Mutual Non-Disclosure Agreement
Protects confidential information exchanged by both parties — findings, infrastructure details, and proprietary methods. 5-year survival clause.
Open Document →Master Service Agreement
Governing contract for all engagements — terms, 50/50 payment schedule, liability limits, IP ownership, CFAA compliance clause, and dispute resolution.
Open Document →Statement of Work
Per-engagement scope — deliverables, testing phase schedule, in-scope/out-of-scope assets, assumptions, and fee milestones. Executed for every project.
Open Document →Rules of Engagement
Technical authorization — authorized targets, testing windows, prohibited actions, emergency stop contacts, credential handoff, and SOC notification settings.
Open Document →Authorization to Test
Explicit written authorization from the system owner — 7-point legal attestation, third-party cloud authorizations, and 7-year retention requirement.
Open Document →Engagement Signing Workflow
Execute documents in this order — testing cannot begin until all applicable documents are signed and on file
NDA
Sign before sharing any sensitive infrastructure details
MSA
Execute master contract — governs all engagements
SOW
Define scope, deliverables, timeline & fees
ROE
Agree on technical boundaries & emergency contacts
Auth Letter
Client signs authorization — testing may begin