Cybersecurity

Schneider Electric warrants that software products delivered to customer will perform in substantial conformance to the program specifications. In the event of any warranty covered defects or deficiencies in software products, the sole and exclusive obligation of Schneider Electric shall be to repair or replace, or provide an update to the software to correct the non-conformance or replace the software with the latest available version containing a correction. The foregoing warranty coverage is contingent on customer providing prompt notification to Schneider Electric once such defect or deficiency is reasonably apparent to customer. The above warranty shall not apply (a) to products or software not manufactured by Schneider Electric, (b) to products, software or services that has been repaired or altered by anyone other than Schneider Electric so as, in Schneider Electric’s judgment, affects the same adversely, (d) Schneider Electric’s conformance with customer’s design of the products, software, or services; or (e) to products, software or services that appear to be subjected to negligence, accident, or damage by circumstances beyond Schneider Electric’s control, or improper any non- Schneider Electric operation, maintenance or storage, or to other than normal use or service.

Customer is solely responsible for the implementation and maintenance of a comprehensive security program (“Security Program”) that contains reasonable and appropriate security measures and safeguards to protect its computer network, systems, machines, and data (collectively, “Systems”), including those Systems on which it runs the Products or which it uses with the Services, against Cyber Threats. “Cyber Threat” means any circumstance or event with the potential to adversely impact, compromise, damage, or disrupt customer’s Systems or that may result in any unauthorized access, acquisition, loss, misuse, destruction, disclosure, and/or modification of Customer’s Systems, including any data, including through malware, hacking, or similar attacks.

Without limiting the foregoing, Customer shall at a minimum:
(a) have qualified and experienced personnel with appropriate expertise in cybersecurity maintain customer’s Security Program, and have such personnel regularly monitor cyber intelligence feeds and security advisories applicable to ’s customer Systems or customer’s industry;
(b) promptly update or patch its Systems or implement other appropriate measures based on any reported Cyber Threats and in compliance with any security notifications or bulletins, whether publicly disclosed on Schneider Electric’s security notification webpage at https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp or otherwise provided to customer;
(c) regularly monitor its Systems for possible Cyber Threats;
(d) regularly conduct vulnerability scanning, penetration testing, intrusion scanning, and other cybersecurity testing on its Systems; and
(e) meet the recommendations of Schneider Electric’s Recommended Cybersecurity Best Practices, available at https://www.se.com/us/en/download/document/7EN52-0390/, as may be updated by Schneider Electric from time to time, and then-current industry standards.

Customer’s Use of the Products, Software, and Services:  Schneider Electric may release Updates and Patches for its Products, Software, and Services from time to time. Customer shall promptly install any Updates and Patches for such Products, Software, or Services as soon as they are available in accordance with Schneider Electric’s installation instructions and using the latest version of the Products or Software, where applicable. An "Update" means any software that contains a correction of errors in a Product, Software, or Service and/or minor enhancements or improvements for a Product, Software, or Service, but does not contain significant new features. A “Patch” is an Update that fixes a vulnerability in a Product, Software, or Service. Customer understands that failing to promptly and properly install Updates or Patches for the Products, Software, or Services may result in the Products, Software, or Services or Purchaser’s Systems becoming vulnerable to certain Cyber Threats or result in impaired functionality, and Schneider Electric shall not be liable or responsible for any losses or damages that may result.

If customer identifies or otherwise becomes aware of any vulnerabilities or other Cyber Threats relating to the Products, Software, or Services for which Schneider Electric has not released a Patch, customer shall promptly notify Supplier of such vulnerability or other Cyber Threat(s) via Schneider Electric report a Vulnerability page (https://www.se.com/ww/en/work/support/cybersecurity/report-a-vulnerability.jsp#Customers)  and further provide Schneider Electric with any reasonably requested information relating to such vulnerability (collectively, “Feedback”). Schneider Electric shall have a non-exclusive, perpetual and irrevocable right to use, display, reproduce, modify, and distribute the Feedback (including any confidential information or intellectual property contained therein) in whole or part, including to analyze and fix the vulnerability, to create Patches or Updates for its customers, and to otherwise modify its Products, Software, or Services, in any manner without restrictions, and without any obligation of attribution or compensation to customer; provided, however, Schneider Electric shall not publicly disclose customer’s name in connection with such use or the Feedback (unless customer consents otherwise). By submitting Feedback, customer represents and warrants to Schneider Electric that customer has all necessary rights in and to such Feedback and all information it contains, including to grant the rights to Schneider Electric described herein, and that such Feedback does not infringe any proprietary or other rights of third parties or contain any unlawful information.