mailing list archives
Re: [PEN-TEST] Sample Contract
From: "S. Kelly" <skelly_mcse () HOTMAIL COM>
Date: Wed, 25 Oct 2000 19:44:27 -0700
below is a sample I picked up from another list awhile ago
you might like to look over, I've also attatched it in .txt format.
<--sample start -->
Security Services Letter of Authority
THIS LETTER OF AUTHORITY is made the 12 day of January, 2000.
The Confident has requested xx to perform a specialised security service.
During the service, consultants will be investigating commercially sensitive
accesses and information. Due to the nature of these services xxx is
required to obtain positive proof of identity from the customer, as well as
proof of authority to proceed. This Letter of Authority is to cover the
ongoing confidential protection of such information and authority to proceed
with the security service.
It is understood that whilst every reasonable precaution is taken, due to
the frailties of networks and their reaction to unknown variables, xxx
cannot be held responsible for losses due to network variables such as
server crashes. xxx will not commence any service unless a complete backup
of the network is completed prior to any operation or testing is attempted
to ensure immediate recovery in the event of losses, however unlikely. We
further recommend that all patches be applied in the appropriate manner to
the operating system.
The Confident proposes to give access to and disclose to xxxxx Confidential
Information required to perform the security services. This Confidential
Information may either be disclosed by the Confident or discovered by xxxx
during the course of the security service. The Confidential Information may
include, but is not limited to; certain trade secret information, data,
network information, telephone system information, customer information
and/or materials relating to their business. This Confidential Information
is given to xxxx in confidence on the condition that the Confidential
Information will not be disclosed or copied to any third person, firm or
company unless authorised in writing by the confiding party (the Confident).
NOW THEREFORE, the parties hereto agree as follows:
1. xxxxx will retain the Confidential Information in the strictest
confidence and will neither directly nor indirectly use it or disclose it to
any person, firm or corporation without the written consent of the
2. xxxxx will exercise all due and diligent care and take all reasonable
precautions to prevent any unauthorised disclosure or copying of the
3. Each party will advise its employees who may, with the authority of the
Confident, be given access to the Confidential Information, of the
confidential nature and will ensure that to the best of their ability, those
employees take reasonable care with the said Confidential Information in
order to preserve the confidentiality of it, both during the subsistence of
this Agreement and thereafter.
4. xxxxx will return to the other immediately upon demand all written or
machine readable materials embodying such Confidential Information and all
copies thereof, except such Confidential Information stored on valuable
media, which shall be destroyed or erased and such destruction or erasure
certified to the Confident within seven (7) days of the date thereof.
5. To notify the Confident if xxxxx is under any impression of any possible
risk to the network and to fully explain why and what their concern is. This
includes ceasing any testing as soon as anything of this nature becomes
6. That xxxxx will take all necessary steps to ensure that, as far as is
possible, all services are trouble free and will not present any threat,
cause damage, or harm the network in any way.
IN WITNESS WHEREOF the parties hereunto signed to indicate their acceptance
of this Letter of Authority as here set out.
SIGNED for and on behalf of SIGNED for and on behalf of
in the presence of: in the presence of:
Date: / / 2000 Date: / / 2000
<--End Sample -->
hope this helps,