Product Sheets

Effective Date: September 1, 2020

In order for any of the below Product Sheets to apply, Customer must purchase the applicable Product through an Order. If Customer places an Order for any new Products or features not listed in these Product Sheets, then Customer agrees that the additional terms and conditions for such new Products or features (as set forth at www.zscaler.com/product-sheets) will be incorporated into these Product Sheets.

PRODUCT SHEET - Zscaler B2B

  1. Definitions.

    Any capitalized terms not defined herein shall have the meaning forth in the Agreement or other Product Sheets.

    1.1 “Monthly Traffic” means all traffic uploaded and/or downloaded through the Products during each calendar month, measured in Terabytes (TB).

    1.2 “SaaS” for the purpose of this Product Sheet means Zscaler B2B.

  2. Subscription Rights.

    Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to access and use the SaaS during the Subscription Term for the purchased TB of Monthly Traffic.

  3. License Grant for Software.

    Subject to the terms and conditions set forth in this Agreement, Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to download and use the Software to connect Authorized Users to Customer’s hosted applications via the SaaS.

  4. Excessive Bandwidth Consumption.

    Customers must purchase the appropriate amount of Monthly Traffic for the SaaS based on their expected monthly bandwidth consumption. If Customer’s monthly bandwidth consumption increases above the Monthly Traffic purchased by more than ten percent (10%), Zscaler will notify Customer/Partner and Customer agrees to work with Partner/Zscaler in good faith to investigate the reason(s) for Customer’s Monthly Traffic increase (e.g. additional traffic using the SaaS, changes in Customer’s network, etc.), and either determine a bandwidth reduction plan or order additional TB of Monthly Traffic which will be pro-rated and co-terminus with the then-current Subscription Term. If Customer does not either reduce its Monthly Traffic or order additional Monthly Traffic within ninety (90) days of notification, then Customer agrees that Partner/Zscaler may invoice Customer for the required additional Monthly Traffic starting from the date of notification.

  5. Customer Logs.

    In order to provide the SaaS under this Agreement, Customer agrees that Zscaler shall have the right to process, use, reproduce, store, modify, and display the information from the Customer Logs (as defined below).

    For Zscaler B2B, “Customer Logs” means collectively the User Logs, the App Connector Logs, and the Audit Logs. "User Logs" means the activity logs of Authorized Users accessing Customer B2B applications through Zscaler B2B. "App Connector Logs" means the activity logs of the App Connector, which is set up by Customer to allow Authorized User access to Customer B2B applications through Zscaler B2B. "Audit logs" means the activity logs of configuration changes made by Customer via the Zscaler B2B admin portal. Customer Logs do not include Customer’s internal system logs. User Logs and App Connector Logs shall be retained by Zscaler for rolling fourteen (14) day periods during the Subscription Term, and Audit Logs shall be retained by Zscaler for rolling six (6) month periods during the Subscription Term. Upon termination or expiration of the Subscription Term, the Customer Logs shall be deleted by Zscaler in accordance with the foregoing fourteen (14) day or six (6) month retention cycle, as applicable. If Customer orders the Zscaler B2B log streaming service, then Customer may stream the User Logs, App Connector Logs and Audit logs in real-time to Customer’s premises where the User Logs, App Connector Logs and Audit logs can be sent to multiple Customer systems allowing Customer to retain them for however long it chooses.

    During the deployment process, Customer may choose to have its Customer Logs stored in either the United States or the European Union & Switzerland.

  6. Service Level Agreement.

    The Service Level Agreement for Zscaler B2B set forth in the Product Sheet for Service Level Agreements is hereby incorporated into this Product Sheet by this reference.

PRODUCT SHEET - Zscaler Cloud Security Posture Management (CSPM)

  1. Definitions.

    Any capitalized terms not defined herein shall have the meaning forth in the Agreement or other Product Sheets.

    1.1 “SaaS” for the purpose of this Product Sheet means Zscaler Cloud Security Posture Management or “CSPM”.

    1.2 “Seat” means a subscription license for the SaaS for an individual Authorized User.

    1.3 “Server” means a unique domain name, or if a unique domain name does not exist, an IP address or set of IP addresses, assigned to an asset.

    1.4 “Workload” means a subscription license of the SaaS for a single cloud workload such as virtual machines, database services, cloud storage, and other similar infrastructure-as-a-service (Iaas) and/or Platform-as-a-Service (PaaS) resources that Customer utilizes in its public cloud environments.

  2. Subscription Rights.

    For SaaS used for Customer’s public cloud environments, Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to access and use the SaaS during the Subscription Term for the purchased Servers and/or Workloads. For SaaS used for Customer’s Microsoft Office 365 environment, Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to access and use the SaaS during the Subscription Term for the purchased number of Seats and/or Servers.

  3. License Grant for Software.

    Subject to the terms and conditions set forth in this Agreement, Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to use the Software in connection with the SaaS.

  4. Additional Seats, Servers, or Workload.

    Customer is responsible for ordering the correct number of Seats, Servers, and/or Workloads, as applicable. For any additional Seats, Servers, and/or Workloads needed during the Subscription Term, Customer agrees to place an additional Order with Zscaler/Partner for such additional Seats, Servers, and/or Workloads. The additional Seats. Servers, and/or Workloads will be pro-rated and co-terminous with the then-current Subscription Term. The parties will jointly review the number of Seats. Servers, and/or Workloads using the SaaS on a quarterly basis, and if it is determined that Customer is using more Seats, Servers, and/or Workloads than it has purchased, Customer agrees to place an additional Order for the additional required Seats, Servers, and/or Workloads.

  5. CSPM Data Retention Policy.

    All cloud configuration data processed by Zscaler in connection with Customer’s use of SaaS shall be retained by Zscaler for rolling ninety (90) day periods during the Subscription Term. Upon termination or expiration of the Subscription Term, the data shall be deleted by Zscaler within ninety (90) days after termination or expiration.

  6. Service Level Agreement.

    The Service Level Agreement for CSPM set forth in the Product Sheet for Service Level Agreements is hereby incorporated into this Product Sheet by this reference.

PRODUCT SHEET - Zscaler Digital Experience (ZDX)

  1. Definitions.

    Any capitalized terms not defined herein shall have the meaning forth in the Agreement or other Product Sheets.

    1.1 “Office 365 Probes” means synthetic probes that are activated from either a cloud-hosted agent provided by Zscaler or from an Authorized User’s device to gather additional telemetry for Microsoft Office 365 applications.

    1.2 “SaaS” for the purpose of this Product Sheet means Zscaler Digital Experience or “ZDX”.

    1.3 “Seat” means a subscription license for the SaaS for an individual Authorized User.

    1.4 “Transaction” means an HTTP or HTTPS request sent to or from Customer through its use of the SaaS.

    1.5 “ZDX Probes” means synthetic transactions sent by Zscaler Client Connector to a destination such as a cloud application, internal application, etc. that provides telemetry regarding Authorized User’s experience.

  2. Subscription Rights.

    Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to access and use the SaaS during the Subscription Term for the number of purchased Seats. A Seat may only be transferred from one Authorized User to another if the original Authorized User is no longer permitted to access the SaaS.

  3. License Grant for Software.

    Subject to the terms and conditions set forth in this Agreement, Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to download and use the Software in connection with the SaaS.

  4. Authenticated Users.

    Customers and its Affiliates are responsible for ordering the correct number of Seats. Customer or any Customer Affiliate must authenticate users to use the SaaS. The number of Seats required will be determined by counting the unique individuals accessing or using the SaaS over the previous rolling 90-day period.

  5. Customer Logs.

    In order to provide the SaaS under this Agreement, Customer agrees that Zscaler shall have the right to process, use, reproduce, store, modify, and display the information from the Customer Logs (as defined below).

    For ZDX, “Customer Logs” means the telemetry metadata collected with regards to ZDX Probs and Office 365 Probes as well as the metadata that correlates with Customer Logs of other Zscaler SaaS, such as ZIA or ZPA. Customer Logs shall be retained by Zscaler for rolling one-month or one- week periods during the Subscription Term, depending on the SKU purchased. Upon termination or expiration of the Subscription Term, the Customer Logs shall be deleted by Zscaler pursuant to the rolling one- month retention cycle.

    For Zscaler Client Connector, “Customer Logs” means the packet capture logs of Customer’s Transactions. Customers can globally enable or disable the packet capture. Customers have access to these Customer Logs at all times and can delete the Customer Logs from the applicable laptop, desktop or personal mobile device.

    During the deployment process, Customer may choose to have its Customer Log stored in either the United States or the European Union & Switzerland.

  6. ZDX Analytics Service.

    ZDX is a digital user experience analytics platform. All performance data (“ZDX Analytics Data”) is collected by the Zscaler Client Connector installed on Authorized Users’ devices, where the ZDX Analytics Data is normalized first and then sent to the SaaS for analysis. All ZDX Analytics Data shall be retained by Zscaler for rolling one-month or one-week periods during the Subscription Term, depending on the SKU purchased.

  7. ZDX Live Troubleshooting.

    Zscaler supports live troubleshooting mode in the SaaS to support remote live diagnostics and troubleshooting by a Customer administrator. Live troubleshooting might result in the capturing and storage of packet capture files as well as additional telemetry about the Authorized User’s devices, including software process level information of such devices (“ZDX Live Troubleshooting Data”). All ZDX Live Troubleshooting Data shall be retained by Zscaler for rolling one-month or one-week periods during the Subscription Term, depending on the SKU purchased. Upon termination or expiration of the Subscription Term, the ZDX Live Troubleshooting Data shall be deleted by Zscaler pursuant to the rolling one-month retention cycle.

  8. Additional Seats.

    Customer is responsible for ordering the correct number of Seats. For any additional needs during the Subscription Term, Customer agrees to place an additional Order with Zscaler/Partner for such additional Seats. The additional Seats will be prorated and co-terminous with the then-current Subscription Term. The parties will jointly review the number of Seats using the SaaS on a quarterly basis, and if it is determined that Customer is using more Seats than it has ordered, Customer agrees to place an additional Order for the additional required Seats.

  9. Service Level Agreement.

    The Service Level Agreement for ZDX set forth in the Product Sheet for Service Level Agreements is hereby incorporated into this Product Sheet by this reference.

PRODUCT SHEET - Zscaler Internet Access (ZIA)

  1. Definitions.

    Any capitalized terms not defined herein shall have the meaning forth in the Agreement or other Product Sheets.

    1.1 “API based CASB” means the out-of-band cloud access security broker (CASB) that connects to an organization’s corporate-approved cloud applications, scans data at rest, and looks for Data Loss Prevention (DLP) and malware violations.

    1.2 “Backward Data Scan” means the data that resided in an organization’s corporate-approved cloud application prior to connecting to the API based CASB.

    1.3 “Browser Isolation” means the feature/capability within the SaaS which allows subscribed Authorized Users to (i) access internet-based web content and documents downloaded from the internet safely through a remotely hosted ephemeral browser and (ii) view the rendered webpages as a pixel stream/image on their native browser.

    1.4 “CASB Scanning Data” means the data that resides in a Customer’s corporate-approved cloud applications.

    1.5 “Device Traffic” or “Server Traffic” means all traffic that is not covered under the definition of “Authorized User”, as defined in the Agreement, such as server-initiated internet traffic or other devices (e.g. IoT, point of sale, kiosks, etc.) that are not already associated with an Authorized User.

    1.6 “Inline Guest WiFi Traffic” means all guest WiFi traffic that is not covered under the definition of “Authorized User.” For clarity, this does not apply for the DNS-Based Guest WiFi Security Product.

    1.7 “Iterative Scans” means the data put into a Customer’s corporate-approved cloud applications after connecting to the API based CASB Product.

    1.8 “Monthly Traffic” means all non-Seat traffic (Browser Isolation traffic, Inline Guest WiFi Traffic, Device Traffic, and/or Server Traffic) uploaded and/or downloaded through the Products during each calendar month, measured in Megabytes (MB) or Gigabytes (GB).

    1.9 “Premium Data Centers” means those data centers located in Africa, Australia, Central & South America, Mainland China, New Zealand, the Middle East, South Korea, and any other new data center that Zscaler may designate as premium due to higher in-region bandwidth charges.

    1.10 “SaaS” for the purpose of this Product Sheet means Zscaler Internet Access or “ZIA”.

    1.11 “Seat” means a subscription license for the SaaS for an individual Authorized User.

    1.12 “Server” means a unique domain name, or if a unique domain name does not exist, an IP address or set of IP addresses, assigned to an asset.

    1.13 “Transactions” means an HTTP or HTTPS request sent to or from Customer through its use of the SaaS.

  2. Subscription Rights.

    Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to access and use the SaaS during the Subscription Term for the number of purchased Seats, Servers, and/or GB of Monthly Traffic. A Seat may only be transferred from one Authorized User to another if the original Authorized User is no longer permitted to access, and does not access, the Internet in connection with the SaaS.

  3. License Grant for Software.

    Subject to the terms and conditions set forth in this Agreement, Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to download and use the Software on a compatible laptop, desktop, or personal mobile device, in order to connect to the SaaS.

  4. Non-Authenticated and Authenticated Users.

    Customer and its Affiliates are responsible for ordering the correct number of Seats and/or Monthly Traffic. Therefore, if Customer or any Customer Affiliate chooses not to authenticate its Authorized User and cannot reasonably determine the number of Seats being used, then Customer agrees to subscribe to the appropriate amount of Monthly Traffic. For authenticated Authorized Users, the number of Seats required will be determined by counting the unique individuals of the SaaS over the previous rolling 90-day period.

  5. Customer Logs.

    In order to provide the SaaS under this Agreement, Customer agrees that Zscaler shall have the right to process, use, reproduce, store, modify, and display the information from the Customer Logs (as defined below).

    For ZIA, “Customer Logs” means the metadata of all network traffic sent to or received from Customer through its use of the SaaS. Customer Logs shall be retained by Zscaler for rolling six (6) month periods during the Subscription Term. Upon termination or expiration of the Subscription Term, the Customer Logs shall be deleted by Zscaler pursuant to the six (6) month retention cycle. If Customer orders Zscaler’s Nanolog Streaming Service (NSS), then Customer may stream the Customer Logs in real-time to Customer’s premises where the Customer Logs can be sent to multiple Customer systems allowing Customer to retain the Customer Logs for however long it chooses.

    For Zscaler Client Connector, “Customer Logs” means the packet capture logs of Customer’s Transactions. Customer can globally enable or disable the packet capture. Customer has access to these Customer Logs at all times, and can delete the Customer Logs from the applicable laptop, desktop or personal mobile device.

    During the deployment process, Customer may choose to have its Customer Logs stored in either the United States or the European Union & Switzerland.

  6. Excessive Bandwidth Consumption.

    If Customer’s average per-Seat bandwidth consumption increases above Customer’s Bandwidth Baseline by more than one-hundred percent (100%) for a sustained ninety (90) day period, Zscaler will notify Customer/Partner and Customer agrees to work with Partner/Zscaler in good faith to investigate the reason(s) for Customer’s bandwidth increase (e.g. additional non-purchased Seats using the SaaS, non-Seat traffic using the SaaS, changes in Customer’s network, etc.), and either determine a bandwidth reduction plan or order additional GB of Monthly Traffic which will be pro-rated and co-terminous with the then-current Subscription Term. If Customer does not either reduce its Monthly Traffic or order additional Seats, Servers, and/or Monthly Traffic within ninety (90) days of notification, then Customer agrees that Partner/Zscaler may invoice Customer for the required additional Seats, Servers, or Monthly Traffic starting from the date of notification. For purposes of this Agreement, “Customer’s Bandwidth Baseline” means the average per-Seat bandwidth consumption determined by Zscaler over the 90-day period following the start of Customer’s subscription to the SaaS.

  7. Additional Seats or Monthly Traffic.

    Customer is responsible for ordering the correct number of Seats, Servers, and/or GB of Monthly Traffic. For any additional Seats, Servers, and/or Monthly Traffic needed during the Subscription Term, Customer agrees to place an additional Order with Zscaler/Partner for such additional Seats, Servers, and/or Monthly Traffic. The additional Seats, Servers, and/or Monthly Traffic will be pro-rated and co-terminous with the then-current Subscription Term. The parties will jointly review the number of Seats, Servers, and/or Monthly Traffic using the SaaS on a quarterly basis, and if it is determined that Customer is using more Seats, Servers, and/or Monthly Traffic than it has ordered, Customer agrees to place an additional Order for the additional required Seats, Servers, and/or Monthly Traffic.

  8. Data Centers.

    Use of all standard data centers are included in the Fees for the SaaS. However, use of Premium Data Centers shall require additional Fees for permanent users (i.e. not roaming users) based in such Premium Data Center regions. Premium Data Centers may convert to standard data centers, but standard data centers will never convert to Premium Data Centers during the Subscription Term, unless otherwise agreed to in writing by Customer. Customer’s use of data centers located in the Middle East may require separate approvals and disclosure of Customer’s name to Zscaler’s regional provider. Notwithstanding the foregoing, for Customers who subscribe to ELA and Transformation bundles, Premium Data Centers are included in the Fees except for Middle East data centers, which will require additional Fees.

  9. API based CASB.

    9.1. API based CASB includes up to 10TB of backward data scan per year and unlimited iterative scan. Customer must purchase capacity for additional backward data scan if they store more than 10TB stored of data in cloud applications.

    9.2. For Backward Data Scan, Customer is responsible for ordering the correct amount of data volume to scan their data at rest in corporate-approved SaaS applications.

    9.3. Customer is responsible for ordering the correct number of Seats for API based CASB. These Seat counts need to match the total number of Authorized Users using cloud applications that are being scanned by API based CASB, such as Box, Microsoft Office 365, Gsuite, and others.

  10. Browser Isolation.

    10.1. Customer agrees and understands that Zscaler and its third-party licensors shall have the right to store cookies and other similar technologies (“Cookies”) in encrypted form between instances/sessions of remote browsers, and to process such Cookies for the sole purpose of providing the Browser Isolation to Customer.

    10.2. If Customer is not subscribed to 100% Cloud Browser Isolation, it will be allocated a certain amount of isolated Monthly Traffic as follows: a 5% Cloud Browser Isolation Customer will be allocated 200MB of isolated Monthly Traffic for each Cloud Browser Isolation Seat, and a 25% Cloud Browser Isolation Customer will be allocated 1GB of isolated Monthly Traffic for each Cloud Browser Isolation Seat.

    10.3. Customer may exceed its allowed Browser Isolation Monthly Traffic by up to ten percent (10%). For example, a 5% Browser Isolation Customer with 100 Browser Isolation Seats may use up to 22,000MB (100 Browser Isolation Seats * 200MB per Browser Isolation Seat * 110%) of isolated Monthly Traffic. If Customer exceeds this additional ten percent (10%) allowance, Zscaler will notify Customer/Partner and Customer agrees to work with Partner/Zscaler in good faith to (i) reduce amount of isolated Monthly Traffic; (ii) order additional Seats and/or Monthly Traffic which will be pro-rated and co-terminous with the then-current Subscription Term; or (iii) upgrade to a higher monthly amount of isolated Monthly Traffic (e.g. move from 5% to 25%). If Customer does not comply with any of the foregoing three (3) options within ninety (90) days of being notified by Zscaler, then Customer agrees that Partner/Zscaler may invoice Customer for the required additional Monthly Traffic starting from the date of notification.

  11. Hardware.

    11.1. Rights, Restrictions and Delivery.

    11.1.1. Rights. Zscaler shall permit Customer to install at Customer’s premises or a data center selected by Customer one or more ZIA Private Service Edges and to utilize such ZIA Private Service Edges solely to enable the SaaS. Customer agrees that Zscaler shall have the ability to perform any maintenance or make any alterations, updates, enhancements, additions or improvements to the ZIA Private Service Edges at any time without Customer’s consent. Except as otherwise permitted herein, Customer will not, and will not permit, any third party (including any employees, agents or contractors of Customer) other than Zscaler or Zscaler authorized agents, to access or service any ZIA Private Service Edges.

    11.1.2. Restrictions. Customer agrees to use the ZIA Private Service Edges only in accordance with instructions provided by Zscaler. The ZIA Private Service Edges may only be used with hardware and software provided by Zscaler. Customer agrees not to (i) load any other software onto the ZIA Private Service Edges; or (ii) grant any third-party access to or use of the ZIA Private Service Edges, or any portion thereof, whether on a service bureau, timesharing, subscription service, rental or application service provider basis or otherwise. Customer shall not, without Zscaler’s consent, make any alterations, updates, enhancements, additions or improvements to the ZIA Private Service Edges. Notwithstanding the preceding, Zscaler may ask Customer to perform reboots, hardware swaps, etc. on the ZIA Private Service Edges.

    11.1.3. Delivery. Each ZIA Private Service Edge shall be suitably packed for shipment in Zscaler’s standard cartons, marked for shipment at Customer’s address specified in the applicable Order, and delivered to a carrier or forwarding agent chosen by Zscaler. Zscaler will cover all costs of shipping, duties and taxes related to the ZIA Private Service Edges. Customer agrees to provide a local point of contact for delivery acceptance and handling and assist Zscaler with any (i) applicable customs clearance processing related to international shipments and (ii) any specific requirements for delivery to Customer’s premises. Customer further agrees that any costs incurred by Zscaler for storage, shipment return, or other items due to Customer’s unresponsiveness or lack of support in providing a successful delivery shall be paid or reimbursed by the Customer.

    11.2. Customer Obligations.

    11.2.1. Customer Representative. Customer shall appoint at least one technical representative who will be fully trained, at Customer’s expense, and qualified to maintain the integrity of the ZIA Private Service Edges at Customer’s installation location. The technical representative shall at least have a general understanding of Customer’s platform and the ZIA Private Service Edges. The technical representative will have physical access or be able to authorize and provide physical access to the ZIA Private Service Edges as requested by Zscaler. Both parties shall determine how many technical representatives should be appointed based on factors such as the number and complexity of the ZIA Private Service Edges being deployed and the amount of Seats/SaaS being supported. The technical representative(s) shall handle all technical communications from Customer to Zscaler. All information and materials provided by Zscaler pursuant to this Agreement shall be routed to the technical representative(s) and shall be protected as Zscaler’s Confidential Information. Customer must ensure that Zscaler is provided 24x7 access to Customer personnel that have the authority and ability to support Zscaler, if required. Customer must further ensure that Zscaler is at all times provided remote connectivity access to each ZIA Private Service Edge in Customer’s possession or control.

    11.2.2. Installation and Operation. Customer agrees that it will maintain the number of ZIA Private Service Edges recommended by Zscaler per installation location, but no less than two (2) ZIA Private Service Edges for each installation location. Customer shall ensure that: (i) Zscaler has network access in order to service, manage, and maintain the ZIA Private Service Edges; (ii) the ZIA Private Service Edges are installed and operated according to applicable Zscaler specifications and recommendations that have been provided to Customer; (iii) a continuous, uninterrupted and suitable power supply is utilized and temperature, humidity and other environmental conditions recommended by Zscaler have been implemented and reasonably maintained; (iv) suitable surge protection devices have been implemented; (v) the ZIA Private Service Edges are connected to the Internet through no less than two (2) discrete Internet providers with redundant Internet service capabilities; (vi) no other equipment or software that may have an adverse impact on the ZIA Private Service Edges are introduced; (vii) no repair attempts or other changes are made by Customer or any third party to any ZIA Private Service Edges, other than with the express approval of Zscaler; (viii) it does not mishandle, neglect, abuse, vandalize, drop, jolt, damage by fire, lighting or water (especially including damage caused by spilled beverages), or otherwise subject the ZIA Private Service Edges to unusual physical stress beyond Zscaler’s specified operating capabilities, (ix) it does not move the ZIA Private Service Edges from one physical location to another without prior approval from Zscaler, (x) it configures its firewall to control access to the Products on the ZIA Private Service Edges, and that its firewall rules are compliant with the Documentation, (xi) it connects to the appropriate network resources recommended by Zscaler and provides associated IP address requirements necessary to run the SaaS; and (xii) it performs replacement of ZIA Private Service Edge parts or the entire ZIA Private Service Edge within 72 hours of Zscaler’s request and accepts shipments from Zscaler of parts associated with such replacement.

    11.2.3 Additional ZIA Private Service Edges. As Customer’s Internet traffic continues to increase, it may be necessary to add additional ZIA Private Service Edges to some or all Customer installation locations. Accordingly, Customer’s technical representative will make all necessary arrangements in order to accommodate the additional ZIA Private Service Edges within thirty (30) days of notification by Zscaler, unless otherwise agreed to in writing by the parties.

    11.3. Maintenance Services.

    11.3.1. Maintenance Services. Subject to the payment of applicable Fees, Customer shall receive Maintenance Services from Zscaler in accordance with the terms and conditions herein, which shall include the following:

    (a) ZIA Private Service Edge Hardware and Software. Zscaler will provide to Customer the required hardware and software for initial installation of the ZIA Private Service Edges at the Customer’s designated site(s).

    (b) Remote Management. Zscaler will conduct periodic remote management of the ZIA Private Service Edges, including remote upgrades of software, in accordance with Zscaler’s standard release and maintenance practices.

    (c) Hardware Repair/Replacement. Zscaler will use commercially reasonable efforts to provide repair and/or replacement of hardware for ZIA Private Service Edges in accordance with the terms set forth herein. In case of unplanned or emergency hardware maintenance deemed necessary by Zscaler, Customer agrees to provide physical access to the affected ZIA Private Service Edge(s) within twenty-four (24) hours of notification by Zscaler. If Customer is unable to conduct physical maintenance of the ZIA Private Service Edges or unresponsive to Zscaler’s requests, Zscaler may retain contractors to perform the maintenance at a fixed hourly rate to be billed by Zscaler to Customer. Zscaler retains sole discretion if, when, and how to engage such contractors. Customer will allow the Zscaler authorized contractor(s) physical access to the ZIA Private Service Edge in order to provide maintenance, repair, or replacement under this Section.

    11.3.2. Maintenance of ZIA Private Service Edges.

    (a) Return Procedure. In the event of hardware failure, Zscaler will be in contact with Customer or Customer may contact Zscaler. Customer will be required to validate and troubleshoot the hardware failure. If Zscaler validates a reported hardware failure, Customer may return the ZIA Private Service Edge(s) to Zscaler at Zscaler’s expense. Zscaler will then ship a replacement ZIA Private Service Edge to Customer, which may take up to six (6) weeks depending on Customer’s location. Alternatively, in the event of hardware failure or upon termination of the Subscription Term, Zscaler may choose to retain a contractor to remove the ZIA Private Service Edge from Customer’s premises.

    (b) Replacement and Upgrades. During the Subscription Term, Zscaler will provide replacement part(s) to Customer, so long as all Fees for the ZIA Private Service Edge(s) have been paid to Zscaler. From time to time, Zscaler may require Customer to update or replace hardware or other elements of the ZIA Private Service Edges to enhance or maintain the performance of the SaaS. In such instances, Zscaler may supply Customer with updated parts or software at no additional cost.

    11.3.3. Exclusions. Zscaler shall have no obligation to provide Maintenance Services for, or to otherwise support, any (i) third party devices (whether hardware, software, cabling, or otherwise) not provided by Zscaler, or any issues with the ZIA Private Service Edges that may be caused by such third party devices; (ii) ZIA Private Service Edges that have been modified by someone other than Zscaler personnel or Zscaler-authorized third parties; (iii) ZIA Private Service Edges damaged, whether by fire, power surge, or other events beyond Zscaler’s reasonable control; (iv) problems caused by the use of ZIA Private Service Edges in an environment other than that for which it was designed, as specified in the Documentation; or (v) any ZIA Private Service Edges obtained from any party other than Zscaler or Partner.

    11.4. Disclaimer. ZSCALER SHALL NOT BE LIABLE FOR ANY CLAIMS OR DAMAGES UNDER THESE HARDWARE TERMS, INCLUDING BUT NOT LIMITED TO DEGRADATION OR INTERRUPTION OF THE SAAS, RESULTING FROM CUSTOMER’S FAILURE TO COMPLY WITH THE REQUIREMENTS OF THE ABOVE SECTIONS, AND SUCH FAILURE SHALL RESULT IN THE INVALIDATION OF ANY AND ALL SERVICE LEVEL AGREEMENTS AND SERVICE CREDITS FOR THE SAAS.

  12. Service Level Agreement.

    The Service Level Agreements for ZIA set forth in the Product Sheet for Service Level Agreements are hereby incorporated into this Product Sheet by this reference.

PRODUCT SHEET – Zscaler Private Access (”ZPA”)

  1. Definitions.

    Any capitalized terms not defined herein shall have the meaning forth in the Agreement or other Product Sheets.

    1.1 “SaaS” for the purpose of this Product Sheet means Zscaler Private Access or “ZPA”.

    1.2 “Seat” means a subscription license for the SaaS for an individual Authorized User.

    1.3 “Server” means a unique domain name, or if a unique domain name does not exist an IP address or set of IP addresses, assigned to an asset.

    1.4 “Transactions” means an HTTP or HTTPS request sent to or from Customer through its use of the SaaS.

  2. Subscription Rights.

    Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to access and use the SaaS during the Subscription Term for the number of purchased Seats and/or Servers. A Seat may only be transferred from one Authorized User to another if the original Authorized User is no longer permitted to access, and does not access, the SaaS.

  3. License Grant for Software.

    Subject to the terms and conditions set forth in this Agreement, Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to download and use the Software to connect Authorized Users to Customer’s hosted applications via the SaaS.

  4. Customer Logs.

    In order to provide the SaaS under this Agreement, Customer agrees that Zscaler shall have the right to process, use, reproduce, store, modify, and display the information from the Customer Logs (as defined below).

    For ZPA, “Customer Logs” means collectively the User Logs, the App Connector Logs, and the Audit Logs. "User Logs" means the activity logs of Authorized Users accessing Customer internal applications through ZPA. "App Connector Logs" means the activity logs of the App Connector, which is set up by Customer to allow Authorized Users access to Customer internal applications through ZPA. "Audit logs" means the activity logs of configuration changes made by Customer via the ZPA admin portal. Customer Logs do not include Customer’s internal system logs. User Logs and App Connector Logs shall be retained by Zscaler for rolling fourteen (14) day periods during the Subscription Term, and Audit Logs shall be retained by Zscaler for rolling six (6) month periods during the Subscription Term. Upon termination or expiration of the Subscription Term, the Customer Logs shall be deleted by Zscaler in accordance with the foregoing fourteen (14) day or six (6) month retention cycle, as applicable. If Customer orders the ZPA log streaming service, then Customer may stream the User Logs and App Connector Logs in real-time to Customer’s premises where the User Logs and App Connector Logs can be sent to multiple Customer systems allowing Customer to retain them for however long it chooses.

    For Zscaler Client Connector, “Customer Logs” means the packet capture logs of Customer’s Transactions. Customer can globally enable or disable the packet capture. Customer has access to these Customer Logs at all times, and can delete the Customer Logs from the applicable laptop, desktop or personal mobile device.

    During the deployment process, Customer may choose to have its Customer Logs stored in either the United States or the European Union & Switzerland.

  5. Service Level Agreement.

    The Service Level Agreement for ZPA set forth in the Product Sheet for Service Level Agreements is hereby incorporated into this Product Sheet by this reference.

PRODUCT SHEET – DNS-Based Guest WiFi Security

  1. Definitions.

    Any capitalized terms not defined herein shall have the meaning forth in the Agreement or other Product Sheets.

    1.1 “DNS Transaction” means a recursive DNS query sent from Customer through its use of the SaaS.

    1.2 “Location” means a subscription for a specific access point to the Internet in connection with the SaaS.

  2. Subscription Rights.

    Zscaler grants Customer and its Affiliates a limited, non-transferable/non-assignable (except as set forth in the Agreement), non-exclusive right to access and use the SaaS during the Subscription Term for the number of purchased Locations.

  3. Customer Logs.

    In order to provide the SaaS under this Agreement, Customer agrees that Zscaler shall have the right to process, use, reproduce, store, modify, and display the information from the Customer Logs. “Customer Logs” means collectively the Raw Logs and the Summarized Logs. “Raw Logs” means the metadata of all DNS Transactions sent to or received from Customer through its use of the SaaS, and shall be retained by Zscaler for rolling two (2) week periods during the Subscription Term. “Summarized Logs” means the summarized versions of the Raw Logs, and shall be retained by Zscaler for rolling six (6) month periods during the Subscription Term. Upon termination or expiration of the Subscription Term, the Customer Logs shall be deleted by Zscaler pursuant to the two (2) week or six (6) month retention cycle.

    During the deployment process, Customer may choose to have its Customer Logs stored in either the United States or the European Union & Switzerland.

  4. Additional Locations (including appropriate amount of DNS Transactions).

    Customer is responsible for ordering the correct number of Locations (including appropriate amount of DNS Transactions). For any additional Locations needed during the Subscription Term, Customer agrees to place an additional Order with Zscaler/Partner for such additional Locations. The additional Locations will be pro-rated and co-terminous with the then-current Subscription Term. The parties will jointly review the number of Locations (including the associated amount of DNS Transactions) using the Products on a quarterly basis, and if it is determined that Customer is using more Locations (including the associated amount of DNS Transactions) than it has ordered, Customer agrees to place an additional Order for the additional required Locations (including the associated amount of DNS Transactions).

  5. Service Level Agreement.

    The Service Level Agreement for DNS-Based Guest Wifi Security set forth in the Product Sheet for Service Level Agreements is hereby incorporated into this Product Sheet by this reference.

PRODUCT SHEET – Service Level Agreements

Zscaler provides the Service Level Agreements set forth below for the SaaS, subject to the terms and conditions set forth herein.

  1. Definitions for Service Level Agreements.

    Any capitalized terms not defined herein shall have the meaning as set forth in the Agreement or other Product Sheets, as applicable.

    1.1 “Data Packet” means a unit of data made into a single Internet Protocol (IP) package that travels along a given network path.

    1.2 “Excluded Applications" means Customer application(s) that are unavailable due to (a) failure by Customer’s network to forward traffic to Zscaler; (b) failure by an intermediate ISP (other than Zscaler’s direct ISP(s)) to deliver traffic to Zscaler; (c) a Customer-implemented policy change; (d) Zscaler scheduled maintenance as posted on the Trust Portal; and/or (e) a ZPA Private Service Edge deployed in Customer’s network whereby Zscaler has no control of the operation and/or use of the ZPA Private Service Edge.

    1.3 “Excluded Transactions and Sessions” means Transactions and Sessions that are not processed due to (a) failure by Customer’s network to forward traffic to Zscaler; (b) failure by an intermediate ISP (other than Zscaler’s direct ISP(s)) to deliver traffic to Zscaler; (c) a Customer-implemented policy change that causes Transactions and Sessions to drop; (d) Zscaler scheduled maintenance as posted on the Trust Portal; (e) the internet traffic flowing through a ZIA Virtual Service Edge (also referred to as a “VZEN”) which is deployed in Customer’s network whereby Zscaler has no access to or control of the operation and/or use of the ZIA Virtual Service Edge; and/or (f) local regulations which prevent Zscaler from processing traffic for Authorized Users in certain regions.

    1.4 “Known Virus” means a virus for which, at the time of receipt of content by Zscaler: (i) a signature has already been made publicly available for a minimum of one (1) hour for configuration by Zscaler’s third party commercial scanner; and (ii) is included in the Wild List located at http://www.wildlist.org and identified as being “In the Wild” by a minimum of three (3) Wild List participants.

    1.5 “Qualified DNS Transactions” means the following: (i) the lookup is already cached by Zscaler’s recursive DNS server, or if it’s not cached, the response time of the authoritative DNS server is not counted as part of the Latency Agreement; and (ii) a reasonable level of service consumption (based on the number of purchased DNS Transactions per Location).

    1.6 “Qualified Transactions and Data Packets” means the following: (i) less than 1 MB HTTP GET request and response; (ii) not SSL-intercepted; (iii) not related to streaming applications; (iv) not subject to bandwidth management rules (QoS enforcement); and (v) a reasonable number of Transactions and Data Packets per Seat (based on Zscaler’s cloudwide average).

    1.7 “Session” means any non-HTTP or non-HTTPS request sent to or from Customer through its use of the SaaS.

    1.8 “Transaction” means an HTTP or HTTPS request sent to or from Customer through its use of the SaaS.

    1.9 “Trust Portal” means the Zscaler portal located at https://trust.zscaler.com where Zscaler posts cloudwide health and maintenance notices.

  2. General Provisions for Service Level Agreements.

    2.1. In order for any of the Service Level Agreements to apply, (i) Customer must subscribe to the SaaS that provides the applicable Service Level Agreement, (ii) Customer’s network must be properly configured pursuant to the Documentation, including but not limited to being configured on a 24 X 7 X 365 basis in a manner that allows Customer to take advantage of Zscaler’s redundant global infrastructure; (iii) for ZPA, at least two (2) Zscaler App Connectors are required at each Customer site connecting to the SaaS; and (iv) for ZPA Private Service Edge, to the extent subscribed by Customer, at least two (2) ZPA Private Service Edge are required at each Customer site connecting to the SaaS.

    2.2. The SaaS will scan as much of the traffic downloaded as technically possible; however, it may not be possible to scan items that (i) are encrypted, encapsulated, tunneled, compressed, modified from their original form for distribution, (ii) have product license protection, or (iii) are protected by the sender in ways that Zscaler cannot inspect (e.g. password protected). The foregoing items (i) through (iii) are excluded from the Service Level Agreements.

    2.3. The Service Credits set forth in the Service Level Agreements shall be Customer’s sole and exclusive remedy for failing to meet the applicable Service Level Agreement. In order to be eligible for a Service Credit, (i) Zscaler must have received all owed Fees for Customer; and (ii) Customer or Partner must request a Service Credit via a support ticket within ten (10) days from the date of the incident giving rise to a Service Credit. Zscaler will research the incident(s) to determine if a Service Level Agreement was not met, and provide a response to the Customer no later than ten (10) days after the end of the month in which the incident occurred. For example, if the incident occurred on November 15th, and a support ticket was raised by Customer or Partner on or before November 25th, Zscaler would respond to Customer with the Service Level Agreement calculation by December 10th. Failure to comply with (i) and/or (ii) will forfeit Customer’s right to receive a Service Credit.

    2.4. The dollar value of the Service Credit to be applied to the next invoice will be calculated by converting the Service Credit (i.e. the number of days) into the appropriate dollar number. For purposes of example, for a 12-month contract term with a total annual Fee of $500,000, and the Service Credit is determined to be “3 days,” then Zscaler would provide a credit to Customer or Partner equaling $4,109.59 (3 days / 365 days X $500,000) on Customer’s next invoice.

    2.5. The aggregate maximum Service Credit that Zscaler will issue for failing to meet any Service Level Agreements in a single calendar month will not exceed thirty (30) calendar days’ worth of SaaS.

Service Level Agreements for Zscaler B2B

  1. Service Availability Agreement

    The SaaS will be available 100% of the total hours during every month Customer uses the SaaS (the “Service Availability Agreement”). Excluded Applications are not factored into the Service Availability computation.

    Failure to meet this Service Availability Agreement results in a Service Credit as follows:

    Availability PercentageService Credit
    >= 99.999%N/A
    < 99.999% but >= 99.99%3 days
    < 99.99% but >= 99.00%7 days
    < 99.00% but >= 98.00%15 days
    < 98.00%30 days

Service Level Agreements for CSPM

  1. Service Availability Agreement

    The SaaS will be available 99.9% of the total hours during every month Customer uses the SaaS (the “Service Availability Agreement”). Company will apply any Service Credits only against future service payments. Service Credits shall not entitle the Customer to any refund or other payment from the Company. Excluded Transactions and Sessions are not factored into this Service Availability computation.

    Failure to meet this Service Availability Agreement results in a Service Credit as follows:

    Availability PercentageService Credit
    >= 99.9%N/A
    < 99.9% but >= 99.00%3 days
    < 99.00% but >= 98.00%7 days
    < 98.00% but >= 95.00%15 days
    < 95.00%30 days

Service Level Agreements for ZIA

  1. Service Availability Agreement

    The SaaS will be available to accept Customer’s Transactions and Sessions 100% of the total hours during every month Customer uses the SaaS (the “Service Availability Agreement”). Service Availability is computed as a ratio of the number of Transactions and Sessions processed by Zscaler in any affected calendar month on behalf of Customer, to the number of Transactions and Sessions that should have been processed. Excluded Transactions and Sessions are not factored into this Service Availability computation.

    Failure to meet this Service Availability Agreement results in a Service Credit as follows:

    Percentage of Transactions and Sessions Processed During a MonthService Credit
    >= 99.999%N/A
    < 99.999% but >= 99.99%3 days
    < 99.99% but >= 99.00%7 days
    < 99.00% but >= 98.00%15 days
    < 98.00%30 days
  2. Latency Agreement

    Zscaler will process Customer’s Transactions and Data Packets with an average latency over a calendar month of 100 milliseconds or less for the 95th percentile of traffic (the “Latency Agreement”). The Latency Agreement is only applicable to Qualified Transactions and Data Packets. The processing of Transactions and Data Packets is measured from when the Zscaler proxy receives the Transactions and Data Packets to the point when the Zscaler proxy attempts to transmit the Transactions and Data Packets.

    Failure to meet this Latency Agreement results in a Service Credit as follows:

    Percentage of Qualified Transactions and Data Packets with an Average Latency of 100 Milliseconds or LessService Credit
    >= 95.00%N/A
    < 95.00% but >= 94.00%7 days
    < 94.00% but >= 90.00%15 days
    < 90.00%30 days
  3. Virus Capture Rate Agreement

    Zscaler will capture 100% of all Known Viruses transmitted through the Transactions (the “Virus Capture Rate Agreement”). Virus Capture Rate is calculated by dividing the Transactions with Known Viruses blocked by the total Transactions with Known Viruses received by Zscaler on behalf of Customer.

    For the Virus Capture Rate Agreement to apply, Customer must utilize the SaaS in accordance with the recommended anti-virus settings on Customer’s user interface. Customer’s systems are deemed to be infected if a Known Virus contained in a Transaction received through the SaaS has been activated within Customer’s systems, either automatically or with manual intervention. In the event that Zscaler detects but does not stop a Known Virus, Customer agrees to cooperate with Zscaler in order to identify and delete the item.

    Failure to meet the Virus Capture Rate Agreement results in a Service Credit as follows:

    Virus Capture RateService Credit
    >= 99.00%7 days
    < 99.00% but >= 98.00%15 days
    < 98.00%30 days

Service Level Agreement for ZPA

  1. Service Availability Agreement

    The SaaS will be available 100% of the total hours during every month Customer uses the SaaS (the “Service Availability Agreement”). Excluded Applications are not factored into the Service Availability computation.

    Failure to meet this Service Availability Agreement results in a Service Credit as follows:

    Availability PercentageService Credit
    >= 99.999%N/A
    < 99.999% but >= 99.99%3 days
    < 99.99% but >= 99.00%7 days
    < 99.00% but >= 98.00%15 days
    < 98.00%30 days

Service Level Agreements for DNS-Based Guest WiFi Security

  1. Service Availability Agreement

    The SaaS will be available to accept Customer’s outbound DNS Transactions 100% of the total hours during every month Customer uses the SaaS (the “Service Availability Agreement”).

    Failure to meet this Service Availability Agreement results in a Service Credit as follows:

    Percentage of DNS Transactions Processed During a MonthService Credit
    >= 99.99%N/A
    < 99.99% but >= 99.9%15 days
    < 99.9%30 days
  2. Latency Agreement

    Zscaler will process the content of Customer’s DNS Transactions with an average latency over a calendar month of two (2) milliseconds or less for the 95th percentile of traffic (the “Latency Agreement”). The Latency Agreement is only applicable to Qualified DNS Transactions.

    Failure to meet this Latency Agreement results in a Service Credit as follows:

    Percentage of Qualified DNS Transactions with an Average Latency of 2 Milliseconds or LessService Credit
    >= 95%N/A
    < 95% but >= 94%7 days
    < 94% but >= 90%15 days
    < 90%30 days

PRODUCT SHEET – Deployment Services

Zscaler provides Deployment Services to advise Customer on best practices for optimum use of the Products. However, Customer will need to provide overall project management, including making required network changes in order to fully utilize the Products. Zscaler provides Deployment Services through standard packages with pre-determined engagement durations. Customer can refer to https://www.zscaler.com/resources/data-sheets/professional-services.pdf and https://www.zscaler.com/resources/data-sheets/professional-services-optimize.pdf for data sheets covering the specific details for each Deployment Services package (the “DS Data Sheets”).

Customer agrees and understands that the Deployment Services packages will be invoiced upfront on the Order date. Customer roll-out of the Products may not be complete at the end of the Deployment Services engagement duration (as set forth in the DS Data Sheets). Customer may need to continue traffic roll-out after the Deployment Services have been completed and/or expired.

If Customer requests custom Deployment Services or professional services in addition to, or instead of, the standard Deployment Services packages, then Customer agrees to execute a separate Statement of Work (SOW) with Zscaler or Partner prior to Zscaler commencing any custom Deployment Services or professional services. Such SOW will be provided to Customer by Zscaler and will be mutually agreed upon by the parties.

Except as set forth in a SOW or otherwise agreed to in writing by the parties, all Deployment Services will be performed remotely by Zscaler personnel. In the event Zscaler personnel are required to travel to Customer’s site, Customer agrees to pay for all pre-approved travel expenses, hotel accommodations, and any other out-of-pocket expenses incurred by Zscaler in connection with providing the Deployment Services. Such expenses will be invoiced monthly as they are incurred.

CUSTOMER AGREES AND UNDERSTANDS THAT THE ENTIRE RISK ARISING OUT OF THE PERFORMANCE OF ANY CUSTOM DEPLOYMENT SERVICES OR PROFESSIONAL SERVICES REQUESTED BY CUSTOMER UNDER A SOW REMAINS WITH CUSTOMER. IN NO EVENT SHALL ZSCALER NOR ANY OF ITS AFFILIATES OR PERSONNEL BE LIABLE FOR ANY DAMAGES, CLAIMS, OR LOSSES WHATSOEVER ARISING OUT OF OR RELATED TO THE CUSTOM DEPLOYMENT SERVICES OR PROFESSIONAL SERVICES PROVIDED TO CUSTOMER UNDER A SOW.

PRODUCT SHEET - Support Services and Technical Account Manager (TAM)

  1. Support Services

    Support services (the “Support”) are available through Zscaler’s helpdesk, which is operational 24 X 7 X 365. Upon reporting the incident (via phone, web form, or Customer’s administrative user interface (UI)), the incident will be assigned a unique Support ID number and such number must be used in all future correspondence until the incident is resolved. Standard Support is included in the Fees for the Products; Premium Support and Premium Plus Support may be purchased by Customer for an additional fee. If Zscaler’s helpdesk is not able to immediately help, the request for service will be logged and Zscaler will respond to the Customer according to the severity levels and Support levels below:

    Zscaler SupportStandardPremiumPremium Plus
    Access 24 x 7 x 365
    Phone / Web Portal / Admin UI
    Online Training, User Guides, Articles
    Support Experience LevelLevel 1 Engineer (Pool)Level 2 Engineer (Pool)Level 2 Engineer (Pool) and TAM - Shared TAM unless Customer purchases a dedicated TAM - TAM supports Customer’s standard business hours
    TAM Engagement  Weekly, Monthly, Quarterly
    Severity Levels   
    P1 Response – An issue that prevents operation of critical documented functions with high frequency or duration.2 hrs30 min15 min
    P2 Response – An issue that consistently prevents operation of non-critical documented functions or occasionally impacts critical documented functions or a critical issue for which a temporary work around has been provided.4 hrs1 hr30 min
    P3 Response – An issue that has some impact on administration, non-critical operation or other secondary functions or a major issue for which a temporary work around has been provided.12 hrs3 hrs2 hrs
    P4 Response – The SaaS is unaffected; Customer requests product related technical advice or general information and feature questions related to the Products.48 hrs4 hrs4 hrs

    In order for Zscaler to best support Customer during the Subscription Term, Customer also agrees to attend and support regularly scheduled quarterly business reviews with Zscaler.

  2. TAM

    The responsibilities of a typical remote TAM are described below:

    Remote TAM Responsibilities
    A TAM is a shared resource unless a dedicated resource is purchased for additional Fees.
    A remote resource who provides Customer support during Customer’s business hours; support is provided by Zscaler’s 24x7 Support team after business hours, during Zscaler internal trainings, and during the TAM’s paid time off (PTO).
    Work on problems and incident tickets during Customer’s business hours; assist with Support escalations; manage, escalate, and drive satisfactory resolution of Customer issues related to Products.
    Hold weekly review meetings; attend quarterly business reviews.
    Create and facilitate communication channel between Customer and Zscaler product management and engineering teams.
    Proactively update Customer about cloud updates, upgrades, and ensure necessary action to maintain Product availability and Customer satisfaction.
    Provide Product training to Customer.
    Proactively monitor reporting information and policy configurations; make on-going recommendations.
    Help develop and maintain best practices for implementing and supporting Products through internal and Customer-facing knowledge bases.
    Maintain in-depth knowledge of all Products.
    Provide clear and constructive Product feedback to Zscaler product management team based on Customer feedback.