Terms and Conditions

Penetration Testing Services

1. Agreement Lean Technologies Pty Ltd (T/A “Lean Security”) agrees to provide the services specified in the Proposal (“Penetration Testing Services”) and the Client agrees to pay the fees specified in the Proposal.

2. Client Acknowledgement The Client acknowledges and agrees that:

  • 2.1. Legal Authorisation: In the absence of explicit written consent, Lean Security’s penetration testing activities may constitute an offence under Australian cybercrime laws (e.g., Crimes Act 1914). The Client hereby provides express consent for Lean Security to conduct the Penetration Testing Services.

  • 2.2. Reliance on Client Information: Testing is conducted based on information provided by the Client (“Client Information”), including system details, access credentials, and scope boundaries. Lean Security is not obligated to verify the accuracy or completeness of Client Information.

  • 2.3. Deliverables: Findings, reports, and recommendations (“Deliverables”) are produced based on Client Information and may not account for undisclosed systems or configurations.

3. Confidentiality and Intellectual Property

  • 3.1. Confidentiality Obligations: Both parties agree to treat all data exchanged during the engagement (“Confidential Information”) as confidential. Disclosure to third parties requires prior written consent, except where legally mandated (e.g., under the Privacy Act 1988).

  • 3.2. Intellectual Property: All tools, methodologies, and pre-existing materials used by Lean Security remain its exclusive property. Reports and custom deliverables (“Deliverables”) vest in Lean Security upon creation. Lean Security grants the Client a non-exclusive, perpetual, worldwide, royalty-free licence to use, reproduce, and distribute the final report or its executive summary, provided that any distribution to third parties (including but not limited to customers, auditors, and insurers) is made under a Non-Disclosure Agreement (NDA). The Client may also store and use the Deliverables in its internal compliance management systems.

4. Rules of Engagement

  • 4.1. Testing Plan: Lean Security will submit a testing plan detailing scope, methodologies (e.g., OWASP Top 10, MITRE ATT&CK), and timelines prior to commencement. The Client must approve this plan in writing.

  • 4.2. Boundaries: Testing will adhere to agreed-upon boundaries (e.g., no denial-of-service attacks, social engineering, or physical testing) to minimise operational disruption.

5. Liability and Indemnity

  • 5.1. Each party is responsible for, and shall indemnify the other against, any losses, damages or claims arising directly from its own negligence, breach of contract, or wilful misconduct.

  • 5.2. Except as otherwise required by law, neither party shall be liable to the other for any indirect, consequential, or special losses (including loss of profit, revenue, or data).

  • 5.3. Each party’s total aggregate liability arising out of or in connection with this engagement shall be limited to the total fees paid for the Services giving rise to the claim, except in cases of fraud, gross negligence, wilful misconduct, or breach of confidentiality, for which no such cap shall apply.

6. Insurance Lean Security confirms that it maintains adequate Professional Indemnity and Public Liability insurance for the duration of the engagement. A Certificate of Currency will be provided upon request.

7. Governing Law This agreement is governed by the laws of New South Wales, Australia. Disputes will be resolved through arbitration in Sydney, NSW, under the Commercial Arbitration Act 2010.

Contact us