Terms & Conditions for Penetration Testing

At Redline Cyber Security, hereinafter referred to as the “Provider,” we prioritize transparency, mutual respect, and adherence to agreed-upon terms in our interactions with you. For the purposes of this document and any associated agreements, the individual, company, or entity procuring our services will be referred to as the “Client.” The ensuing terms and conditions aim to clarify the expectations and responsibilities of both parties, ensuring a seamless and productive partnership.

  1. Provider shall utilize industry standard software to perform electronic scans of Client’s networks and/or firewalls or on any system attached to the Client network(s). Measures will be taken to avoid damaging networks and systems, as well as the data contained within such networks and systems.  If damages caused by Provider were unforeseeable, Provider will not be held responsible for the damages or any of its consequences, unless said damages were caused by gross negligence or willful misconduct of Provider.
  2. This Agreement covers all computer and communication devices owned or operated by Client. This Agreement also covers any computer and communications device that are present on Client network(s) during the engagement timeframe. Provider will not intentionally perform Denial of Service activities without the explicit request and authorization of Client.
  3. Client will deliver to Provider certain information required for performing its tests, including a description and location (e.g., an IP address or URL) of the systems and networks to be tested. Client represents and warrants that all information provided is true and accurate and that Client owns or is authorized to represent the owners of the systems and networks described in connection with the penetration testing.
  4. Network performance and/or availability may be affected by the network scanning and/or testing. Client releases Provider of any and all liability for damages that may arise from network availability restrictions caused by the network scanning and/or testing, unless such damages are the result of gross negligence or intentional misconduct on behalf of Provider.
  5. Provider will use reasonable care in the performance of the Services.  CLIENT ACKNOWLEDGES, UNDERSTANDS AND AGREES THAT PROVIDER DOES NOT COVENANT, GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, DISCOVER AND/OR REPAIR ANY OR ALL OF CLIENT’S SYSTEM’S VULNERABILITIES, OR THAT PROVIDER WILL BE ULTIMATELY SUCCESSFUL IN DETERMINING THE SOURCE OR FULL IMPACT OF ANY AUTHORIZED OR UNAUTHORIZED ACCESS OR SECURITY BREACH (OR ATTEMPTED ACCESS OR SECURITY BREACH), AND WILL NOT HOLD PROVIDER RESPONSIBLE THEREFOR. CLIENT AGREES NOT TO REPRESENT TO ANY THIRD PARTY THAT PROVIDER HAS PROVIDED ANY SUCH COVENANT, GUARANTEE OR WARRANTY. ALL DETERMINATIONS REGARDING THE CLIENT’S APPROACH TO COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS, INCLUDING HOW AND WHETHER THE SERVICES CONTRIBUTE TO SUCH APPROACH, SHALL BE MADE SOLELY BY THE CLIENT AND CLIENT SPECIFICALLY ACKNOWLEDGES THAT PROVIDER HAS NOT REPRESENTED, WARRANTED, OR OTHERWISE GUARANTEED PERFORMANCE OF THE SERVICES WILL RESULT IN ANY SUCH COMPLIANCE.
  6. Provider hereby disclaims responsibility for any and all claims of loss arising from or in connection with disruptions of and/or damage to Client’s or a third party’s information systems and the information and data contained therein arising from or related to the provision of the Services, including, but not limited to, denial of access to a legitimate system user, automatic shutdown of information systems caused by intrusion detection software or hardware, or failure of the information system resulting from the provision of the Services.  Client shall indemnify, defend, and hold harmless Provider from any claims related to any claims of such damage.
  7. Client is solely responsible for the content of the data contemplated to be accessed by Provider from Client’s systems under this Agreement.  Client has the right to grant to Provider, and does hereby grant to Provider (except to the extent otherwise specified in an SOW), the right to access all such data, all such systems, and all facilities associated with such systems and data for the purpose of providing the Services.  Client further acknowledges that it has the right to and does hereby authorize Provider to conduct any forensic or other investigations, to access computers, files or other data reasonably necessary to conduct such investigations, and to view information as necessary to perform the Services.  Client shall, at its own cost and expense, obtain and maintain all necessary third-party consents required for Provider to so access such systems and data.  Client represents and warrants that Provider’s performance of the Services does not and will not conflict with any obligations of Client to any third party, including without limitation employees of Client.  Client further represents and warrants that Client has taken and will take all necessary actions (including without limitation obtaining consents) required for Client to legally disclose all personally identifiable or equivalent data contained within the data to be accessed by Provider as the result of Provider’s performance of the Services, and that Client shall not grant Provider access to data and shall not disclose data to Provider to the extent such access and disclosure is not then permitted under all applicable laws.  Client shall not provide Provider access to any data which require, pursuant to any law or regulation, protection of such data to any legally and/or regulatory specified standard of care, to include without limitation export/import restrictions.  Client will also notify Provider in advance if any data provided to it is restricted for import or export control purposes. Client shall indemnify, defend, and hold harmless Provider from any claims related to any breach by Client of any of the foregoing representations, warranties, and obligations.
  8. Provider shall be excused from the performance of any obligation to the extent that such performance conflicts with any applicable law or regulation, including without limitation when Provider in good faith believes that such performance is likely to so conflict.
  9. All work product shall will contain Background IP. Background Intellectual Property shall mean Intellectual Property, proprietary information, or confidential know-how relevant to the project which is in the possession of a party prior to the commencement of the project or generated after commencement of the project but independent of the project.
  10. Provider owns and retains all right, title and interest (including without limitation all copyrights patents, moral rights, trademark rights, and other intellectual property and industrial property rights) in, to and associated with the services ideas, inventions, techniques, improvements, discoveries, software design, software coding, charts, drawings, specifications, notebooks, tracings, photographs, reports, briefings, findings, recommendations, data and memoranda. This is not a work made-for-hire agreement. Works published or copyrighted during the term of the service agreement and this SOW will remain copyright of Provider, unless explicitly agreed within a statement of work, or licensing agreement. Provider retains all rights to work undertaken under the term of the agreement, unless published under a community license such as the Creative Commons, in which case ownership may pass to the community. Any Client proprietary or confidential information remains the property of the Client.  No client content shall be so published without written permission. Client has a right to use any products related to Provider services for internal use and will not acquire any right, title or interest in or to any methodology, format, content or technology provided by Provider as part of the services.  Client may share reports, letters of attestation and other provided derivative works with business partners and Clients and other third parties for the purpose of improving and demonstrating Client’s security practices, status, and compliance.