Legal Terms and conditions

Unless otherwise agreed in writing, all proposals or all assessment audits (The "IT Internal Audit") provided by any of the affiliated companies of Xetec or any of their agents to any person applying for the Services (the "Client"), and these Terms and Conditions shall govern all resulting contracts or other arrangements and constitute the entire agreement (the "Contract") between the Client and the Xetec concerning the subject matter. Save as otherwise provided, no variation to the contract shall be valid unless it is in writing and signed by and on behalf of Client and Xetec.

In these terms and conditions, the following terms shall have the following meanings:

• IT Audit Program: means the document against which Xetec will perform the Services and issue its findings.
• Application for Assessment Audits: means the form that sets out the Scope and fees of the Services to be performed.
• Client:means any organization Xetec will provide the Services to and shall include Client's successors and assigns.
• Client Information: means the Deliverable and all oral and written Information provided to XETEC by Client which amounts to a trade secret or is confidential or commercially sensitive and which may not be readily available to others engaged in a similar business to that of Client.
• Confidential Information: information that contains identifying features that can be attributed to you or individual personnel which includes (a) relates to such Party's past, present, and future business activities, services, products, research, development, ideas, concepts, know-how, techniques, methodologies, and technical knowledge, and (b) has been identified as confidential or would be understood to be confidential by a reasonable person whether or not marked confidential.
• Deliverable: means the IT Audit Report and, if applicable, a certificate that Xetec will provide to the Client upon completion of the Services.
• Services: means IT audits of Clients performed by Xetec using the IT Audit Program.

• Xetec will provide the Services using reasonable care and skill and following (i) the limits of the instructions received by the Client and (ii) the content of the Audit Program as defined in the Application for Assessment Audts.
• The content of the Deliverable represents Xetec's review of facts and documents in existence at the time of performance of the Services only and within the limits of the instructions received and are solely for the benefit of Client, which is responsible for acting as they see fit based on such Deliverables.
• Xetec may delegate the performance of all or part of the Services to an agent or Subcontractor and Client authorizes Xetec to disclose all information necessary for such performance to the agent or subcontractor.
• Client acknowledges that Xetec, by providing the Services, neither takes the place of Client or any third party, nor releases them from any of their obligations, nor otherwise assumes, abridges, abrogates, or undertakes to discharge any duty of Client to any third party or that of any third party to Client.

All Communications between CLIENT and Xetec will be commenced through E-mails and Microsoft TEAM meetings. Monthly project updates and quarterly Audit Committee meetings will be scheduled to facilitate the audit progress and address issues and concerns.

• Provide Xetec with all necessary and requested access to Client's books, codes of practice, records, information systems, and facilities such that Xetec may render the Services; (b) Ensure that sufficient information, instructions, and documents are given in due time to enable the required services to be performed.
• Procure all necessary access for Xetec's representatives to the premises where the Services are to be performed and take all necessary steps to eliminate or remedy any obstacles to, or interruptions in, the performance of the Services.
• Comply with Xetec's requests to conduct interviews, meetings, or discussions with the CLIENT Canada's Related Third-Party employees and agents on any matters relating to the Services, within such deadlines as Xetec shall establish.
• Supply, if required, any special equipment and personnel necessary for the performance of the Services.
• Ensure that all necessary measures are taken for safety and security of working conditions, sites, and installations during the performance of the Services and will not rely on, in this respect, Xetec's advice whether required or not.
• Inform Xetec in advance of any known hazards or dangers, actual or potential, associated with any order, samples, or testing, including, for example, the presence or risk of radiation, toxic or noxious or explosive elements or materials, environmental pollution, or poisons.

• Xetec shall invoice Client as agreed or upon issuance of the Audit Report. Invoices for additional and further work will be issued on completion of the relevant task.
• Unless a shorter period is established in the invoice, Client will promptly pay not later than 45 days from the relevant invoice date or within such other period as may be established by Xetec in the invoice (the "Due Date") all fees due to the Xetec.
• As fees quoted to Client are based on the information provided by Client and apply to the time of submitting the fee quotation.
• Additional fees shall be charged for (i) operations that are not included in the contract and/or (ii) rush orders, cancellation, or rescheduling of services or any partial or full repeats, which will be payable at Xetec's prevailing charging rates.
• A copy of Xetec's prevailing charging rates is available upon request from Xetec.
• If Xetec is unable to perform all or part of the Services for any cause whatever under Client Xetec's control, including failure by Clients to comply with any of its obligations provided for in Articles 4 and 5 above, Xetec shall nevertheless be entitled to payment of
  1. The amount of all non-refundable expenses incurred by Xetec
  2. A proportion of the agreed fee equal to the proportion of the Services carried out. (j) Unless otherwise stated, all fees quoted exclude traveling and subsistence costs (which will be charged to the Client at cost). All fees and additional charges exclude any applicable Value Added Tax, Sales Tax, or similar tax in the country concerned.

• The Contracts is generally meant to last for fixed periods (12 Months) either directly related to the validity of the relevant certificates issued or the type of Services to be rendered; they may be renewed afterward.
• Unless otherwise agreed in writing, the Client shall be entitled to terminate the a contract at any time by giving not less than thirty days written notice to Xetec. Suppose the Client terminates the contract (other than because of default by Xetec in iClient obligations). In that case, Xetec shall be entitled to charge Client reasonable fees in respect of work carried out for Client before termination.
• Unless otherwise agreed in writing, either Party may terminate the contract because of serious default by the other Party (the "Breaching Party") in its obligations at any time by giving not less than thirty (30) days notice in writing to the Breaching Party after the Breaching The party failed to fix the notified default within thirty 30 days from notification.
• Either Party shall be entitled to terminate the provision of the Services in the event of any arrangement with creditors, bankruptcy, insolvency, receivership, or cessation of business by the other Party.
• Unless otherwise agreed in writing, the obligations of the parties defined in Article 8 below shall apply notwithstanding the completion of the Services or termination of the contract.

• Limitation of Liability
  1. Xetec undertakes to exercise due care and skill in the performance of the Services and accepts responsibility only in cases of proven negligence.
  2. Nothing in these Conditions shall exclude or limit Xetec's liability to Client for death or personal injury or for fraud or any other matter resulting from Xetec's negligence for which it would be illegal to exclude or limit its liability.
  3. Subject to clause 7. (a) the liability of Xetec in respect of any claim for loss, damage, or expense of any nature and howsoever arising shall in no circumstances exceed a total aggregate sum equal to the fee paid to Xetec under the contract.
  4. The Deliverables are issued based on information, documents, and/or discussions provided by or on behalf of Clients and solely for the benefit of Clients, who are responsible for acting as they see fit based on such Deliverables. Neither Xetec nor any of its officers, employees, agents, or subcontractors shall be liable to Clients nor any third party for any actions taken or not taken based on such Deliverables nor for any incorrect results arising from unclear, erroneous, incomplete, misleading, or false information provided to the Xetec by, or on behalf of, the Clients.
  5. Xetec shall not be liable for any delayed, partial, or total non-performance of the Services arising directly or indirectly from any event Client Xetec's control, including failure by Clients to comply with any of its obligations hereunder.
• Xetec shall have no liability for:
  1. for any loss, damage, or expense arising from (i) a failure by Client to comply with any of its obligations herein, (ii) any actions taken or not taken based on the Reports or the Certificates, and (iii) any incorrect results, Reports or Certificates arising from unclear, erroneous, incomplete, misleading or false information provided to XETEC.
  2. for loss of profile, loss of production, loss of business or costs incurred from business interruption, loss of revenue, loss of opportunity, loss of contracts, loss of expectation, loss of use, loss of goodwill or damage to reputation, loss of anticipated savings, cost or expenses incurred in relation to making product recall, cost or expenses incurred in mitigating loss and loss or damage arising from the claims of any third party (including without limitation product liability claims) that the Client may suffer; and any indirect or consequential loss or damage of any kind (whether or not falling within the types of loss or damage identified in (b) above).
  3. In the event of any claim, Clients must give written notice to Xetec within 30 days of discovery of the facts alleged to justify such claim, and, in any case, Xetec shall be discharged from all liability for all claims for loss, damage or expense unless suit is brought within one year from:
  4. the Date of performance by the Xetec of the Service which gives rise to the claim; or
  5. the Date when the Service should have been completed in the event of any alleged non-performance.
  6. Indemnification: Except for cases of proven negligence or fraud by XETEC, Client further agrees to hold harmless and indemnify XETEC and its officers, employees, agents, or subcontractors against all claims (actual or threatened) by any third party for loss, damage or expense of what’s over nature including all legal expenses and related costs and howsoever arising (i) relating to the performance, purported performance or non-performance, of the Services or (ii) out of or in connection with the Client's product, process or service the subject of the certification (including, without limitation, product liability claims).

As used herein, "Confidential Information" shall include the Client Information and any information, oral or written, that a party may acquire from the other Party under the contract provided; however, that Confidential information shall not include any information which (1) is or hereafter becomes generally known to the public; (2) was available to the receiving Party on a non-confidential basis before the time of its disclosure by the disclosing Party; (3) is disclosed. By an independent third party with a right to make such disclosure. Unless required by law, neither Party shall disclose the other's Confidential Information to any person or entity except as expressly provided for herein.

The ownership of the Deliverable provided to the Client shall be vested in the CLIENT. Canada. Xetec has the right to make and retain copies of said Deliverable for the purposes of Xetec's records are subject to the provisions of Article 8 above.

• If any one or more provisions of these Terms and Conditions are found to be illegal or unenforceable in any respect, the validity, legality, and enforceability of the remaining provisions shall not be affected or impaired.
• Except as expressly provided herein, Client may not assign any of their rights or obligations hereunder without Xetec's prior written consent.
• Use of Xetec's corporate name or registered marks for advertising purposes is not permitted without Xetec's prior written authorization.

Unless specifically agreed otherwise, all disputes arising out or in connection with Contractual Relationship(s) hereunder shall be governed by the substantive laws of the State of New York, USA., exclusive of any rules with respect to conflicts of laws, and be finally settled under the by one or more arbitrators appointed by the said rules. The arbitration shall take place in Toronto, Canada, and be conducted in the English language, with each Party to bear their own cost Client.We may use other XETEC Member Firms or subcontractors to provide Services; however, we remain solely responsible for the Services. You agree not to bring any claim or action against another XETEC Member Firm (or their partners, members, directors, employees, or subcontractors) or our subcontractors regarding any liability relating to the provision of Services.

• We will use reasonable effort Client to complete, within any agreed-upon time frame, the performance of Services
• You shall be responsible for your personnel's compliance with your obligations under this agreement. We will not be responsible for any delays or other consequences arising from you not fulfilling your obligations
• Ownership Any document prepared by us or for us in connection with this agreement belongs solely to us.
• Oral advice and draft deliverables You should not rely upon any draft deliverables or oral advice we provided. Should you wish to rely upon something we have said to you, please let us know, and if possible, we will provide the information you require in writing.
• Translated document If you engage us to translate any document, advice, opinions, report, or other work product of XETEC from one language to another, you are responsible for the accuracy of the translation work.
• Reliance by Third Parties Our services will not be planned or conducted in contemplation of or for the purpose of reliance by any third party other than the intended users identified in our service auditor's report.

We agree to use the Confidential Information provided by you only in relation to the services in connection with which the information is provided, and we will not disclose the Information, except where required by law, regulation, or professional obligation. However, we may give Confidential Information to other XETEC Member Firms or subcontractors assisting us in providing Services. Any party to whom we subcontract work will be required to keep Confidential Information confidential either by professional obligation or contract with us.

XETEC shall be entitled to include a description of services we render to or for you in marketing and research materials and disclose such information to third parties, provided that all such information will be made anonymous and not associated with you. Additionally, we may analyze information on an industry or sector basis for internal purposes or to provide industry/sector-wide information to our client or potential client. You consent to our using information obtained from you in this way, provided that the output therefrom will not contain any identifying features that can be attributed to you.

Professional and certain regulatory standards require us to be independent, in both fact and appearance, with respect to our clients in performing our services. We will communicate any relationships between XETEC (including its related entities) and you that, in our professional judgment, may reasonably be thought to bear on our independence

Any discussions with the client or any party acting on your behalf with our Firm's professional personnel regarding employment could threaten our independence. Your recruitment of an engagement team member from the current or prior year's engagement may compromise our independence and ability to render agreed Services to you. Engagement team members may include current and former partners and staff of XETEC, other XETEC Member Firms, and other firms who work under our direction. Therefore, you agree to inform us before such discussions so that you and we can implement appropriate safeguards to maintain our independence.

Both parties recognize and accept the security risks associated with e-mail communications, including but not limited to the lack of security, unreliability of delivery, and possible loss of confidentiality and privilege. Unless you request in writing that we do not communicate by Internet e-mail, you assume all responsibility and liability regarding the risk associated with its use.

By signing this agreement, you provide XETEC with express consent to communicate with you and your employees, as applicable, electronically, including sending XETEC newsletters, publications, announcements, invitations, and other news and alerts that may interest you. You and your employees may withdraw such consent at any time by contacting XETEC.

Appendix 2 – Roles and Responsibilities

Conduct of the Audit & Our Responsibilities

We will perform one or more examinations in accordance with attestation standard(s) as specified in the Scope of the Engagement section of this document. For each such examination, we will be responsible for the following:

• Expressing an opinion on the fairness of the presentation of the description and on the suitability of the design (and, in the case of a Type 2 report, operating effectiveness) of the controls at your organization.
• Performing each examination in accordance with the applicable attestation standard(s) specified in the Scope.
• Planning and performing each examination to obtain reasonable assurance about whether, in all material respect, the description is fairly presented and the controls were suitably designed to achieve the related control objectives or meet the applicable trust services criteria, as at the date of or throughout the period of the report.
• Examining the description of the service organization's system and the suitability of the design (and, in the case of a Type 2 report, operating effectiveness) of the service organization's controls to achieve the related control objectives or meet the applicable trust services criteria. This will involve performing procedures to obtain evidence about the fairness of the presentation of the description and the suitability of the design (and, in the case of a Type 2 report, operating effectiveness) of those controls to achieve the related control objectives or meet the applicable trust services criteria. Our procedures will include assessing the risks that the description is not fairly presented and the controls are not suitably designed to achieve the related control objectives or meet the applicable trust services criteria.
• Evaluating the overall presentation of the description, suitability of the control objectives stated therein, and the suitability of the criteria specified by the service organization in its assertion.
• Determining those procedures we consider necessary in the circumstances to obtain a reasonable basis for rendering our opinion.
• In the event that management includes the services of one or more sub-service organizations in the Scope of the report, our responsibilities will extend to the sub-service organization(s).

Limitations

The following are the limitations of an examination report:

• For reports relevant to internal controls over financial reporting, the description is prepared to meet the common needs of a broad range of user entities and their auditors who audit and report on user entities' financial statemenClient and may not, therefore, include every aspect of Each user entity may consider the system important in its own particular environment.
• The description of the system at your organization is as at the report date or period. Any projection of such information to the future is subject to the risk that the description may no longer portray the system in existence because of change.
• The potential design and operating effectiveness of specific controls at your organization are subject to inherent limitations, and accordingly, errors or fraud may occur and not be detected.
• The projection of any conclusions, based on our findings, to future periods is subject to the risk that changes may alter the validity of such conclusions.
• The relative effectiveness and significance of specific controls at your organization and their effect on assessing control risk at user organizations depend on their interaction with the controls and other factors present at individual user organizations.
• Our testing procedures will not extend to evaluating the effectiveness of controls at individual user organizations.
• Our engagement cannot ensure that errors, fraud, or other illegal acts, if present, will be detected. However, we will communicate to you, as appropriate, any such matters that come to our attention.
• Making available to us, on a timely basis, all information necessary for performing our examination and test, including but not limited to systems documentation, process documentation, contract, internal audit or other reports, and minutes of oversight committees meetings as well as access to personnel to whom we may direct inquiries. As professional standards require, we will make specific inquiries of management and others about the processes and IT infrastructure. Such professional standards also require that we obtain written representations relating to management's description of the system and the operating effectiveness of controls relating to the control objectives and/or in-scope Trust Services Principles.
• Disclosing any significant changes in controls that have occurred within the last 12 months, any incident of noncompliance with laws and regulations, illegal act, fraud, or uncorrected errors attributable to your management or employees that may affect one or more user organizations; any relevant design deficiencies in controls or instances where controls have not operated as designed of which you are aware, including those for which management believes the cost of corrective action may exceed the benefit; and subsequent events that could have a significant effect on management's assertion(s).
• Provide access, in a timely manner, to all information of which you are aware that is relevant to the description of the service organization's system and the statement.
• Provide additional information that we may request for the purpose of the audit.
• Provide unrestricted access to persons within the entity from whom we determine it is necessary to obtain audit evidence.
• If the service auditor plans to use internal auditors to provide direct assistance, providing the service auditor with a written acknowledgment that internal auditors providing direct assistance to the service auditor will be allowed to follow the service auditor's instructions and that the service organization will not intervene in the work the internal auditors perform for the service auditor.
• Provide XETEC written confirmation concerning representations made to us concerning the audit. If appropriate and adequate written representations are not provided, professional standards require that we disclaim an audit opinion or withdraw from the engagement.