USA: +1 (551) 242-2980 | India: 1800 102 1532 (Toll Free) | Singapore: +65 6677 3658

CREST - TERMS AND CONDITIONS

The following terms and conditions apply to the penetration testing services (the “Services”) provided by IARM Information Security Pvt Ltd (“IARM”) to the Customer, as specified in the accompanying Statement of Work (the “SOW”) issued by IARM to the Customer.

IARM Obligations

IARM will provide the Services specified in the SOW. All other cybersecurity monitoring, assessment, or additional consulting services will be subject to a separate agreement.

Customer Obligations

The Customer is responsible for selecting the penetration testing service, or combination of services, that best meets its needs. The Customer also agrees to provide specific external Internet Protocol (IP) addresses and domains as requested by IARM.

The Customer agrees to have a person available at all times during the penetration testing engagement to restore, as soon as possible, any service or server that becomes unavailable.

In the event that any or all of the Services require IARM to be present on-site at the Customer’s location, the Customer agrees to provide IARM’s Penetration Testing Team (PTT) with all necessary access to the Customer’s site and network to provide the Services. The Customer will also provide IARM in writing, in advance, with any applicable restrictions for PTT presence on the Customer’s site.

Payment Terms

The payment terms are as specified in the SOW. Pricing for the Services is based on the assumptions set forth in the SOW. If, during the course of providing the Services, IARM determines that the assumptions are substantially different from those set forth in the SOW, IARM reserves the right to adjust the pricing prior to the completion of the Services to reflect additional work required as a result of the change in assumptions.

Confidentiality Obligations

In connection with performing the Services, certain confidential or proprietary information may either be provided by the Customer to IARM or generated in the performance of the Services. This includes, without limitation, information regarding the infrastructure and security of the Customer’s information systems; the results of the penetration testing of the Customer’s information systems, insofar as those results may reveal specific vulnerabilities; any systems assessments and plans that relate specifically and uniquely to the vulnerability of the Customer’s information system; or any other document or data otherwise marked as confidential by the Customer as “Confidential” (“Confidential Information”).

IARM agrees to keep the Customer’s Confidential Information in confidence to the same extent and in the same manner as IARM protects its own confidential information, but in no event shall less than reasonable care be provided. The Customer’s Confidential Information will not be released in any identifiable form without the express written permission of the Customer or as required by lawfully authorized subpoena or similar compulsory directive. However, IARM shall make reasonable efforts, consistent with applicable law, to limit the scope and nature of such required disclosure. IARM shall be permitted to disclose relevant aspects of such Confidential Information to its employees and third-party Cyber Security Services partners, including federal partners, provided that they agree to protect the Confidential Information to the same extent as required under this Agreement. IARM further agrees to use reasonable steps to ensure that Confidential Information received under this Agreement is not disclosed in violation of this Section. These confidentiality obligations shall survive the termination of this Agreement.

The Customer specifically acknowledges that as part of the Services, the PTT may need to view machine configuration data. IARM agrees that its PTT will avoid intentionally viewing or transferring any customer and user data. The Customer further acknowledges that if sniffers are used as part of the Services, it is possible that customer and/or user data may be captured. IARM agrees that should any personal data be captured, it will destroy any captured personal data and will not review it.

Additional Terms for On-Site Penetration Testing

In the event that the Services require the PTT to be on-site at the Customer’s facility, the Customer hereby acknowledges and consents to PTT presence on site. IARM agrees to comply with any reasonable restrictions for PTT access to the Customer’s site, provided that such restrictions do not unreasonably inhibit IARM’s ability to provide the Services.

Limitation of Liability

The Customer understands and agrees that there is an element of risk associated with penetration testing activities, especially when testing systems in a live environment. This risk includes the potential that some services on the Customer’s system may be rendered unavailable during the testing process. Although this risk is mitigated by the use of experienced professional penetration testers and tools obtained from trusted resources, it can never be fully eliminated. The Customer further understands and agrees that there is no guarantee that every vulnerability in its systems will be identified during the test.

IARM DOES NOT ASSUME ANY RESPONSIBILITY OR LIABILITY FOR ANY ACT OR OMISSION OR OTHER PERFORMANCE RELATED TO THE SERVICES, INCLUDING ANY ACT OR OMISSION BY CONTRACTORS OR SUBCONTRACTORS OF IARM, OR FOR THE ACCURACY OF THE INFORMATION PROVIDED AS PART OF THE SERVICES. THE SERVICES ARE PROVIDED ON AN “AS-IS” BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED.

If IARM fails to perform the Services required under the SOW for any reason, IARM’s liability shall be limited SOLELY to the return of all, or an appropriate portion, of any consideration paid for the Services not performed.

Termination

Either party may terminate the Services if the other party breaches these Terms and Conditions and such breach is not corrected within 30 days of receipt of written notice of the breach. The Customer shall be responsible for payment for the portion of the Services completed prior to the date of termination.

Force Majeure

Neither party shall be liable for performance delays or for non-performance due to causes beyond its reasonable control.

Relationship of the Parties

Neither the SOW nor these Terms and Conditions create an employment relationship, agency, joint venture, or partnership between the parties. Neither party is authorized to make any representation or commitment on behalf of the other party without its prior written consent. Each party shall be responsible for its own employees, contractors, and agents.

Governing Law

Unless otherwise specifically prohibited by the laws of the Customer’s jurisdiction, any disputes arising in connection with the Services or these Terms and Conditions shall be governed and interpreted by the laws of the Republic of India, without regard to its conflict of law provisions. In the event that the laws of the Customer’s jurisdiction require that the laws of that jurisdiction apply to all contracts entered into by the Customer, then the laws of that jurisdiction shall apply.

Additional Clause

In the event of a breach during the PT Assessment, it shall be the responsibility of the client organization to communicate with its external stakeholders (customers, regulators, law enforcement, etc.). IARM will extend all support to the client in all investigations, if required.

Entire Agreement

The SOW and these Terms and Conditions constitute the entire agreement between IARM and the Customer with respect to the Services, superseding any prior representations, discussions, negotiations, or other agreements, whether written or oral, between the parties. Except as otherwise expressly stated, in the event of a conflict between the terms of the Customer’s SOW and these Terms and Conditions, the provisions of these Terms and Conditions shall prevail.

Waiver and Severability of Terms

The failure of either party to exercise or enforce any right or provision of these Terms and Conditions shall not constitute a waiver of such right or provision. If any provision of these Terms and Conditions is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court should endeavor to give effect to the parties’ intentions as reflected in the provision, and the other provisions of these Terms and Conditions shall remain in full force and effect.

For any customer complaints specific to the defined Statement of Work and associated activities, please refer to our complaints handling policy and procedure.

The following terms and conditions apply to the penetration testing services (the “Services”) provided by IARM Information Security Pvt Ltd (“IARM”) to the Customer, as specified in the accompanying Statement of Work (the “SOW”) issued by IARM to the Customer.

IARM Obligations

IARM will provide the Services specified in the SOW. All other cybersecurity monitoring, assessment, or additional consulting services will be subject to a separate agreement.

Customer Obligations

The Customer is responsible for selecting the penetration testing service, or combination of services, that best meets its needs. The Customer also agrees to provide specific external Internet Protocol (IP) addresses and domains as requested by IARM.

The Customer agrees to have a person available at all times during the penetration testing engagement to restore, as soon as possible, any service or server that becomes unavailable.

In the event that any or all of the Services require IARM to be present on-site at the Customer’s location, the Customer agrees to provide IARM’s Penetration Testing Team (PTT) with all necessary access to the Customer’s site and network to provide the Services. The Customer will also provide IARM in writing, in advance, with any applicable restrictions for PTT presence on the Customer’s site.

Payment Terms

The payment terms are as specified in the SOW. Pricing for the Services is based on the assumptions set forth in the SOW. If, during the course of providing the Services, IARM determines that the assumptions are substantially different from those set forth in the SOW, IARM reserves the right to adjust the pricing prior to the completion of the Services to reflect additional work required as a result of the change in assumptions.

Confidentiality Obligations

In connection with performing the Services, certain confidential or proprietary information may either be provided by the Customer to IARM or generated in the performance of the Services. This includes, without limitation, information regarding the infrastructure and security of the Customer’s information systems; the results of the penetration testing of the Customer’s information systems, insofar as those results may reveal specific vulnerabilities; any systems assessments and plans that relate specifically and uniquely to the vulnerability of the Customer’s information system; or any other document or data otherwise marked as confidential by the Customer as “Confidential” (“Confidential Information”).

IARM agrees to keep the Customer’s Confidential Information in confidence to the same extent and in the same manner as IARM protects its own confidential information, but in no event shall less than reasonable care be provided. The Customer’s Confidential Information will not be released in any identifiable form without the express written permission of the Customer or as required by lawfully authorized subpoena or similar compulsory directive. However, IARM shall make reasonable efforts, consistent with applicable law, to limit the scope and nature of such required disclosure. IARM shall be permitted to disclose relevant aspects of such Confidential Information to its employees and third-party Cyber Security Services partners, including federal partners, provided that they agree to protect the Confidential Information to the same extent as required under this Agreement. IARM further agrees to use reasonable steps to ensure that Confidential Information received under this Agreement is not disclosed in violation of this Section. These confidentiality obligations shall survive the termination of this Agreement.

The Customer specifically acknowledges that as part of the Services, the PTT may need to view machine configuration data. IARM agrees that its PTT will avoid intentionally viewing or transferring any customer and user data. The Customer further acknowledges that if sniffers are used as part of the Services, it is possible that customer and/or user data may be captured. IARM agrees that should any personal data be captured, it will destroy any captured personal data and will not review it.

Additional Terms for On-Site Penetration Testing

In the event that the Services require the PTT to be on-site at the Customer’s facility, the Customer hereby acknowledges and consents to PTT presence on site. IARM agrees to comply with any reasonable restrictions for PTT access to the Customer’s site, provided that such restrictions do not unreasonably inhibit IARM’s ability to provide the Services.

Limitation of Liability

The Customer understands and agrees that there is an element of risk associated with penetration testing activities, especially when testing systems in a live environment. This risk includes the potential that some services on the Customer’s system may be rendered unavailable during the testing process. Although this risk is mitigated by the use of experienced professional penetration testers and tools obtained from trusted resources, it can never be fully eliminated. The Customer further understands and agrees that there is no guarantee that every vulnerability in its systems will be identified during the test.

IARM DOES NOT ASSUME ANY RESPONSIBILITY OR LIABILITY FOR ANY ACT OR OMISSION OR OTHER PERFORMANCE RELATED TO THE SERVICES, INCLUDING ANY ACT OR OMISSION BY CONTRACTORS OR SUBCONTRACTORS OF IARM, OR FOR THE ACCURACY OF THE INFORMATION PROVIDED AS PART OF THE SERVICES. THE SERVICES ARE PROVIDED ON AN “AS-IS” BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED.

If IARM fails to perform the Services required under the SOW for any reason, IARM’s liability shall be limited SOLELY to the return of all, or an appropriate portion, of any consideration paid for the Services not performed.

Termination

Either party may terminate the Services if the other party breaches these Terms and Conditions and such breach is not corrected within 30 days of receipt of written notice of the breach. The Customer shall be responsible for payment for the portion of the Services completed prior to the date of termination.

Force Majeure

Neither party shall be liable for performance delays or for non-performance due to causes beyond its reasonable control.

Relationship of the Parties

Neither the SOW nor these Terms and Conditions create an employment relationship, agency, joint venture, or partnership between the parties. Neither party is authorized to make any representation or commitment on behalf of the other party without its prior written consent. Each party shall be responsible for its own employees, contractors, and agents.

Governing Law

Unless otherwise specifically prohibited by the laws of the Customer’s jurisdiction, any disputes arising in connection with the Services or these Terms and Conditions shall be governed and interpreted by the laws of the Republic of India, without regard to its conflict of law provisions. In the event that the laws of the Customer’s jurisdiction require that the laws of that jurisdiction apply to all contracts entered into by the Customer, then the laws of that jurisdiction shall apply.

Additional Clause

In the event of a breach during the PT Assessment, it shall be the responsibility of the client organization to communicate with its external stakeholders (customers, regulators, law enforcement, etc.). IARM will extend all support to the client in all investigations, if required.

Entire Agreement

The SOW and these Terms and Conditions constitute the entire agreement between IARM and the Customer with respect to the Services, superseding any prior representations, discussions, negotiations, or other agreements, whether written or oral, between the parties. Except as otherwise expressly stated, in the event of a conflict between the terms of the Customer’s SOW and these Terms and Conditions, the provisions of these Terms and Conditions shall prevail.

Waiver and Severability of Terms

The failure of either party to exercise or enforce any right or provision of these Terms and Conditions shall not constitute a waiver of such right or provision. If any provision of these Terms and Conditions is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court should endeavor to give effect to the parties’ intentions as reflected in the provision, and the other provisions of these Terms and Conditions shall remain in full force and effect.

For any customer complaints specific to the defined Statement of Work and associated activities, please refer to our complaints handling policy and procedure.

 

CREST Certified

Insights

vulnerability-risk-assessment

Success Story

Largest Penetration Testing Casestudy

Read More
CREST accredited penetration testing

BLOG

The Ultimate FAQ’s on CREST Accredited Pentesting Services

Read More
security

Partner

IARM: Official CREST Accredited Partner

Read More
star

Popular Articles

Need Support?

Fill in the form, and we’ll respond to you as quickly as we can

    We are using cookies to give you the best experience. You can find out more about which cookies we are using or switch them off in privacy settings.
    AcceptPrivacy Settings

    Iarmlogo

    • We Value your Privacy
    • Necessary
    • Functional
    • Analytics
    • Performance
    • Advertisement

    We Value your Privacy

    We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below. 

    The cookies that are categorized as “Necessary” are stored on your browser as they are essential for enabling the basic functionalities of the site. 

    We also use third-party cookies that help us analyze how you use this website, store your preferences, and provide the content and advertisements that are relevant to you. These cookies will only be stored in your browser with your prior consent. 

    You can choose to enable or disable some or all of these cookies but disabling some of them may affect your browsing experience.” 

    Necessary

    Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data. 

    Functional

    Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features. 

    Analytics

    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc. 

    Performance

    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors. 

    Advertisement

    Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.