Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Starting up: What contracts, agreements, waivers, etc do you use?
From: "Martin Murray-Brown" <Martin.Murray-Brown () derivco com>
Date: Tue, 22 Jun 2004 08:50:08 +0200

Hi all,

In helping set up the documentation for our new security testing team,
we found the OSSTMM manual very helpful... specifically the rules of
Take a look here... http://www.isecom.org/osstmm/

-----Original Message-----
From: Yonatan Bokovza

We usually sign Non-Disclosure Agreements, so the client is assured his
information is safe with us.
The client is also signed on a legal paper saying we take no
responsibility for any
loss that occurs due to the penetration-test, though we promise to do
our best to
minimize it.
As for the liability issue you mentioned, I know there are insurance
solutions for
Yonatan Bokovza
Senior IT Security Consultant, CISSP
Xpert Systems

        -----Original Message----- 
        From: anonyguard-pentest () yahoo com

        Hello, everyone.  I'm looking at the possibility of
        striking out on my own with a network vulnerability
        assessment / penetration test consulting firm.  My
        question is more towards the administrative side of the
        business, rather than the technical.  For those of you
        who do this kind of consulting, what sorts of contracts,
        statements of work or other legal documents do you use
        with your customers?  I'm particularly concerned about
        the liability issue of probing and/or breaking into
        other peoples' networks.  What sort of waivers do you
        ask your customers to sign, or what reasonable amount
        of liability are you willing to accept?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]