Terms and Conditions
1. Introduction
These Terms and Conditions (“Terms”) constitute a legally binding agreement between NRD Services (“NRD,” “we,” “us,” or “our”) and any individual or entity (“Client,” “you,” or “your”) that accesses or uses NRD’s websites, platforms, tools, deliverables, or professional services (collectively, the “Services”). By accessing or using the Services, you affirm that you have read, understand, and agree to be bound by these Terms. If you do not accept these Terms, you must discontinue all use of the Services immediately.
NRD reserves the right to revise, update, or replace these Terms at its sole discretion. Updates become effective upon posting, unless otherwise required by law. Your continued use of the Services constitutes acceptance of the revised Terms.
2. Company Overview
NRD provides governance, risk, and compliance (GRC) advisory services, including compliance program implementation, operations management, internal controls advisory, cybersecurity readiness, and audit preparation under frameworks such as SOC 1, SOC 2, ISO 27001, NIST, FedRAMP, SOX, PCI, GDPR, HIPAA, and other applicable standards.
3. Permitted Use of Website and Digital Platforms
You agree to use NRD’s websites, portals, and digital environments solely for authorized and lawful business purposes. Prohibited conduct includes, but is not limited to: – Unauthorized access, probing, or testing of NRD systems, networks, or infrastructure. – Interference with system performance or introducing malicious code, exploits, or automation tools. – Misappropriating, repurposing, or disseminating NRD’s proprietary materials. – Conduct intended to circumvent security, authentication, or intellectual property protections. – Creating derivative tools, datasets, models, or reports based on NRD content without written permission.
NRD may audit or monitor access for compliance, security, and operational integrity.
4. Intellectual Property Rights
All methodologies, templates, written reports, analyses, digital assets, frameworks, training materials, documentation, and other proprietary content supplied by NRD (the “NRD Materials”) remain the exclusive property of NRD or its licensors.
Except where expressly authorized: – You may not replicate, distribute, alter, or publicly disclose NRD Materials. – You may not use NRD trade names, trademarks, or other branding without written approval. – All rights not expressly granted herein are reserved.
5. Professional Services, Deliverables, and Restrictions
All Services are governed by applicable Statements of Work (“SOWs”), Master Service Agreements (“MSAs”), or engagement contracts.
Unless explicitly stated otherwise: – Deliverables are provided solely for internal Client use and cannot be shared externally without NRD’s written consent. – NRD does not accept responsibility for the Client’s implementation, maintenance, or operationalization of controls. – NRD does not serve as a legal advisor, auditor, or certification body and does not warrant regulatory acceptance or pass/fail outcomes.
The Client agrees to provide accurate information, timely access, and personnel required for NRD to perform Services.
6. Fees, Invoicing, Taxes, and Payment Policies
All fees must be paid as defined in the governing agreement. NRD may: – Assess administrative fees for overdue invoices. – Suspend Services for nonpayment. – Adjust pricing due to changes in scope, regulatory requirements, or business conditions.
Clients are responsible for all applicable taxes, exclusive of NRD’s income tax.
7. Confidentiality Obligations
Both parties agree to maintain strict confidentiality of all proprietary, sensitive, or nonpublic information disclosed during engagements.
Exceptions include: – Legal or regulatory obligations requiring disclosure. – Disclosures to subcontractors or service providers under equivalent confidentiality obligations.
Confidentiality requirements survive termination indefinitely.
8. Data Processing and Data Protection (Sector‐Specific)
To the extent NRD processes personal data on behalf of the Client: – NRD acts as a data processor and the Client acts as the data controller, unless contractually altered. – NRD will implement appropriate administrative, technical, and organizational safeguards consistent with industry best practices. – NRD will process data only per Client instructions. – NRD may engage vetted subprocessors bound to equal or stricter data protection obligations.
Clients remain responsible for: – Determining lawful bases for processing. – Maintaining end‐user disclosures, consents, and compliance obligations.
9. Cybersecurity and Security Safeguards (Sector‐Specific)
NRD will maintain commercially reasonable security measures aligned with industry standards, including but not limited to: – Access controls, least‐privilege principles, and secure authentication. – Encryption of data in transit and at rest where technically feasible. – Network segmentation, monitoring, and threat detection. – Vendor security due diligence and ongoing oversight.
NRD does not guarantee immunity from cyberattacks, data breaches, or unauthorized access.
10. Subcontractors and Third‐Party Service Providers (Sector‐Specific)
NRD may use subcontractors, consultants, or third‐party providers to support delivery of Services. NRD: – Ensures subcontractors are contractually bound by confidentiality, data protection, and security obligations. – Retains responsibility for subcontractor performance.
Clients may not restrict NRD’s use of qualified subcontractors unless explicitly negotiated.
11. Limitation of Liability
To the fullest extent permitted by law: – NRD shall not be liable for indirect, incidental, consequential, special, exemplary, punitive, or enhanced damages, including lost revenue, lost data, downtime, reputational harm, or business interruption. – NRD’s total aggregate liability for all claims shall not exceed the total fees paid by the Client for the specific Services giving rise to the claim. – NRD shall not be responsible for decisions made by the Client or third parties based on NRD deliverables or recommendations.
These limitations apply regardless of legal theory and even if NRD was advised of potential harm.
12. Warranties and Disclaimers
The Services and NRD Materials are provided “AS IS” and “AS AVAILABLE.” NRD disclaims all warranties, whether express, implied, statutory, or otherwise, including warranties of: – Merchantability – Fitness for a particular purpose – Non‐infringement – Accuracy, completeness, or suitability for regulatory compliance
NRD makes no representation regarding audit outcomes, certification results, or third‐party approval processes.
13. Third‐Party Platforms, Tools, and Integrations
NRD may reference or integrate with third‐party applications, vendors, or content. NRD is not responsible for: – Availability, accuracy, or security of third‐party platforms. – Losses or damages arising from third‐party use. – Terms or policies governing third‐party systems.
Use of third‐party platforms is subject to separate third‐party agreements.
14. Privacy and Data Handling
NRD will manage personal information consistent with its Privacy Policy and applicable engagement terms.
Client responsibilities include: – Ensuring lawful collection of any personal information shared with NRD. – Maintaining compliance with sector‐specific laws (e.g., GDPR, HIPAA, GLBA, CCPA).
15. Termination and Suspension
NRD may suspend or terminate Services for: – Breach of these Terms or applicable agreements. – Nonpayment. – Security concerns, suspected misconduct, or unlawful activity.
Upon termination, all licenses granted to the Client cease immediately, and all outstanding payment or confidentiality obligations survive.
16. Indemnification
You agree to indemnify, defend, and hold harmless NRD and its affiliates, directors, officers, employees, and subcontractors from any claim, liability, loss, or expense arising out of: – Your misuse of the Services or NRD Materials. – Your violation of law or third‐party rights. – Your breach of these Terms.
NRD may assume exclusive control over the defense of any indemnified claim.
17. Governing Law and Dispute Resolution
These Terms are governed by the laws of the State of [Insert State of Incorporation], excluding
conflict‐of‐law principles.
Disputes shall be resolved as follows: 1. Good‐faith informal negotiations. 2. Formal mediation. 3. Binding arbitration administered by a recognized arbitration body.
Litigation is permitted only where arbitration is legally unavailable.
18. Sector‐Specific Compliance Clauses (Optional, Insert as Needed)
Clients in regulated sectors (e.g., finance, healthcare, government, defense, or critical infrastructure) acknowledge that: – NRD is not responsible for regulatory filings, mandatory reporting, or statutory obligations. – NRD does not act as a Business Associate unless expressly agreed under a HIPAA BAA. – NRD does not act as a PCI QSA, FedRAMP 3PAO, or accredited audit body unless contractually stated.
19. Force Majeure
NRD is not liable for delays or failure to perform due to events beyond reasonable control, including natural disasters, labor disputes, cyberattacks, outages, governmental actions, or other unforeseeable events.