MASTER SERVICE AGREEMENT V1.13
INTRODUCTION
This Master Service Agreement (the “Agreement” or “MSA”) is entered into by and between: S.G. Systems, LLC, a limited liability company organized and existing under the laws of the State of Texas, with its principal office located at 6944 Meadowbriar Lane, Dallas, TX 75230 (hereinafter referred to as “Provider”), and the individual or entity accepting this Agreement by accepting a quote and making payment as described herein (hereinafter referred to as “Customer”). Provider and Customer may collectively be referred to as the “Parties” and individually as a “Party.”
WHEREAS: Provider offers the V5 Traceability software solution (“Software”), including options for hosted services utilizing a third-party cloud hosting provider and on-premise installations, designed to track and manage supply chain data, with Version 5.9 independently assessed for compliance with 21 CFR Part 11, EU Annex 11, and Good Manufacturing Practices (GMP), along with related support and services. Customer desires to engage Provider for the use of the Software and related services under the terms and conditions set forth herein, potentially for use in a regulated environment. This MSA establishes the general terms governing the relationship between the Parties, with specific services and fees detailed in Order Forms or quotes accepted by Customer. This Agreement applies solely to Version 5.9 of the Software and does not cover any prior versions or future versions unless expressly agreed to in writing by Provider. Provider acknowledges that many of its Customers operate in regulated industries, particularly pharmaceutical, life sciences, and food manufacturing, and require compliance with stringent regulatory frameworks, including uptime, data integrity, and performance guarantees.
NOW, THEREFORE: In consideration of the mutual promises and covenants contained herein, the Parties agree as follows:
ACCEPTANCE OF TERMS
1.1 Acceptance. By accepting a quote provided by Provider and making payment (either 100% of the annual fee upfront or the first monthly installment), Customer agrees to be bound by the terms of this MSA. The date of such payment shall be deemed the “Effective Date” of this MSA for the applicable services.
1.2 Software Activation. The Software will be activated within 72 hours of receipt of payment (either the full annual amount or the first monthly installment).
1.3 Agreement Scope. This MSA governs all future transactions between the Parties related to the Software, and individual Order Forms shall specify the scope, pricing, and other terms for specific services provided.
DEFINITIONS
2.1 Software. Means the V5 Traceability software, including all updates, upgrades, and documentation provided by Provider under this MSA. This Agreement applies only to Version 5.9 and does not extend to previous versions or future releases unless otherwise agreed in writing.
2.2 Hosted Services. Means the hosting, maintenance, and support of the Software on a third-party cloud hosting provider’s infrastructure, managed by Provider and accessible by Customer via the internet.
2.3 On-Premise Installation. Means the installation and operation of the Software on Customer’s own hardware and/or infrastructure at Customer’s designated location.
2.4 Services. Means the Hosted Services, support, maintenance, validation assistance, and/or installation services provided by Provider.
2.5 Order Form. Means a document, quote, or other record provided by Provider and accepted by Customer specifying the Software license type, Services, fees, and other details of Customer’s engagement.
2.6 Critical Issues. Means severe Software malfunctions that prevent Customer from performing essential business operations reliant on the Software.
2.7 Security Incident. Means any unauthorized access, use, disclosure, alteration, or destruction of Customer Data.
2.8 Sandbox Environment. Means a separate, isolated testing environment provided by Provider for deploying Software upgrades prior to production use.
2.9 Customer Data. Means all data uploaded to or generated by the Software.
2.10 Service Level Agreement (SLA). Means the performance guarantees and commitments outlined in Section 11 of this Agreement, including uptime, response times, and resolution targets for Hosted Services.
IMPLEMENTATION PROCESS
3.1 Scope of Implementation. Provider will configure the system, set up sample data, and demonstrate key workflows based on the selected subscription tier:
Express (MES): Example Electronic Batch Record (EBR), Batch Manufacturing Record (BMR), or Device History Record (DHR) process (Est. 4 hours).
Professional (MES, WMS): Sample Purchase Order (PO) and Sales Order (SO) workflows, including labeling, putaway, and shipping (Est. 8 hours).
Enterprise (MES, WMS, QMS): Setup of a sample approval workflow, training schedule, checklist, or Standard Operating Procedure (SOP) & Policy framework (Est. 12 hours).
3.2 All-Inclusive Support. Provider will offer comprehensive implementation support, including Subject Matter Expert (SME) training and expert onboarding, at no additional cost for the first 90 days.
3.3 Customer Responsibilities and Implementation Timeline. Customer agrees to make their best endeavors to facilitate and conclude implementation within the initial 90-day period. Customer must provide timely responses, necessary information, personnel access, and required system specifications to enable Provider to meet this timeline. If implementation extends beyond 90 days due primarily to Customer-caused delays or failure to meet implementation requirements, Provider reserves the right to charge additional implementation support fees at market rates until implementation completion.
SCOPE OF SERVICES
4.1 License Grant. Provider grants Customer a non-exclusive, non-transferable, revocable license to use the Software. The Software is available in three levels: Express, Professional, and Enterprise, each with varying features and capabilities as outlined in the Order Form. Customer’s access and functionality will be determined based on the selected software level.
4.2 Hosted Services Option. If specified in the Order Form, Provider will provide Hosted Services, including hosting, maintenance, upgrades, and adherence to the SLA outlined in Section 11.
4.3 On-Premise Installation Option. If specified in the Order Form, Provider will provide On-Premise Installation services, with Customer responsible for maintaining necessary infrastructure and ensuring compliance with regulatory requirements. Provider will continue to provide ongoing operational support, including answering questions and providing technical assistance, at no additional charge beyond the subscription fees paid, once the implementation has been completed. Customer acknowledges this support does not include infrastructure maintenance or responsibilities explicitly assigned to Customer.
4.4 User Licensing and Restrictions. The Software is licensed based on predefined blocks of users as specified in the Order Form (e.g., 1-5 users, 6-20 users, etc.). Customer must ensure that the number of active users remains within the purchased license block. The Software will automatically enforce this limit, preventing additional users from accessing the system unless additional licenses are purchased. Each user license is assigned to an individual and may not be shared or used by multiple individuals. Provider reserves the right to audit Customer’s usage to ensure compliance with these licensing terms.
4.5 ERP Integration. Unless otherwise specified in the applicable Order Form, the Provider’s standard implementation services include integration to one (1) Customer ERP system using a single API interface. This integration assumes that the Customer ERP environment provides standard ERP objects required for the Software integration (such as Purchase Orders, Sales Orders, Items, Locations, Schedules, Bills of Material, Customers, Suppliers, and Inventory Data) and that Customer will ensure Provider has timely and sufficient access to a sandbox environment of the ERP system for development, testing, and validation purposes during the implementation period. In cases where the Customer’s ERP environment lacks the standard objects or fields required by the Software, or if ERP customization is necessary, Provider will notify Customer immediately. Such ERP customizations are the sole responsibility of the Customer and may delay the implementation schedule and incur additional costs not covered by Provider’s standard integration offering. Provider shall not be responsible for any delays or additional expenses resulting from Customer’s inability or delay in delivering required ERP customizations or sandbox access.
TERM AND TERMINATION
5.1 MSA Term. This MSA begins on the Effective Date and continues until terminated.
5.2 Service Term. Each Order Form establishes a 365-day term. Service terms automatically renew unless Customer provides written notice of cancellation at least sixty (60) days before the end of the current term.
5.3 Termination for Cause. Either Party may terminate due to a material breach not cured within thirty (30) days of notice.
5.4 Effect of Termination. For Hosted Services, Customer Data will be retrievable for 90 days post-termination, subject to applicable regulatory retention requirements. Non-payment exceeding thirty (30) days may result in service suspension, and non-payment exceeding forty-five (45) days will result in termination and data deletion, subject to regulatory obligations.
FEES AND PAYMENT
6.1 Fees. Customer shall pay as per the Order Form.
6.2 Payment Options. Annual Payment Option: 100% due upfront. Monthly Payment Option: Twelve equal monthly installments with a 10% convenience fee applied.Payment Methods: ACH is the preferred payment method, with credit card payments accepted and subject to a processing fee.
6.3 Subscription Upgrades. Fees will be prorated based on the remaining term.
6.4 Subscription Downgrades. Downgrades will take effect at the next renewal cycle, with a written notice required at least thirty (30) days prior.
6.5 Late Payment Consequences. If payment is not received by the due date, Provider reserves the right to immediately suspend access to Hosted Services and withhold technical support. If payment remains outstanding for fifteen (15) days, Provider may terminate this Agreement, revoke software access, and delete Hosted Services Customer Data, subject to applicable regulatory requirements. A reactivation fee will be required to restore services following a suspension. Customer is responsible for all collection costs, including legal fees and collection agency charges.
REGULATORY COMPLIANCE
7.1 Compliance Commitment. Provider represents that Version 5.9 (Major Version) of the Software has been independently assessed and meets the requirements of 21 CFR Part 11 (electronic records and signatures), EU Annex 11 (computerized systems), and Good Manufacturing Practices (GMP). Provider will take reasonable steps to ensure continued compliance with these standards and the SLA outlined in Section 11.
7.2 Data Integrity and Retention. The Software is designed to maintain the integrity of electronic records and enforce controls to prevent unauthorized modifications. Audit trails, version control, and data encryption are included as standard features. Customer Data will be retained for a period consistent with applicable regulatory requirements (e.g., 5-7 years for GMP compliance), unless an alternative retention period is specified in an Order Form.
7.3 Electronic Signatures. The Software includes electronic signature functionality in accordance with 21 CFR Part 11 and EU Annex 11, ensuring that signed records cannot be modified and that access to signature capabilities is restricted to authorized personnel.
7.4 Validation and Qualification Support. Provider will offer Installation Qualification (IQ) and Operational Qualification (OQ) templates to assist Customer in validating the Software in their environment. If requested, Provider will provide access to a Sandbox Environment to allow validation testing prior to deploying software updates to production. Any software modifications, patches, or upgrades will follow a Change Control Process, ensuring that compliance is maintained and aligned with SLA performance metrics.
7.5 Audit and Inspection Readiness. Provider will cooperate with regulatory audits related to the Software’s compliance with 21 CFR Part 11, EU Annex 11, and GMP, providing documentation, logs, and access records to support Customer’s compliance needs during audits and regulatory inspections. If required, Provider will participate in mock regulatory audits to validate the integrity of the Software and adherence to SLA commitments.
7.6 Security and Access Controls. The Software provides role-based access controls to limit data access based on user roles, ensuring compliance with ALCOA+ principles (Attributable, Legible, Contemporaneous, Original, Accurate, and Complete). All system access and activity will be logged and time-stamped to ensure complete traceability and meet SLA reporting requirements, and Provider will ensure that Customer Data is protected against unauthorized access or tampering through encryption and access controls as outlined in Section 9 and the SLA in Section 11.
CHANGE CONTROL AND SOFTWARE UPDATES
8.1 Controlled Software Updates. All major software updates, patches, or enhancements will be subject to a Change Control Process to maintain compliance with regulated environments and SLA performance metrics. Provider will notify Customer in advance of any significant updates that may impact compliance and allow time for validation before deployment, ensuring no disruption to SLA commitments. Customers using Hosted Services will be given at least 30 days’ notice before any major updates.
8.2 Customer Approval for Critical Updates. Updates that impact electronic records, security, or regulatory compliance will require Customer approval before deployment to production, ensuring alignment with SLA performance guarantees. Customers using On-Premise Installation will be responsible for ensuring that all updates comply with their validation procedures and SLA commitments.
8.3 Versioning and Documentation. Each update will include release notes detailing changes, new features, and potential validation considerations, as well as any impact on SLA metrics. Customers will receive a compliance impact assessment if any changes affect audit trails, electronic signatures, or data retention, ensuring continued SLA adherence.
DATA SECURITY AND INCIDENT RESPONSE
9.1 Security Standards. Provider maintains industry-standard cybersecurity measures, including data encryption, firewalls, intrusion detection, and multi-factor authentication, to meet SLA security commitments. Hosted Services customers benefit from regular security audits and penetration testing, with results reported as part of SLA compliance.
9.2 Incident Response. In the event of a Security Incident—including unauthorized access, data breaches, or loss of data integrity—Provider will notify Customer within 24 hours (instead of 48 hours) of becoming aware of the incident, provide a detailed incident report within 3 business days (instead of 5), and cooperate with Customer to mitigate the impact and support any required regulatory reporting as outlined in the SLA.
9.3 Business Continuity and Disaster Recovery. Hosted Services customers benefit from automatic data backups performed at regular intervals, with Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) defined in the SLA (Section 11). Provider maintains a disaster recovery plan to ensure data integrity and minimal downtime in the event of system failure, with performance metrics tracked under the SLA. Data recovery testing is performed quarterly to ensure compliance with regulatory data retention requirements and SLA uptime guarantees.
CUSTOMER RESPONSIBILITIES IN A REGULATED ENVIRONMENT
10.1 Validation and Qualification. Customer is responsible for performing qualification and validation of the Software in their production environment to meet specific regulatory requirements, ensuring alignment with SLA performance metrics, and must maintain documentation proving compliance with regulatory bodies such as the FDA, EMA, or other governing authorities.
10.2 Regulatory Reporting. If Customer is subject to regulatory inspections, they must maintain internal policies for data integrity and system security, reporting any SLA-related issues to Provider promptly. Customer must notify Provider promptly if the Software is involved in any regulatory audit or data integrity concern that may impact SLA performance.
10.3 User Training. Customer must ensure that their employees and personnel are properly trained on using the Software in accordance with regulatory requirements and SLA expectations. Provider offers training sessions and certification programs to assist with compliance training and SLA adherence.
SERVICE LEVEL AGREEMENT (SLA)
11.1 Purpose. This SLA defines the performance guarantees, metrics, and remedies Provider commits to for Hosted Services and ongoing support services, ensuring the Software meets the stringent requirements of pharmaceutical, life sciences, and food manufacturing industries. For On-Premise Installations, while Provider commits to providing operational and technical support, specific uptime and response time guarantees in this SLA are applicable only to Hosted Services, unless explicitly stated otherwise in an Order Form.
11.2 Ongoing Operational Support (On-Premise). For customers with On-Premise Installations, Provider shall continue to offer routine technical support, assistance with operational questions, and troubleshooting without additional fees beyond the subscription payments. Customer is responsible for infrastructure and system maintenance, while Provider’s support obligations are limited to software functionality, usage guidance, and troubleshooting.
11.3 Response and Resolution Times.
| Severity Level | Issue Description | Initial Response Time | Resolution/Workaround Time | Escalation (if applicable) |
| Critical (Severity 1) | Prevents essential business operations reliant on the Software | Within 90 minutes (24/7/365) | Within 4 hours | Escalate to senior engineer within 2 hours if unresolved |
| High Priority (Severity 2) | Significantly impairs but does not prevent essential operations | Within 4 business hours | Within 24 business hours | N/A |
| Medium Priority (Severity 3) | Impairs non-critical functionality | Within 8 business hours | Within 5 business days | N/A |
| Low Priority (Severity 4) | General inquiries or minor issues | Within 2 business days | Within 10 business days | N/A |
11.4 Data Recovery and Business Continuity. Provider guarantees a Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 15 minutes for Hosted Services, ensuring minimal data loss and rapid recovery in the event of a system failure or Security Incident. Data backups are performed every 15 minutes, with quarterly disaster recovery testing to validate SLA compliance.
11.5 Security and Compliance Metrics. Provider will conduct quarterly security audits and penetration tests, with results shared with Customer annually or upon request. Security incidents will be resolved within 48 hours, with full mitigation and reporting completed within 5 business days as outlined in Section 9.2.
11.6 Performance Monitoring and Reporting. Provider will provide monthly SLA performance reports to Customer, detailing uptime, response times, resolution times, and any incidents affecting service levels. Customers may request ad-hoc reports or audits to verify SLA compliance, with Provider cooperating fully.
11.7 Penalties for Non-Compliance. If Provider fails to meet any SLA metric (e.g., uptime, response times, resolution times), the following penalties apply:
| Uptime Shortfall | For each 0.1% below the 99.9% uptime guarantee, Customer will receive a credit equal to 5% of the monthly Hosted Services fee, up to a maximum of 50% of the monthly fee. |
| Response/Resolution Delays | For each instance where Provider exceeds response or resolution times by more than 50%, Customer will receive a credit equal to 2% of the monthly Hosted Services fee, up to a maximum of 20% per incident. |
| Security Incident Delays | If Provider fails to notify Customer of a Security Incident within 24 hours or resolve it within 48 hours, Customer will receive a credit equal to 10% of the monthly Hosted Services fee, up to a maximum of 50%. |
11.8 Exclusions. SLA commitments do not apply to downtime or issues caused by Customer’s actions (including misuse, non-compliance with system requirements, or failure to provide necessary information), outages due to third-party infrastructure failures beyond Provider’s control (e.g., cloud hosting provider outages), or Force Majeure events such as natural disasters or government actions.
11.9 SLA Review and Adjustment. The Parties may review and adjust SLA metrics annually or upon mutual agreement, ensuring alignment with evolving regulatory requirements and Customer needs.
LIMITATION OF LIABILITY
12.1 Provider’s total liability under this Agreement, including for SLA breaches, shall not exceed the total fees paid by Customer in the 12 months preceding the claim.
12.2 Neither Party shall be liable for indirect, incidental, consequential, or punitive damages, including lost profits, unless arising from gross negligence, willful misconduct, or a breach of data security obligations under Sections 9 or 11.
MISCELLANEOUS
13.1 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of laws principles.
13.2 Dispute Resolution. Any disputes arising under this Agreement shall be resolved through mediation, followed by arbitration if necessary, in Dallas, Texas.
13.3 Entire Agreement. This MSA, together with any Order Forms, constitutes the entire agreement between the Parties and supersedes all prior agreements or understandings.
