Standard Terms and Conditions
These standard terms and conditions are applied to all client proposal, agreements and quotations signed unless specified. They apply to all services that we perform for you that are described in any kind of signed service confirmation (called “the Services”). Together, the signed document and these terms are called “this agreement”. If the two documents are inconsistent, the terms in the engagement letter of the proposal/contract or quotation, overrule these standard terms and conditions (terms and conditions may change from time to time without further notice) .
OUR OBLIGATIONS
NEXUSGUARD CONSULTING LIMITED, its affiliates and controlled companies (collectively referred to as “NCL”, “us” or “we”) must use all reasonable commercial efforts to complete the Services within the set time. We will perform the Services with due care, competence and diligence, however the quality of the Services will depend on input from Our Client (hereinafter “Our Client” or “You”).
YOUR OBLIGATIONS
You must instruct us fully and, in a timely fashion, give NCL each of the following (as they are ordinarily reasonably required to perform the Services):
•Information - NCL is entitled to rely on the accuracy of that information without independently verifying it. That is so whether the information is provided by you, your representatives, or your advisers;
•Access - to files, records and information technology systems, to premises and to people (whether management or staff) with relevant skills and experiences;
•Resources - you must provide (and designate to the assignment) all resources that are reasonably necessary to ensure timely approval, development and
•Backup Assurance – you must backup your company system before we perform any testing. The purpose of creating backups is to enable you to recover from data loss caused by the failure of individual servers and devices, unwanted data modifications and deletions, and widespread loss of data center facilities.
You are responsible for any damage to individual servers or other devices that are caused by failure to abide by this agreement.
You agree that any commercial decisions that you make, are not within the scope of our duty of care and in taking such decisions you must take into account the restrictions on the scope of our work and other factors, commercial and otherwise, of which you and your other advisers are, or should be, aware from sources other than our work.
PAYMENTS
You are obligated to pay for the Services amount in FULL upon the proposal, agreement and/or quotation signed. Payments shall be made according to the payment schedule stated in the signed document. NCL needs to receive payment in full invoice amount and does not bear bank charge for Our Client.
Your FULL Services amounts will become due immediately upon the contract cancellation whenever the Services has be stopped due the limited on scope or any other reasons informed from your side. You shall settle all outstanding balance immediately, or otherwise NCL reserves the rights to take further actions for the outstanding amount.
DELAYS
NCL will not be liable for any failure or delay in performing the Services if that failure or delay arises from anything beyond its control - including the untimely performance by you of your obligations. In addition, NCL is entitled to review its fees and, if the delay is substantial, terminate this agreement.
You shall provide the payment according to the project schedule stated in the signed proposal, agreement and/or quotation with the actual Services schedule and works performed.
CONFIDENTIALITY
Both NCL and you agree to take reasonable steps to maintain (within our respective organizations) the confidentiality of any proprietary or confidential information of the other. If you wish to provide a third party with copies of NCL reports, letters, information or advice, then NCL reserves the right to:
•Set the terms on which those copies are given or used; or
•Require the third party to enter into a direct relationship with us.
INTELLECTUAL PROPERTY RIGHTS
NCL will not acquire any ownership rights over any information provided to it by you or your representatives or advisers although you consent to us inserting your logos and other similar intellectual property on our deliverables where appropriate unless you notify us to the contrary. When you have paid all amounts owing to NCL in relation to the Services (and related services), NCL assigns you all copyright (and other intellectual property rights) to all reports, written advice and other deliverables (except software) we have provided. However, you grant to NCL a
a)As confidential information the processes, ideas, concepts and techniques developed in the course of providing the Services; and
b)All copyright and other intellectual property rights in:
i.data, designs, models, methodologies, analysis frameworks, leading practices, specifications and other elements of the deliverables which were owned or developed by NCL (or its vendors or
ii.all tools (and any enhancement, improvement or other derivative of those tools) including but not limited to software and working papers (whether or not these are supplied to you) used by NCL (or its subcontractors) in performing the Services.
INDEMNITY FOR LIABILITY TO THIRD PARTIES
You agree to indemnify NCL against all liabilities, claims, costs and expenses collectively referred to as “Loss” (including any tax payable by NCL on amounts paid by you under this indemnity) incurred by NCL in respect of any claim by a third party which is related to, arises out of, or is in any way associated with the Services or this engagement. However, the indemnity does not apply to any Loss in respect of any matters, which are finally determined to have resulted from NCL’s negligent, wrongful or willful acts or omissions.
LIMITATION ON SCOPE
•Our work will be directed towards employing specific testing procedures to ascertain whether a particular system can be penetrated at a particular place. If we are not successful, we may try elsewhere, and if we are successful, we will continue to test further into the system modifying our approach as we proceed.
•As a result of this selective, rather than comprehensive approach, we will not be in a position to confirm whether a particular location where we may have gained access is the only weakness in the system at that point, and it may be that other weaknesses may exist, which we will not identify in our investigations. For that reason, our report should not be seen as a comprehensive report on all weaknesses within your systems.
•Owing to the nature of security audit, there is a possibility that we may not be able to bypass your security measures due to, for example, the extent of the background information available to us or the time available to carry out attacks. Failure to penetrate one or more systems will not therefore reflect negatively on our conduct of the assignment, and you acknowledge that there may still be undetected vulnerabilities in the security of your systems.
•We will work closely with you to reduce the risk of unwittingly penetrating areas of your business where irreparable or serious damage could be caused. There may be areas of your systems, which you identify as being too sensitive and as a consequence, you will exclude from the scope of our testing. These may be third party systems, which you utilize as part of your operations or segments of your systems where the consequences of unwitting damage being caused during the course of our audit would, in your opinion, be too serious. We can obviously provide no comments in relation to such areas, and it may be that weaknesses in these areas could have a significant impact on areas where we have performed tests.
•The procedures that we will perform will not constitute an audit in accordance with Auditing Standards or a review made in accordance with Auditing Standards applicable to review engagements and, consequently, no assurance will be expressed.
RECOGNITION OF RISK
•We wish to make you aware of the inherent risks associated with security audit of the type you have requested us to perform, which we must ask you to recognize as your responsibility. Inevitably, when we are attempting to gain entry to your systems by unauthorized means (i.e. other than using accepted and authorized methods), there is a risk that we may cause damage to those systems. We will, of course, not seek deliberately to cause any damage which is not reasonably necessary in the context of the work you have asked us to perform, and will carry out our work in the manner which seeks to minimize these risks, whilst at the same time fulfilling our role of attempting to bypass the security measures which are designed to prevent unauthorized access.
•By testing the robustness of your computer systems, we will be seeking to interact with proprietary software, which you will have purchased. In so doing, we may cause you to be in breach of the terms on which that software was licensed to you, for example by carrying out reverse engineering. You accept that such a risk is your responsibility.
•There will inevitably be a delay between us reporting to you and any defects, which have been identified being remedied. During this time, the risk of damage being caused to your organization will obviously be increased, and it is obviously important that our report and findings are therefore kept strictly confidential.
•You agree not to hold NCL responsible for any loss, damage or expenses incurred by you as a result of our work, including any loss or damage caused to your systems or your business, save where such loss, damage or expenses are caused by our negligence, bad faith or willful misconduct. Further, you agree to indemnify us against any loss, damage or expenses that we may incur by reason of claims, actions, demands or proceedings brought against us by third parties arising out of or in connection with our work save where such loss, damage or expenses are caused by our negligence or breach of the agreed work programme.
•The extent of liability will be based on the finding of the incident investigation report performed by an independent third party such as insurance company or independent technical investigation firm to be mutually agreed upon by Our Client and NCL
CONFIDENTIALITY AND USE OF REPORTS
•As indicated above, it is obviously essential to both parties that the methods we adopt in carrying out our work for you, and the conclusions of that work, are kept strictly confidential. We are happy to acknowledge that we will maintain the working papers resulting from this assignment, which we are required to retain for proper professional purposes, in a secure location within our offices, such that access will only be permitted to our expressly authorized staff on a strict
•We will provide you with copies of our deliverables, which you may provide to appropriate individuals within your organization. We are not privy to the interests, technical knowledge and commercial or other objectives of any third parties. Hence the specific needs and requirements of third parties will not be taken into account in performing the assignment. In addition, any third party who may have sight of assignment deliverables will not have the benefit of the detailed discussions and mutual exchange of information, which will inevitably occur between NCL and the Our Client’s management in the course of the assignment.
•NCL therefore assumes no responsibility whatsoever in respect of any negligence, fault, breach of contract or breach of duty or otherwise to any user of assignment deliverables other than the Our Client. Any person who chooses to rely on assignment deliverables will do so entirely at their own risk.