Terms of Service

1. Agreement to Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you and Security Medic Consulting, LLC ("Security Medic," "we," "us," or "our"). By accessing our websites or using our services, you agree to be bound by these Terms.

These Terms apply to all Security Medic services and affiliated brands, including:

• Security Medic (securitymedic.com)
• Hudson Valley CISO (hudsonvalleyciso.com)
• CyberIntelPro (cyberintelpro.com)
• Privacy Medic (privacymedic.com)

If you do not agree to these Terms, please do not use our services.

2. Description of Services

Security Medic provides cybersecurity consulting, assessment, and advisory services to small and medium-sized businesses. Our services include but are not limited to:

• Fractional CISO and security leadership services
• Security assessments and gap analyses
• Compliance consulting (HIPAA, PCI DSS, SOC 2, NYDFS, etc.)
• Risk assessments and management
• Security program development and implementation
• Incident response planning and support
• Privacy compliance consulting
• Security awareness training
• Penetration testing and vulnerability assessments

3. Service Engagements

3.1 Engagement Agreements

Specific services are governed by separate engagement agreements, statements of work (SOW), or service orders that incorporate these Terms by reference. In case of conflict, the specific engagement agreement prevails.

3.2 Professional Services

Our services are advisory and consultative in nature. We provide recommendations, assessments, and guidance based on industry best practices and our professional expertise. Implementation of recommendations is the responsibility of the client.

3.3 Client Responsibilities

Clients agree to:

• Provide accurate and complete information necessary for service delivery
• Grant reasonable access to systems, personnel, and documentation as needed
• Designate authorized contacts for communication
• Review and provide timely feedback on deliverables
• Pay fees as agreed in the engagement terms
• Maintain appropriate security controls and insurance

4. Fees and Payment

Fees for services are specified in individual engagement agreements. Unless otherwise stated:

• Payment is due within 30 days of invoice date
• Late payments may incur interest at 1.5% per month
• All fees are non-refundable unless otherwise specified
• Expenses incurred on behalf of clients are billable at cost plus 10%

5. Intellectual Property

5.1 Our Intellectual Property

All methodologies, frameworks, templates, tools, and materials developed by Security Medic remain our intellectual property. Clients receive a limited, non-exclusive license to use deliverables for their internal business purposes.

5.2 Client Materials

Clients retain ownership of their pre-existing materials and data. Clients grant us a limited license to use such materials solely for providing services.

6. Confidentiality

We maintain strict confidentiality of client information. We will:

• Protect confidential information using reasonable security measures
• Use confidential information only for providing services
• Not disclose confidential information to third parties without consent
• Return or destroy confidential information upon engagement termination

Confidentiality obligations do not apply to information that is publicly available, independently developed, or lawfully obtained from third parties.

7. Disclaimers

7.1 No Guarantee of Security

SECURITY MEDIC DOES NOT GUARANTEE THAT OUR SERVICES WILL PREVENT SECURITY INCIDENTS, DATA BREACHES, OR CYBER ATTACKS. Cybersecurity is an evolving field with inherent risks. Our services reduce risk but cannot eliminate it entirely.

7.2 Advisory Nature

Our services are advisory only. We provide recommendations based on our professional judgment and industry best practices. Clients are responsible for:

• Evaluating and deciding whether to implement recommendations
• Implementing and maintaining security controls
• Making business decisions regarding risk acceptance
• Ensuring ongoing security and compliance

7.3 Not Legal Advice

Our services do not constitute legal advice. Clients should consult qualified legal counsel for legal questions, particularly regarding compliance with specific laws and regulations.

7.4 As-Is Basis

SERVICES AND WEBSITE CONTENT ARE PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

8. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• Our total liability for any claim arising from services shall not exceed the fees paid for the specific service giving rise to the claim
• We are not liable for indirect, incidental, consequential, special, or punitive damages
• We are not liable for lost profits, data, business opportunities, or goodwill
• We are not liable for security incidents, breaches, or attacks that occur despite our recommendations

9. Indemnification

You agree to indemnify and hold harmless Security Medic, its officers, directors, employees, and agents from any claims, damages, losses, or expenses arising from:

• Your use of our services
• Your breach of these Terms
• Your violation of any law or third-party rights
• Your failure to implement security recommendations

10. Term and Termination

These Terms remain in effect while you use our services. Either party may terminate an engagement:

• With 30 days written notice for convenience
• Immediately for material breach not cured within 15 days of notice
• Immediately if the other party becomes insolvent or bankrupt

Upon termination, client shall pay for all services rendered through the termination date.

11. Governing Law and Disputes

These Terms are governed by the laws of the State of New York without regard to conflict of law principles. Any disputes shall be resolved through:

1. Good faith negotiation between the parties
2. Mediation in Dutchess County, New York
3. Binding arbitration under AAA Commercial Arbitration Rules

Each party waives the right to jury trial and class action participation.

12. Website Use

When using our websites, you agree not to:

• Attempt to gain unauthorized access to any systems
• Interfere with website operation or security
• Use automated tools to scrape or collect data
• Transmit malicious code or harmful content
• Violate any applicable laws or regulations
• Impersonate others or provide false information

13. Modifications

We may modify these Terms at any time. Material changes will be posted on our website with an updated "Last Updated" date. Continued use of our services after changes constitutes acceptance of modified Terms.

14. General Provisions

• Entire Agreement: These Terms and any engagement agreements constitute the entire agreement between the parties.
• Severability: If any provision is found unenforceable, the remaining provisions continue in effect.
• Waiver: Failure to enforce any right does not waive that right.
• Assignment: You may not assign these Terms without our consent. We may assign to affiliates or successors.
• Force Majeure: Neither party is liable for delays due to circumstances beyond reasonable control.
• Independent Contractor: We are an independent contractor, not an employee, partner, or agent of clients.

15. Contact Information

For questions about these Terms, contact us: