This NetApp Ransomware Recovery Guarantee is governed by the terms and conditions set forth below including Rider A which applies to Keystone Storage as a Service only (“Terms and Conditions”).
“Customer” means a NetApp Customer purchasing, for their own use, an Eligible Array from NetApp or a NetApp authorized reseller.
“Documentation” means NetApp-supplied technical documentation describing the features, functions and operation of the associated products.
“Eligible Array” means a single HA Pair running on new FAS, AFF A- Series, AFF C-Series, ASA A-Series or ASA C-Series running ONTAP based storage array system, with ONTAP One, identified in the related Order Documentation and is configured with validated SnapLock Compliance Volumes for storing Qualifying Workloads. Eligible Arrays do not include Customer’s existing systems or arrays.
“Guarantee Program” means the NetApp Ransomware Recovery Guarantee described in these Terms and Conditions.
“HA Pair” means two identical storage controllers that are configured to serve data independently during normal operation, and in the event of an individual controller failure provide high availability by transferring data processes from the failed storage controller to the surviving controller.
“NetApp Professional Services” means NetApp’s consulting, installation, managed services, implementation and other services that are not Support Services, to be provided by or on behalf of NetApp and governed by NetApp Professional Services Terms and as further described in the relevant engagement document.
“Order Documentation” means the applicable NetApp price quotation (and the engagement document, if required for the purchase of NetApp Professional Services), corresponding Purchase Order and the associated Documentation for the products or Services purchased or licensed under these Terms and Conditions.
“Purchase Order” means an electronic order provided to NetApp consistent with these Terms and the corresponding price quotation for the purchase of Eligible Array and Services.
“Ransomware” means software designed to, without authorization, prevent or disable access to data.
“Ransomware Incident” means any incident involving Ransomware and where a monetary or equivalent fee is required to be paid or other action is required to be taken by Customer in order to access data on an Eligible Array.
“Qualifying Workloads” means Network Attached Storage (NAS) Snapshots stored in NetApp Professional Services validated SnapLock Compliance Volumes or Snapshots which contain logical unit numbers (LUNs) stored in NetApp Professional Services validated SnapLock Compliance Volumes replicated via SnapMirror Vault. For avoidance of doubt, Qualifying Workloads do not include active data stored in NAS workloads, S3, and any Storage Area Network (SAN) protocol such as Internet Small Computer Systems Interface (iSCSI) or Fibre Channel (FC) or direct LUN support.
“Recover” or “Recovery” refers to the recovery of qualified Snapshots from SnapLock Compliance Volumes on an Eligible Array starting from the most recent SnapLock Compliance Volume replicated immediately preceding the time of Ransomware Incident. Recovery does not guarantee that data within the Snapshot may not be corrupted or encrypted prior to being vaulted to a SnapLock Compliance Volume.
“Services” means NetApp’s Support Services and/or NetApp Professional Services.
“Snapshot” means a point-in-time copy of a defined collection of data. For the purposes of this Guarantee, Snapshots stored in SnapLock Compliance Volumes must only contain Qualifying Workloads.
“SnapLock Compliance Volume(s)” means a Snapshot copy that has been locked to provide protection from Ransomware Incidents using the SnapLock Compliance clock feature. When a Snapshot is locked, the volume expiry time is set to the expiry time of the Snapshot copy. If more than one Snapshot copy is locked, the volume expiry time reflects the longest expiry time among all Snapshot copies.
“Support Services” means NetApp’s generally available technical support and maintenance services for the products that are subject to this Guarantee to be provided by or on behalf of NetApp.
In the event of a Ransomware Incident, NetApp guarantees during the Guarantee Term that Customer and/or NetApp will be able to Recover Snapshots stored in a SnapLock Compliance Volume on the Eligible Array(s) (the “Guarantee”). The requirements below must be met during the Guarantee Term and are subject to these Terms and Conditions set forth herein. The Guarantee process will be initiated by Customer’s notification to NetApp of a Ransomware Incident which will trigger the activities for Recovery listed in the engagement document, which may require signature. The Guarantee is not a commitment by NetApp that Customer will experience zero data loss. The Recovery completion time depends on the complexity of the request.
The guarantee term (“Guarantee Term”) begins on the date NetApp Professional Services notifies Customer that successful validation of a SnapLock Compliance Volume on the Eligible Array has been completed (“Validation Notification Date”). The Guarantee Term will end twelve (12) months from the Validation Notification Date. Prior to the commencement of the NetApp Professional Services the Customer may request for the Guarantee to match the support term of the Customer’s NetApp Support Services Agreement of the Eligible Array (“Matching Support Term”). However, during the Matching Support Term each coverage year will require a NetApp Professional Services engagement to confirm a new validation of the Eligible Array (“New Guarantee Term”). The New Guarantee Term will begin from the new Validation Notification Date. The Customer may choose to renew either on a single Guarantee Term or additional Matching Support Term subject to validation process above.
The following are exceptions and situations not covered by the Guarantee:
Any of the following causes the Guarantee to be void:
Subject to these Terms and Conditions, and as a prerequisite to making a claim under this Guarantee the following steps must have taken place prior to raising a claim under the Guarantee Program:
Upon completion of the steps above Customer must submit a claim in writing to NetApp within seven (7) days from Unsuccessful Close of the Ransomware Incident at ng-RRG-Claim@netapp.com. Any claim submitted after the Guarantee Term is expired or terminated is not covered by the Guarantee, unless Customer has already created a ticket in accordance with section a) above with NetApp Professional Services, informing NetApp of Ransomware Incident prior to the end of the Guarantee Term. If a Ransomware Incident continues to cause issues with prevention or disabling of access to data, all such recurring issues are deemed to have the same event time as the first occurrence of such Ransomware Incident.
Customer must make the Eligible Array available for audit by NetApp at the time of the claim. Determination of whether the Eligible Array fulfils the Requirements of the Guarantee will be made solely in accordance with an assessment performed by NetApp. If no claim is submitted during the Guarantee Term, then the Guarantee is deemed to have been met.
If NetApp determines that a SnapLock Compliance Volume on an Eligible Array has failed to meet the Guarantee, then NetApp will, in its sole discretion, provide payment to Customer based on the type and capacity of the affected Eligible Array. The failure of NetApp and Customer to successfully Recover from the SnapLock Compliance Volume will have no bearing on the successful completion of the Ransomware engagement and will not result in additional remedies.
The payment amounts for a claim will be presented to Customer upon commencement of the Guarantee Program from the NetApp representative. Such payment is Customer’s sole and exclusive remedy for a failure of Guarantee under these Terms and Conditions. Customer is limited to one claim request per Eligible Array during the Guarantee Term.
Except as expressly set forth in the remedies section of these terms and conditions of this guarantee, in no event will NetApp or its suppliers be liable (under any theory of liability, whether in contract, statute, tort or otherwise) for any lost profits, lost business opportunities, business interruption, or indirect, special, incidental, consequential, punitive, or exemplary damages arising out of or related to this guarantee, even if such party has been advised of the possibility of such damages or losses, or such damages or losses were reasonably foreseeable; and in no event shall NetApp have liability for more than one ransomware incident per eligible array per customer and NetApp’s total liability under the guarantee for such ransomware incident will not under any circumstances exceed five million dollars ($5,000,000). Multiple claims or Ransomware Incidents shall not expand the limitation specified in the foregoing sentence. If the limitation of liability in this Section is determined to be invalid under applicable law, this Guarantee shall be deemed null and void.
General. This Guarantee is exclusively governed by these Terms and Conditions and is void where prohibited or restricted by law. Unless otherwise restricted by law, these Terms and Conditions will be construed pursuant to the governing law as set forth in (a) Customer’s separate written agreement with NetApp that governs Customer’s purchase of the Eligible Array and Services, or (b) in the absence of such agreement, or if the Customer is purchasing the Eligible Array from a NetApp reseller, the applicable terms of sale on NetApp’s How to Buy site at www.netapp.com/how-to-buy/sales-terms-and-conditions/ that apply to Customer’s purchase of the Eligible Array. In the event of any conflict between these Terms and Conditions and the terms referenced in (a) or (b) above, as applicable, these Terms and Conditions will prevail with respect to this Guarantee Program. All other terms and conditions in the terms referenced in (a) or (b) above that are not expressly modified by this Guarantee Program remain in full force and effect. NetApp reserves the right to change the terms and conditions of this Guarantee and the Guarantee Program, or modify or terminate the Guarantee and the Guarantee Program, at any time without notice and without recourse to the Customer.
Third Party Beneficiaries. These Terms and Conditions are not intended to and shall not be construed to give any third party any interest or rights (including, without limitation, any third party beneficiary rights) with respect to or in connection with any agreement or provision contained herein or contemplated hereby. For the avoidance of doubt, only the Customer has the right to enforce these Terms and Conditions or pursue claims relating to it against NetApp.
No Insurance. This Guarantee is not intended to constitute an offer to insure, does not constitute insurance or an insurance contract, and does not take the place of insurance obtained or obtainable by the Customer. Any fees paid by Customer in connection with the Eligible Array are solely for the use of such Eligible Array and are not to be construed as an insurance premium.
This Rider A provides additional terms and conditions in order to expand the application of the NetApp Ransomware Guarantee to certain qualified Keystone STaaS customers and Keystone STaaS orders. In the event of a conflict between this Rider A and any of the terms and conditions set forth above, this Rider A shall prevail,
“Customer” as defined above means a NetApp Customer purchasing Keystone STaaS from NetApp or a NetApp authorized reseller.
“Order Documentation” and Purchase Order” as defined above refer to the applicable Keystone STaaS order
“NetApp’s Support Services” as described above refer to the services described in the applicable Keystone STaaS Service Description.
“Matching Support Term” as defined above means the applicable Keystone STaaS Subscription Term.
In sub-sections (a) and (b) of the General section set forth above, references to Customer purchases of Eligible Arrays shall refer to Customer purchase of Keystone STaaS.