Reliance

Client shall provide a validated scope to Maverick Security prior to project kickoff. Maverick Security may rely on the information provided by Client without verification. If the scope is inaccurate or incomplete, the project budget will be consumed based on the incorrect data, and a change order will be issued to amend the statement of work. Client shall reimburse Maverick Security for any non-transferable/non-cancelable travel expenses incurred due to delays caused by inaccurate or incomplete information. Client warrants that the provided IP addresses, hostnames, and devices are owned or controlled by Client and that Client is authorized to allow the Services to be performed on them. Client will indemnify Maverick Security against any liability resulting from such performance.

General Acknowledgment

Security testing inherently carries risk, and while Maverick Security aims to minimize disruption, a flawless assessment cannot be guaranteed. Maverick Security will work with Client to establish engagement rules, including assessment activities and communication procedures.

Maverick Security will take steps to avoid accessing sensitive information but may inadvertently encounter it. If this happens, Maverick Security will discontinue access and securely delete any sensitive information or obfuscate it in any retained evidence.

Technical Attack Simulation Acknowledgment

Client must identify any in-scope assets that may respond poorly to testing or that should be excluded from the assessment. Maverick Security will not intentionally cause a denial-of-service condition or instability. Any testing that could impact system performance will be coordinated with Client.