Files
pentext/xml/source/snippets/offerte/en/examplewaiver.xml
2016-12-06 15:43:08 +01:00

118 lines
4.1 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<section id="waiver-example">
<title>ANNEX 2 Example Pentest Waiver</title>
<p>
<b><i>(Full Client Name)</i> (“<i>(Client)</i>”)</b>, with its registered
office at Somestreet, Somecity, Earth, Milkyway, and duly represented by
<i>(Client's CISO)</i>
</p>
<p>
<b>WHEREAS:</b>
</p>
<p>A. <i>(Client)</i> wants some of its systems tested,
<company_long/> (“<company_short/>”) has offered to perform such testing for
<i>(Client)</i> and <i>(Client)</i> has accepted this offer. The assignment
will be performed by <company_short/>'s core-team members, external freelancers,
and/or volunteers (the “Consultants”).
</p>
<p>B. Some of the activities performed by <company_short/>
and the Consultants during the course of this assignment could be considered
illegal, unless <i>(Client)</i>
has given permission for these activities. <company_short/>
and the Consultant will only perform such activities if they have received
the required permission.
</p>
<p>C. <i>(Client)</i> is willing to give such permission to <company_short/>,
the Consultants, and any other person <company_short/> might employ or engage
for the assignment.
</p>
<p>
<b>DECLARES AS FOLLOWS:</b>
</p>
<p>1. <i>(Client)</i> is aware that <company_short/>
will perform penetration testing services on the <i>(Client)</i>'s following
systems, as described below. The services are intended to gain insight in
the security of these systems. To do so, <company_short/>
will access these systems, attempt to find vulnerabilities, and gain further
access and elevated privileges by exploiting any vulnerabilities found.
<company_short/> will test the following targets (the “Targets”):
<ul>
<li>Target system</li>
</ul>
</p>
<p>2. <i>(Client)</i> hereby grants <company_short/>
and the Consultants on a date to be confirmed by email the broadest
permission possible to perform the assignment, including the permission to:
</p>
<p>a. enter and use the Targets;</p>
<p>b. circumvent, breach, remove, and turn off any security measures
protecting the Targets;
</p>
<p>c. copy, intercept, record, amend, delete, and render unusable or
inaccessible any data stored on, processed by, or transferred via the
Targets; and
</p>
<p>d. hinder the access or use of the Targets,</p>
<p>but <i>(Client)</i> only grants the permission for these activities to the
extent that (i) such activities are necessary to perform the assignment and
(ii) such activities do not disrupt the normal business operations of <i>
(Client)</i>.
</p>
<p>3. The permission under Article 1 extends to all systems on which the
Targets run, or which <company_short/>
or the Consultant might encounter while performing the assignment,
regardless of whether these systems are owned by third parties.
</p>
<p>4. <i>(Client)</i> warrants that it has the legal authority to give the
permission set out under Articles 1 and 2. It also warrants it has obtained
the necessary permissions from any third parties referred to under Article
3.
</p>
<p>5. Should the public prosecutor initiate an investigation or criminal
proceedings against <company_short/>
or any of the consultants it engaged or employed as a result of the
performance of the assignment for the customer, then
<i>(Client)</i> will co-operate fully with <company_short/>
in defending against this investigation or proceedings, including by
providing any evidence it has which relates to this investigation or these
proceedings.
</p>
<br/>
<table cols="48 433">
<tbody>
<tr>
<td rowspan="4">
Signed
</td>
<td>
on __________________________________
</td>
</tr>
<tr>
<td>
in __________________________________
</td>
</tr>
<tr>
<td>
by __________________________________
</td>
</tr>
<tr>
<td>
for <i>(Full Client Name)</i>
</td>
</tr>
</tbody>
</table>
</section>