Penetration Testing mailing list archives
RE: Starting up: What contracts, agreements, waivers, etc do you use?
From: "Yonatan Bokovza" <Yonatan () xpert com>
Date: Sun, 20 Jun 2004 00:56:17 +0300
We usually sign Non-Disclosure Agreements, so the client is assured his sensitive information is safe with us. The client is also signed on a legal paper saying we take no responsibility for any loss that occurs due to the penetration-test, though we promise to do our best to minimize it. As for the liability issue you mentioned, I know there are insurance solutions for that. Regards, Yonatan Bokovza Senior IT Security Consultant, CISSP Xpert Systems -----Original Message----- From: anonyguard-pentest () yahoo com [mailto:anonyguard-pentest () yahoo com] Sent: Wed 6/16/2004 5:36 PM To: pen-test () securityfocus com Cc: Subject: Starting up: What contracts, agreements, waivers, etc do you use? Hello, everyone. I'm looking at the possibility of striking out on my own with a network vulnerability assessment / penetration test consulting firm. My question is more towards the administrative side of the business, rather than the technical. For those of you who do this kind of consulting, what sorts of contracts, statements of work or other legal documents do you use with your customers? I'm particularly concerned about the liability issue of probing and/or breaking into other peoples' networks. What sort of waivers do you ask your customers to sign, or what reasonable amount of liability are you willing to accept?
Current thread:
- Starting up: What contracts, agreements, waivers, etc do you use? anonyguard-pentest (Jun 16)
- <Possible follow-ups>
- RE: Starting up: What contracts, agreements, waivers, etc do you use? Yonatan Bokovza (Jun 21)
- RE: Starting up: What contracts, agreements, waivers, etc do you use? Martin Murray-Brown (Jun 22)
- Re: Starting up: What contracts, agreements, waivers, etc do you use? bartholomewbj (Jun 22)