Endpoint Detection & Response Service Endorsement
Last updated: 07‑21‑2025
BY ACCEPTING THIS ENDORSEMENT, EITHER BY INDICATING YOUR ACCEPTANCE, EXECUTING A SALES ORDER THAT REFERENCES THIS ENDORSEMENT, OR RECEIVING OR UTILIZING THE SERVICES DESCRIBED HEREIN, YOU AGREE TO BE BOUND BY THE TERMS OF THIS ENDORSEMENT, SUBJECT TO THE APPLICABLE SERVICE OR MANAGED SERVICE AGREEMENT REFERENCED IN THE SALES ORDER.
1. Scope
This Endpoint Detection & Response Service Endorsement (“Endorsement”) supplements the applicable Managed Service Agreement (“Master Agreement”) between TigerGuard IT, Inc. (“Service Provider”) and the client (“Client”).
This Endorsement governs the provision of endpoint threat detection, monitoring, and response services as described in the applicable Sales Order. In the event of a conflict, the Master Agreement shall control.
2. Description of Endpoint Detection & Response Services
Endpoint Detection & Response (“EDR”) services are designed to enhance endpoint security by monitoring activity, identifying indicators of compromise, and supporting response actions when potential threats are detected.
EDR services may include:
- Continuous monitoring of endpoint activity
- Detection of malicious or suspicious behavior
- Alerting and investigation support
- Containment and remediation actions where applicable
- Collection of endpoint activity data for forensic and security purposes
EDR services provide risk reduction but do not eliminate cybersecurity risk entirely.
3. Covered Devices
Only endpoints explicitly listed in the applicable Sales Order are included in EDR coverage.
Service Provider is not responsible for monitoring, protection, or response activities on devices not covered under the Sales Order.
4. Best‑Efforts Security Disclaimer
Client acknowledges that no security solution can guarantee the prevention of all malware, ransomware, or cyber threats.
EDR services are provided on a best‑efforts basis to reduce risk and improve visibility into security incidents but do not constitute a guarantee against security breaches, data loss, or business interruption.
5. Relationship to Backup and Recovery Services
Client acknowledges that EDR services are not a substitute for data backup or disaster recovery solutions. Backup and recovery services, if required, must be contracted separately under applicable agreements.
6. Access and Data Handling
To deliver EDR services, Service Provider may access endpoint data, alerts, and security telemetry for legitimate service delivery purposes such as investigation, response, and troubleshooting.
Access is limited to authorized personnel and exercised in accordance with applicable agreements and security practices.
7. Third‑Party Security Platforms
EDR services rely on third‑party security software developed and maintained by independent vendors. Service Provider does not own or operate the underlying software platforms.
Availability, detection capabilities, and response features are subject to the limitations and operation of such third‑party technologies.
8. Compliance Responsibilities
Client is responsible for determining whether EDR services meet its regulatory, contractual, or legal compliance obligations, including but not limited to HIPAA, PCI, or industry‑specific security requirements.
Additional agreements may be required for the handling of regulated data.
9. Service Changes
Service Provider may modify EDR providers, service features, or operational components as necessary to maintain effectiveness, security, or operational viability. Reasonable notice will be provided when practicable.
10. Termination
EDR services may be terminated in accordance with the Master Agreement or applicable Sales Order. Upon termination, access to EDR services and related data may be limited or discontinued as defined in the applicable agreement.
11. Limitation of Liability
Client acknowledges that cybersecurity risks cannot be fully eliminated. Service Provider shall not be liable for losses arising from security incidents caused by factors outside its reasonable control, including zero‑day vulnerabilities, client actions, or third‑party software behavior.
12. Amendment
This Endorsement may be modified or amended only by a written document executed by authorized representatives of both parties.