Terms and Conditions

Penetration Testing Services

Lean Technologies Pty Ltd (T/A “Lean Security”) agrees to provide the services specified in the Proposal (“Penetration Testing Services”) and the Client agrees to pay the fees specified in the Proposal.

Client Acknowledgement

The Client acknowledges and agrees that:

1. Legal Authorisation:

In the absence of explicit written consent, Lean Security’s penetration testing activities may constitute an offence under Australian cybercrime laws (e.g., Crimes Act 1914). The Client hereby provides express consent for Lean Security to conduct the Penetration Testing Services.

2. Reliance on Client Information:

Testing is conducted based on information provided by the Client (“Client Information”), including system details, access credentials, and scope boundaries. Lean Security is not obligated to verify the accuracy or completeness of Client Information.

3. Deliverables:

Findings, reports, and recommendations (“Deliverables”) are produced based on Client Information and may not account for undisclosed systems or configurations.

Confidentiality and Intellectual Property

1. Confidentiality Obligations:

Both parties agree to treat all data exchanged during the engagement (“Confidential Information”) as confidential. Disclosure to third parties requires prior written consent, except where legally mandated (e.g., under the Privacy Act 1988).

2. Intellectual Property:

All tools, methodologies, and pre-existing materials used by Lean Security remain its exclusive property. Reports and custom deliverables (“Intellectual Property”) vest in Lean Security, with a non-exclusive, perpetual licence granted to the Client for internal use.

Rules of Engagement

1. Testing Plan:

Lean Security will submit a testing plan detailing scope, methodologies (e.g., OWASP Top 10, MITRE ATT&CK), and timelines prior to commencement. The Client must approve this plan in writing.

2. Boundaries:

Testing will adhere to agreed-upon boundaries (e.g., no denial-of-service attacks, social engineering, or physical testing) to minimise operational disruption.

Indemnity

The Client indemnifies Lean Security against all claims, liabilities, or losses arising from:

• The proper performance of Penetration Testing Services;

• Reliance on inaccurate or incomplete Client Information;

• Unauthorised use of Deliverables by the Client or third parties.

Liability

1. Exclusions:

Lean Security is not liable for:

• Losses caused by Client-directed actions or system changes during testing;

• Delays or inaccuracies due to incomplete Client Information;

• Pre-existing vulnerabilities or infrastructure flaws.

2. Cap on Liability:

Lean Security’s total liability is limited to the total fees paid by the Client under the Proposal.

Governing Law

This agreement is governed by the laws of New South Wales, Australia. Disputes will be resolved through arbitration in Sydney, NSW, under the Commercial Arbitration Act 2010.