[framework] Sample Contracts for Pen Testing
daniel.clemens at packetninjas.net
Thu Aug 30 21:52:50 CDT 2012
The key is "indemnification" for anything that breaks and a clause protecting you from being prosecuted for computer misuse. Explain this to your lawyer and then have them write thing up for you.
If you don't have a lawyer or LLC or legal entity you also open yourself up to the possibility of personal liability even if you have a "get out of jail free card".
Lastly, you should also consider having errors and emissions insurance and professional liability insurance.
Don't get bogged down in the exact details of what your doing, get your lawyer to help you write up things for your legal paperwork, then create your statement of work for the client.
o. 866.267.8851 x202
On Aug 30, 2012, at 10:01 PM, Stephen Haywood <stephen at averagesecurityguy.info> wrote:
> It's not a contract, but Pentest-Standard.org has a lot of good information to think about concerning contracts and pre-engagment planning. http://www.pentest-standard.org/index.php/Pre-engagement
> On Mon, Aug 27, 2012 at 1:06 PM, Chip <jeffschips at gmail.com> wrote:
> Hello All,
> Would anyone have a sample pentest contract or direct me to where I can find such a contract?
> I am most interested in something that would allow our affiliates' company to conduct test phishing and smishing emails/sms.
> Or any insights into this particular scenario would be appreciated, particularly as it relates to sending smishing and phishing emails to employees who bring their own wireless devices into a company environment and use the company's network, as well as those employees who use their company-owned wirelessly connected devices at the workplace.
> Stephen Haywood
> Information Security Consultant
> CISSP, GPEN, OSCP
> T: @averagesecguy
> W: averagesecurityguy.info
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the framework