GENERAL TERMS AND CONDITIONS
The General Terms below apply to all Agreements; additional service-specific terms attached at Schedule 1 also apply to specific services, all as further described below.
1. ENGAGEMENT
1.1. The Client engages SI and SI shall act for the Client on the terms and conditions set out in these Terms and Conditions.
2. TERM
2.1. The engagement of SI shall commence as per the agreed start date in the Statement of Work & Fees (“Agreed Start Date”) and shall continue (subject to the terms of this Agreement) until completion of the work described in the Statement of Work & Fees (“the Project”).
3. DUTIES
3.1. The duties of SI shall be to complete the Project, which shall be carried out at the Client’s offices or remotely or at such other location(s) as may be necessary for the effective performance of the duties. Unless otherwise stipulated, duties shall be carried out during normal business hours on Working Days (a day other than a Saturday or Sunday or public holiday in England when banks are open for business in the City of London).
4. FEES
4.1. In consideration of the duties, the Client shall pay SI the fee detailed in the Statement of Work & Fees. SI shall invoice the Client as laid out in the Statement of Work & Fees.
4.2. All payments and transactions under this contract shall be made in GBP (British Pounds). Any amounts mentioned in this agreement are deemed to be in GBP unless explicitly stated otherwise.
4.3. Any unpaid fees will attract interest at 4% above the base rate as specified from time to time by HSBC Bank and the Client will be liable for any fees and costs that may be necessary to collect payment of the fees.
4.4. Unless the fee detailed in the Statement of Work & Fees is stated as being inclusive of expenses, SI shall be reimbursed in full by the Client in respect of all expenses properly and reasonably incurred by it in connection with the Project, subject to the production of such receipts as the Client may require, attached to an invoice for the whole amount of the expenses.
4.5. SI reserves the right to charge in full for booked consultant days where the Client cancels those consultant days with less than 5 business days’ notice and to charge 50% of the contracted rate where the day is cancelled between 5 and 10 days in advance. In each case, SI may waive the right to charge for a specific cancellation if SI is able to deploy the Consultant’s time with an alternative client. SI also reserves the right to charge (at cost) for any non-refundable expenses incurred in respect of travel and accommodation arrangements made in line with this agreement for any consultancy days that are cancelled, irrespective of the notice period.
4.6. SI will try to work with any delays before or during the project caused by the Client to the agreed project duration and accommodate this on a best-efforts basis where SI has consultancy time available at the end of the pre-agreed end date of the engagement. SI reserves the right to charge in full for extra days assigned to accommodate client-imposed delays. However, where SI is not able to accommodate this extra time, it will be lost.
5. LIABILITY
5.1. SI shall exercise all reasonable skill, care and attention in all matters and shall indemnify the Client from all costs, claims, liabilities and expenses (other than consequential losses) incurred in respect of the performance (or non- performance) of SI of the duties, such indemnity to be limited in value to the level of fees incurred under this agreement as stated in clause 4.1.
5.2. To the fullest extent permitted by law, SI shall accept no liability whatsoever in respect of any losses incurred by the Client in respect of the performance of SI under the agreement and which arise in any way from circumstances beyond the control of SI (“force majeure” or “Acts of Nature”).
6. TERMINATION
6.1. The Client shall be entitled to terminate the Agreement with immediate effect and without any payment in lieu of notice by giving notice in writing to SI if SI commits any material or persistent breach of any of the terms or conditions of the Agreement or wilfully neglects or refuses to carry out any of the duties.
6.2. SI shall be entitled to terminate this Agreement immediately if the Client fails to pay any sum due within 30 days of the date of submission of an invoice properly submitted in line with the terms of the Agreement.
6.3. Upon termination of the Agreement SI shall not represent itself as being engaged by or connected with the Client or any subsidiary company.
7. CONFIDENTIALITY
7.1. SI will not either during the period of the Agreement (other than in the proper course of its duties and for the benefit of the Client) or after the Agreement has ended for any reason whatsoever:
7.1.1. use, disclose or communicate to any person any Confidential Information which it will have come to know or have received or obtained at any time (before or after the date of the Agreement) by reason of or in connection with the Agreement with the Client; or
7.1.2. copy or reproduce in any form or by or on any media or device or allow others to copy or reproduce Confidential Information whether or not in documentary form ("Documents") containing or referring to Confidential Information.
7.2. The Client shall, and shall procure that all its directors, officers, employees, partners and associates shall keep secret and confidential at all times all information relating to the tools, processes and methods used by SI in the course of the Project and agrees that these tools, processes and methods are subject to the laws of copyright and are owned by or licenced to SI and that they may not be copied, shared, forwarded or in any way made available to any other party save during the period of the Agreement and for the express purposes of completion of the Project.
8. NOTICES
8.1. Any notice required or permitted to be given or served under the Agreement shall be in writing and may be served by either party by personal service or by post addressed to the other party’s registered office for the time being.
8.2. Any such notice shall be deemed to have been served if delivered, at the time of delivery; or if posted, at the expiry of 48 hours after posting.
9. WAIVERS AND REMEDIES
9.1. The rights of each party under the Agreement may be exercised as often as necessary and are cumulative and not exclusive of its rights under the general law.
9.2. No waiver of any of the provisions of the Agreement shall be effective unless it is expressly stated to be such in writing and signed by both parties.
9.3 Any delay in the exercise or non-exercise of any right is not a waiver of that right.
9.4 Any remedy or right conferred upon the parties for breach of the Agreement shall be in addition to and without prejudice to all other rights and remedies available to it.
10. INDEPENDENT CONTRACTORS
10.1. SI and the Client are independent contractors and neither shall hold itself out to be, nor shall anything in the Agreement be construed to constitute either party as the agent, representative, employee, partner, or joint venture of the other. Neither party may bind or obligate the other without the other party's prior written consent.
11. DATA PROTECTION
11.1. Each party acknowledges that SI, for the purpose of the performance of SI’s obligations under this agreement may process personal data whilst undertaking the Services. Any personal data you provide to SI shall;
11.1.1. Be kept for the duration of the agreement only;
11.1.2. Not transferred outside of the EEA without prior written consent;
11.1.3. Be protected using robust technical safeguards; and
11.1.4. Only be processed in accordance with your written instructions.
12. SEVERABILITY
12.1. If any provision of the Agreement is held invalid, illegal or unenforceable in any jurisdiction, such provision shall be severed and the remainder of the provisions of the Agreement shall continue in full force and effect as if the Agreement had been executed with the illegal or unenforceable provision eliminated.
13. REPRESENTATIONS
13.1. SI warrants and represents to the Client that it is under no obligation, covenant or restriction which would or might operate to prevent or restrict SI from performing the obligations under the Agreement or which may give rise to any conflict of interest between SI and the Client or any subsidiary company of the Client.
14. ENTIRE AGREEMENT
14.1. The Agreement (which for the avoidance of doubt includes the Agreement, these Consolidated Terms and Conditions and any applicable service-specific terms and conditions identified below) constitutes the entire understanding and agreement between the parties relating to the subject matter of the Agreement and supersedes any previous agreement between the parties.
15. GOVERNING LAW AND JURISDICTION
15.1. The Agreement is governed by and construed in accordance with the law of England and the parties hereby submit to the exclusive jurisdiction of the Courts of England. These terms are accepted by the Client’s signature on the Acceptance Sheet and are binding on the Client as if these Consolidated Terms and Conditions themselves had been signed.
16. COMPLAINTS HANDLING
At Secure Impact, we take all feedback seriously. If our services fall short of exceptional or an issue remains unresolved through informal means, you have the right to raise a formal complaint. Our process ensures a thorough investigation and resolution of your concerns. To initiate a complaint, please email us at feedback@secure-impact.com, providing a detailed description, including:
- Nature of the complaint
- Dates
- Any supporting documentation
Here's how it works:
- Within three business days of receiving your complaint, we will acknowledge its receipt. The investigation will be conducted by our VP of Technology, under the oversight of our General Manager.
- We will thoroughly investigate, considering all relevant information and supporting documentation. - If needed, we may conduct internal investigations. We may request additional information from you to aid the process. Confidentiality is maintained, and there will be no victimization or disadvantage to the complainant.
- Within five business days of completing the investigation, we will provide a written response detailing the findings, outcomes, and proposed action. If we can't resolve the complaint within this timeframe, we will notify you of the delay and provide an updated resolution timeline.
- If the proposed action falls short of your satisfaction, we encourage you to engage with us to explore alternative solutions. Our aim is to reach a fair and amicable resolution.You have the right to appeal if you believe the complaint hasn't been adequately addressed. Inform us of your appeal and request higher-level management oversight. We will guide you through the escalation process.
- If you exhaust all internal options and remain unsatisfied, you may consider external options such as seeking legal counsel. However, we strive to address and resolve complaints internally before reaching this stage.
- Please note that we reserve the right to amend the complaint process, with any updates available on our website.
- This process applies solely to issues related to our consultancy services and doesn't cover third-party services or products. For any questions or further clarification regarding our complaint process, please don't hesitate to contact us.
SCHEDULE 1
- If the Client project relates to penetration testing, please refer to Schedule 1A below. If the Client project relates to digital forensics, please refer to Schedule 1B below.
1A PENETRATION TESTING TERMS AND CONDITIONS
The terms in this section are in addition to the General Terms and apply only to Agreements that cover the provision of Penetration Testing.
- Penetration testing and vulnerability assessments will be limited to conducting an agreed set of tests on the devices, systems, infrastructure and applications that are defined in the Statement of Work & Fees within the Agreement;
- SI’s penetration testing methodology is a combination of automated and manual testing, with manual testing designed to exploit any vulnerabilities identified by the automated testing. All tests look for exploitable vulnerabilities within the identified scope. Penetration tests do not automatically include a review of the actual code of any applications;
- All other tests and systems are out of scope and will not be tested without a signed amendment to the Agreement;
- Test IP Address: SI’s testing is carried out from a dedicated penetration testing network, and we will supply you with the relevant IP address so that you can add it to any IPS/IDS or filtering system to allow testing to be completed. Log files may record ping sweeps and port sweeps from our test IP address in addition to other activity that may be suspicious to any SEM or SIEM deployed on the systems and applications under test;
- SI’s testers will take care not to cause Denial of Service (DOS) conditions or anything that would affect the performance of the systems under test, except where permitted by and agreed with you;
- SI’s testers will take care not to perform testing that will result in damage to any of the devices we identify nor will we attempt to exploit any vulnerability where we think that doing so may cause damage, nor will we intentionally damage any information or information systems during testing;
- SI’s testers will immediately report any critical risk vulnerability that we might identify to the client contact;
- SI will require explicit authorisation to proceed from you and from any additional parties involved in hosting the infrastructure or application that is in scope before the start of any test work;
- Logs are kept of the actions taken during a test and, in line with our data retention procedure, these are retained, along with all other client files, for six years and are then destroyed. Your client files will be encrypted, classified as restricted to the testing consultant and to senior management of SI, stored on a restricted network drive, and will be backed up in their encrypted form to our mirrored, secure offsite backup environment. These controls directly protect your data from disclosure, damage and information leakage; SI will not:
- Disclose test results or related information to third parties without your prior permission, unless otherwise required by law;
- Allow anyone, other than on a need-to-know basis, access to your test information;
- Exchange information in relation to the tests and test results other than by using encrypted email.
- The Client will identify and disclose to SI any third parties that may conceivably be affected by SI’s testing activities in relation to this Project, and any damages and/or loss of service caused by the Client’s failure to identify and/or disclose such third parties shall remain the sole responsibility of the Client and the Client therefore indemnifies SI against all and any costs or damages howsoever arising from such activities. The Client’s authorisation to commence testing activities is deemed to include confirmation that any relevant client-internal or external parties have been appropriately notified and that all necessary permissions from such parties for SI to commence testing have been provided to SI.
- SI will only identify vulnerabilities that are already known at the date on which any tests are carried out, and which are capable of being exposed by the range of testing tools deployed by SI. The Client accepts that it is in the nature of technical security testing that there may be flaws which will be uncovered in the future or by the use of alternative tools and attack methodologies, none of which could normally be identified at the time of testing, and therefore agrees that it will not, now or in the future, hold SI to account for any such matters.
- SI shall accept no liability for damages caused to the Client by any automated or nonautomated attacks on the Client’s internet-facing infrastructure or its applications, irrespective of whether or not SI’s security testing activity carried out under this Agreement did, did not, or could have but did not, identify any vulnerability exploited or which might in future be exploited by any such attack.
- SI will identify vulnerabilities that its testing has exposed; wherever possible, it will identify by reference to commonly available and published information the appropriate patches and fixes that are recommended to deal with the identified vulnerability but it will be entirely the Client’s responsibility to formally identify and deploy an appropriate solution to the vulnerabilities identified by SI’s security testing.
1B DIGITAL FORENSICS TERMS AND CONDITIONS
DIGITAL FORENSICS TERMS
The terms in this section are in addition to the General Terms and apply only to Agreements that cover the provision of Digital Forensics.
1. DEFINITIONS
1.1. “Equipment” means the hardware, software or other materials which are to be investigated by SI as part of the Forensic Services; and
1.2. “Forensic Services” means the process of undertaking computer forensic examination as requested in the Submission Form or subsequently arising from what was requested in the Submission Form.
2. CLIENT’S OBLIGATIONS
2.1. The Client confirms that any Equipment is in good working order and functions fully and properly. If, when carrying out the Forensic Services, SI discovers faults in the Equipment which require additional work, SI reserves the right to charge additional fees in accordance with clause 4.2 of this Schedule.
2.2. The Client acknowledges that, due to the nature of Forensic Services, SI cannot guarantee that it will be able to perform and/or complete the Forensic Services. In particular, SI may be unable to recover data in whole or in part, may be unable to gain access to some or all of the Equipment and may need to examine additional equipment not included in the Submission Form. In addition, the data recovered may not be evidentially significant material, the Equipment may suffer damage as a result of the data recovery process and/or the Forensic Services may result in loss of business operating time or interruption to service for the Client. Such problems cannot be identified by SI until it has commenced Forensic Services and the Client shall remain liable for payment of the Fees (or such proportion of the Fees as SI may determine appropriate in its absolute discretion).
2.3. The Client agrees, where the Forensic Services are to take place on the Client’s premises, to ensure that a suitable working space is provided for the Consultant which shall include a desk and network access where appropriate.
2.4. The Client agrees that it will, unless otherwise agreed, deliver the Equipment to the relevant SI premises and collect the Equipment from those premises or authorise other means of delivery and return at the Client’s own risk and expense. Subject to clause 6.2 below, SI shall not be liable for the Equipment during transit to or from its offices.
2.5. The Client shall assume all liability and shall indemnify SI, its Affiliates and its and their officers, employees, agents, contractors and sub-contractors in full and on demand from and against any and all third party claims (including claims for alleged or actual infringement of Intellectual Property Rights), losses, damages, demands, costs, expenses, fees (including court and legal fees) and liabilities (in each case whether direct, indirect or consequential) of whatever nature suffered, incurred or sustained by SI (or its Affiliates) as a result of the provision of the Forensic Services, save to the extent that any such losses, damages, demands, costs, expenses, fees or liabilities are incurred as a direct result of SI’s breach of the Contract.
2.6. The Client agrees to ensure at least one employee has experience and knowledge of the Equipment and will act as liaison between the Client and SI, responding promptly to queries and requests for information.
2.7. The Client agrees at all times to co-operate with SI and to provide it promptly with such information about the Equipment as is reasonably required by SI.
2.8. The Client agrees to ensure that, where the Forensic Services are taking place on its premises, the premises are safe. The Client will indemnify and keep indemnified SI in full and on demand from and against all liabilities, direct, indirect and consequential losses, damages, claims, proceedings and legal costs (on an indemnity basis), judgments and costs (including costs of enforcement) and expenses which SI incurs or suffers in any way whatsoever arising out of or in connection with any claim or action against SI for death and/or personal injury arising out of the Client’s failure to provide safe premises.
2.9. The Client agrees that it has procured consent required for SI (and its Affiliates) to be permitted to carry out the Forensic Services and that, when requested by SI it will provide evidence of such consents. SI will be carrying out the Forensic Services in the belief that the Client has obtained all appropriate consents, permits and permissions.
2.10. The Client agrees that, where SI (or its Affiliates) supplies any software and/or hardware as part of the Forensic Services, it shall only use such software and/or hardware for lawful purposes, solely to the extent necessary to receive the benefit of the Forensic Services and in accordance with any applicable licence terms and SI’s (or its Affiliates’) instructions.
2.11. The Client authorises SI to work on or remove Equipment which is compromised or which it believes to be compromised.
3. SI’S OBLIGATIONS
3.1. SI will provide a receipt for any Equipment or image that it removes from the Client’s premises.
4. FEES AND PAYMENT
4.1. Unless otherwise stated, the Fees do not include: (i) attendance by an SI representative at premises designated by the Client or travel to a location other than the SI representative’s normal place of work; (ii) attendance by an SI representative at any case conferences, meetings, tribunals or court hearings; (iii) the storage by SI of any property or data post completion of the Forensic Services; and/or (iv) the cost of transporting the Equipment to/from SI’s premises. If SI agrees to carry out any of these activities it shall be entitled to charge reasonable additional fees.
4.2. SI reserves the right to increase the Fees and/or to charge additional fees should additional work not listed in the Submission Form, such as reverse engineering, become necessary. This includes additional work necessitated by a defect in any of the Equipment. SI will not increase the Fees and/or charge any additional fees without informing the Client in writing in advance.
5. OWNERSHIP OF EQUIPMENT
5.1. Ownership of the Equipment and all Intellectual Property Rights in the Equipment remains at all times with the Client and/or its ISP or other third party supplier (as applicable).
6. LIABILITY
6.1. Subject to clause 6.2 below, SI will not be liable for any loss suffered by the Client or any third party due to the occurrence of any of the events listed in clause 2.2 or a breach of any other part of clause 2 of this Schedule.
6.2. Nothing in this Schedule excludes or limits the liability of SI of its Affiliates for: (i) death or personal injury caused by negligence; (ii) fraud or fraudulent misrepresentation; or (iii) any other liability that cannot be limited or excluded at law.