary.

2.    INCIDENT COORDINATION – Redpoint Cyber will coordinate both technical and operations resources involved during this Incident Response effort to efficiently and effectively respond to, and recover from the security incident, where necessary.

3.    DIGITAL FORENSICS – Redpoint Cyber will perform digital forensics and analysis to identify the root cause and impact of the security incident, where necessary.

4.    PUBLIC RELATIONS – Redpoint Cyber will, where necessary, advise on public relations and internal communications to mitigate reputational and financial risk resulting from a security incident.

5.    REMEDIATION – Redpoint Cyber will coordinate and advise on best practices to mitigate the risk of the security incident from reoccurring, prevent additional impact from the security incident, and improve Client’s overall information security posture.

The following deliverables may be produced under this SOW:

·       Initial Assessment Report

·       Forensic Imaging Reports

·       Forensic Analysis Report

·       Data Recovery Report

·       Final Out Brief Report

The SOW fees do not include hardware, software licensing, maintenance, or support costs other than what is specifically provided herein.

Customer will provide appropriate working space and physical access for Redpoint Cyber personnel, as reasonably required by Redpoint Cyber.

Key individuals within Customer’s organization will be available to help plan and execute the Services.

Final Out Brief Report is scheduled and presented to Customer within 10 business days after the primary investigation is completed.

Changes to the scope of Services must be mutually agreed upon in writing. Incident response activities may require a change order or new SOW.

All Security Software is subject to 3rd party licenses. The use of any Security Software is subject to the terms of service of the 3rd party vendor and any claim arising from the use, installation, implementation or deployment of the Security Software is subject to the terms of service of such Security Software. The terms of services can be found on the vendor’s public website or can be provided upon request by Customer. Upon completion of the engagement, any Security Software installed during the project will be uninstalled from the Customer's systems within 15 days.

Service Level Agreement (SLA): Redpoint Cyber shall acknowledge and respond to any reported incident within four (4) hours of receipt of notification. Redpoint Cyber further agrees to commence remedial action without undue delay and exercise commercially reasonable efforts to resolve the incident.