Master Service Agreement

Anchor Cyber Master Services Agreement (MSA)

Effective Date: 3/26/26

This Master Services Agreement (“Agreement”) governs all services provided by Anchor Cyber, Inc. (“Anchor Cyber”) to the client (“Client”) as described in one or more proposals, statements of work, or similar documents (each, a “Statement of Work” or “SOW”).

By accepting a SOW, Client agrees to this Agreement.

1. Scope of Services

Anchor Cyber will provide cybersecurity advisory, compliance, and related services as described in each SOW.

Each SOW is incorporated into this Agreement. In the event of a conflict, the SOW shall govern for that specific engagement.

2. Advisory Nature of Services (No Guarantee of Compliance)

Anchor Cyber provides advisory, assessment, and documentation services only.

Client acknowledges that:

  • Anchor Cyber does not guarantee compliance, certification, or audit outcomes

  • Compliance depends on Client’s implementation and ongoing operations

  • Regulatory frameworks (including CMMC, NIST, DFARS) may change

3. Client Responsibilities

Client is responsible for:

  • Implementing and maintaining all security controls

  • Providing accurate and complete information

  • Ensuring availability of personnel and resources

  • Managing its IT environment, vendors, and systems

Anchor Cyber is not responsible for Client’s failure to implement recommendations.

4. Change Orders and Out-of-Scope Work

Services not expressly included in a SOW are out of scope.

Additional work requires a written change order and may result in additional fees.

5. Regulatory and Technology Changes

Client acknowledges that cybersecurity requirements and technologies evolve.

Any additional work required due to:

  • Regulatory updates

  • Technology changes

  • Environmental changes

shall be considered out of scope and billed separately.

6. Third-Party Systems and Vendors

Anchor Cyber is not responsible for:

  • Third-party platforms, tools, or service providers

  • Vendor failures or vulnerabilities

  • Security incidents arising from third-party systems

7. Fees and Payment Terms

Fees and payment terms are defined in each SOW.

Unless otherwise stated:

  • Payments are due as outlined in the SOW

  • Anchor Cyber may suspend services for non-payment

  • Client remains responsible for all incurred fees

8. Nonpayment and Suspension of Services

Client agrees to pay all fees in accordance with the applicable Statement of Work (SOW).

If payment is not received when due:

  • Anchor Cyber reserves the right to suspend or delay services until payment is brought current

  • Anchor Cyber may withhold any or all deliverables, including but not limited to reports, documentation, System Security Plans (SSPs), scoring results, or other work product, until all outstanding invoices are paid in full

  • Any project timelines or delivery dates shall be automatically extended for the duration of such delay

Anchor Cyber shall not be liable for any impact, delays, or consequences resulting from suspension of services or withholding of deliverables due to nonpayment.

Client remains responsible for all fees incurred prior to suspension or termination.

9. Confidentiality

Each party agrees to protect confidential information of the other party and use it solely for purposes of the engagement.

This obligation survives termination.

10. Intellectual Property

All methodologies, templates, frameworks, and tools used by Anchor Cyber remain its intellectual property.

Client is granted a non-exclusive, non-transferable license to use deliverables for internal business purposes only.

11. Disclaimer of Warranties

Services are provided “as is” without warranties of any kind, including:

  • Fitness for a particular purpose

  • Continuous compliance or security

  • Accuracy or completeness

12. Limitation of Liability

To the maximum extent permitted by law:

Anchor Cyber’s total liability shall not exceed the total fees paid under the applicable SOW.

Anchor Cyber shall not be liable for:

  • Indirect or consequential damages

  • Loss of profits, data, or business

  • Security breaches or cyber incidents

13. Indemnification

Client agrees to indemnify and hold harmless Anchor Cyber from claims arising from:

  • Client’s failure to implement recommendations

  • Client’s systems, operations, or decisions

  • Use or misuse of deliverables

14. Term and Termination

This Agreement remains in effect as long as any SOW is active.

Either party may terminate:

  • Per terms defined in the SOW

  • For material breach (with reasonable cure period)

Fees for work performed prior to termination remain due.

15. Force Majeure

Neither party shall be liable for delays caused by events beyond reasonable control.

16. Governing Law

This Agreement is governed by the laws of the State of California.

Venue shall be San Diego County, California.

17. Entire Agreement

This Agreement, together with each SOW, constitutes the entire agreement between the parties.

18. Updates to Agreement

This Agreement may be updated from time to time. The version in effect at the time a SOW is executed will govern that engagement.

For questions regarding this agreement, please contact:

Anchor Cyber, Inc.
📧 mandy@anchorcyber.com