— Legal

Terms of Service.

Effective: 1 January 2026 Version 1.0

These Terms of Service ("Terms") govern professional services delivered by Centuric LLC ("Centuric," "we," "us") under the MyCMMC.ai brand, including CMMC readiness, remediation, build, and managed compliance services (collectively, the "Services"). By engaging Centuric, signing a Statement of Work, or otherwise authorizing work, you ("Client") agree to these Terms.

Plain-English summary

We provide professional services to help you prepare for CMMC. We are not a C3PAO and we do not issue your CMMC certification — that is a separate, independent party. Specific engagements are governed by a Statement of Work that takes precedence on conflict. We work in good faith but we cannot guarantee assessment outcomes.

1. The Services

Centuric delivers the following categories of professional services through the MyCMMC.ai practice:

  • Readiness Assessment — scoping, gap analysis against NIST SP 800-171, a written remediation roadmap, and an executive readout
  • Remediation & Build — design and deployment of GCC or GCC High enclaves, control implementation, System Security Plan (SSP) and Plan of Action & Milestones (POAM) authoring, and pre-assessment readiness
  • Managed Compliance — continuous control monitoring, automated evidence collection, drift detection, quarterly internal reviews, and re-attestation preparation
  • Advisory — hourly or retainer-based consulting on CMMC, NIST 800-171, NIST 800-172, DFARS, ITAR, and related frameworks

Specific deliverables, schedules, and acceptance criteria for any engagement are set out in a Statement of Work ("SOW") executed by both parties. Where these Terms conflict with an executed SOW or Master Services Agreement, the executed document controls.

2. CMMC Disclaimers — Read Carefully

Important

Centuric is a Registered Practitioner Organization (RPO) and employs Registered Practitioners (RP) in the Cyber-AB ecosystem. We prepare Clients for CMMC assessment. We are not a Certified Third-Party Assessment Organization (C3PAO), we do not perform CMMC certification assessments, and we do not issue CMMC certifications.

You acknowledge and agree that:

  • A C3PAO independent of Centuric must perform any CMMC Level 2 third-party assessment that results in a certification
  • The outcome of any assessment depends on the assessor's professional judgment, the completeness of your evidence at the time of assessment, and changes in the standard or its implementation guidance — none of which Centuric controls
  • Centuric does not warrant or guarantee that you will pass any CMMC assessment, achieve any specific score, qualify for any specific Level, or receive any specific certification
  • Centuric does not provide legal advice. Our work product is technical and operational, not legal opinion. You should consult qualified legal counsel for contract interpretation, DFARS clause obligations, and disclosure decisions
  • You remain responsible for the accuracy and completeness of any self-assessment submission to the Supplier Performance Risk System (SPRS) or any other government repository, including any senior official affirmation

Nothing in these Terms or in any Centuric deliverable shall be construed as a representation, warranty, or guarantee of an assessment outcome.

3. Client Responsibilities

Centuric's ability to deliver the Services depends on Client cooperation. You agree to:

  • Provide timely access to systems, documentation, personnel, and decision-makers necessary to perform the Services
  • Designate a Client Point of Contact with authority to approve scope, schedule, and acceptance of deliverables
  • Provide accurate information about contract clauses, data classifications, CUI handling, and existing controls — including any clauses that require U.S. citizenship for administrators, U.S. data residency, ITAR registration, or comparable obligations
  • Make business and procurement decisions in a timely manner where those decisions affect the engagement schedule
  • Maintain accurate inventories of systems, users, and data flows in scope for the assessment boundary

Delays attributable to Client may shift the schedule and, where they materially extend an engagement, may result in change orders.

4. Acceptable Use

You agree not to use the Services or any Centuric deliverable to:

  • Misrepresent your CMMC posture to a prime contractor, government agency, or any third party
  • Submit false statements to SPRS or any other government repository
  • Circumvent applicable laws, including ITAR, EAR, the Foreign Corrupt Practices Act, or applicable sanctions and export controls
  • Conduct, plan, or facilitate fraud, unauthorized access, or other unlawful activity
  • Resell, repackage, or sublicense Centuric work product except as expressly permitted in writing

Centuric may suspend or terminate an engagement immediately and without refund if we reasonably believe you have violated this section. We may disclose related information to law enforcement or regulators where required by law.

5. Client Data and Controlled Unclassified Information

In the course of the Services we may receive, review, or temporarily process Client information, including information that may be Controlled Unclassified Information ("CUI"). We agree to:

  • Handle CUI in accordance with NIST SP 800-171 controls operating in our own environment, including encryption in transit and at rest, role-based access, multi-factor authentication, audit logging, and incident response
  • Restrict access to Client information to Centuric personnel with a documented need to know and, where ITAR or contract clauses require, restrict access to U.S. persons
  • Use Client information only for the purpose of delivering the Services or as required by law
  • Return or destroy Client information at the end of an engagement upon Client request, subject to legal retention obligations and our right to retain work product reflecting our methodology

Where Client engages Centuric to administer a GCC High or other Microsoft enclave, administrative actions are performed by U.S.-citizen Centuric personnel, and the enclave is operated within the U.S. data residency boundary required by the underlying Microsoft offering.

6. Subcontractors

Centuric may engage subcontractors to support delivery, including Registered Practitioners, U.S.-citizen technical specialists, and licensed software providers. Where applicable, subcontractors are bound by written confidentiality and security obligations no less protective than those in these Terms. Centuric remains responsible for the performance of its subcontractors.

7. Intellectual Property

Centuric retains all right, title, and interest in our methodologies, templates, tools, frameworks, training materials, and any pre-existing intellectual property used or developed independently of any engagement. Upon Client's payment in full for an engagement, Client receives a non-exclusive, perpetual, royalty-free license to use the deliverables produced under that engagement for Client's internal business purposes, including for assessment by a C3PAO or government inspector.

Client retains all right, title, and interest in Client information, configurations specific to Client environments, and Client-authored content. Nothing in these Terms transfers ownership of Client information to Centuric.

8. Fees, Invoicing, and Taxes

Fees for each engagement are specified in the applicable SOW. Unless otherwise stated:

  • Fixed-fee engagements (such as Readiness Assessments) are invoiced 50% at kickoff and 50% at delivery
  • Time-and-materials engagements are invoiced monthly in arrears for work performed in the preceding period
  • Managed Compliance fees are invoiced monthly in advance for the upcoming period
  • Travel and out-of-pocket expenses are billed at actual cost without markup, with pre-approval for any expense exceeding $1,000

Invoices are payable Net 30 from the invoice date. Past-due balances may accrue interest at the lesser of 1.5 percent per month or the maximum rate permitted by law. Fees do not include sales, use, value-added, or similar taxes, which are the Client's responsibility where applicable. Federal contractors should consult their contracts and accounting personnel regarding cost-allowability under DFARS and the Federal Acquisition Regulation.

9. Term and Termination

Each engagement begins on the SOW effective date and continues until the deliverables are complete or, for recurring services, until terminated as provided here. Either party may terminate an engagement for material breach by the other that remains uncured for 30 days after written notice. Centuric may terminate immediately on written notice for Client non-payment past 30 days, violation of Acceptable Use, or fraud.

Upon termination, Client will pay for work performed and expenses incurred through the termination date. Centuric will deliver work product completed through that date in its then-current state. Sections that by their nature survive (including IP, Confidentiality, Liability, Indemnification, and Governing Law) will continue in effect.

10. Service Levels and Disclaimers

We will use commercially reasonable efforts to deliver the Services in a professional and workmanlike manner consistent with applicable industry standards. Except as expressly stated in an executed SOW, the Services are provided "as is" and Centuric makes no warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, or non-infringement.

Centuric does not warrant that any Client environment will be free of vulnerabilities, that any specific control will pass assessor scrutiny, that any AI-derived output is free of error, or that any third-party platform on which the Services depend (including Microsoft 365, Microsoft Azure, Microsoft Entra, Microsoft Defender, Microsoft Intune, and Microsoft Purview) will be free of defects or downtime.

11. Limitation of Liability

To the maximum extent permitted by law, Centuric's aggregate liability for any claim arising out of or relating to the Services or these Terms is limited to the fees paid by Client to Centuric in the twelve months preceding the event giving rise to the claim.

In no event will Centuric be liable for indirect, incidental, consequential, special, exemplary, or punitive damages, including lost contracts, lost profits, lost revenue, lost business opportunities, lost data, business interruption, or loss of goodwill, even if advised of the possibility of such damages. This includes any loss alleged to result from a failed CMMC assessment, delayed certification, or contracting decision by a prime or government customer.

12. Indemnification

Client agrees to indemnify and hold harmless Centuric and its officers, employees, agents, and subcontractors from any third-party claims, damages, or expenses (including reasonable attorneys' fees) arising from: (a) Client's use of the Services or deliverables, (b) Client's violation of these Terms or applicable law, (c) Client's submissions to government repositories or representations to prime contractors, or (d) Client's failure to provide accurate scope information.

13. Confidentiality

Each party will protect the other's Confidential Information with at least the same degree of care it uses for its own confidential information, and in any case no less than a reasonable standard of care. "Confidential Information" includes any non-public information disclosed in connection with the Services, marked confidential or that reasonably should be understood as confidential, including CUI, network diagrams, control evidence, pricing, and engagement deliverables. Confidentiality obligations survive termination for five years, or longer where required for CUI or by applicable law.

14. Changes to These Terms

We may update these Terms from time to time. Material changes will be communicated by email to the Client Point of Contact at least 30 days before they take effect, or, for new engagements, will apply to engagements commencing after the effective date of the change. Continued engagement after notice of a material change constitutes acceptance.

15. Governing Law and Disputes

These Terms are governed by the laws of the State of Florida, without regard to conflict-of-laws principles. Any dispute arising out of or relating to these Terms or the Services shall be resolved exclusively in the state or federal courts located in Broward County, Florida, and both parties consent to exclusive personal jurisdiction in those courts. Each party waives any right to a jury trial. Neither party may bring claims as a class representative or in a class action.

16. Miscellaneous

These Terms, together with any executed SOW or Master Services Agreement and the Privacy Policy, constitute the entire agreement between Client and Centuric regarding the Services and supersede any prior understanding. If any provision is held unenforceable, the remainder shall remain in effect. Failure to enforce any provision is not a waiver. Neither party may assign these Terms without the other's prior written consent, except either party may assign in connection with a merger, acquisition, or sale of substantially all assets.

17. Contact

Questions about these Terms should be directed to:

Centuric LLC
13798 NW 4th St., Suite 311
Sunrise, Florida 33325
helpdesk@centuric.com