These Terms of Service (“Terms”) constitute a legally binding agreement between Security Research and Development, LLC (“SR&D”) and the client entity (“Client”). By engaging SR&D for services, the Client agrees to be bound by these Terms.
1. Scope of Services
SR&D provides high-assurance technical services as defined in a signed Statement of Work (SOW). These services include:
•
Offensive Operations: Adversary emulation, vulnerability research, and penetration testing.
•
Systems Engineering: Design, configuration, and implementation of bare-metal and on-premises sovereign infrastructure.
•
Strategic Advisory: vCISO/vCTO leadership, cloud repatriation analysis, and technical risk management.
2. Authorization for Offensive Operations
For all security testing and offensive engagements:
•
Legal Authorization: The Client represents and warrants that it has the full legal right and authority to authorize SR&D to access, test, and perform security operations on the networks, systems, and data identified in the SOW.
•
Rules of Engagement (ROE): All offensive activities shall be governed by a mutually agreed-upon ROE document. SR&D will strictly adhere to these parameters to ensure operational safety.
•
Scope Limitation: SR&D services are digital in nature. Unless explicitly stated in writing, services do not include physical social engineering, "tailgating," or physical site breach attempts.
3. Infrastructure & Engineering Services
•
Hardware Procurement: SR&D provides design and integration expertise. While the Client is responsible for the final procurement of hardware and third-party hosting, SR&D maintains a curated list of vetted, high-performance bare-metal providers recommended for mission-critical security and cost-efficiency.
•
Data Sovereignty: SR&D prioritizes on-premises and dedicated infrastructure to ensure Client data remains within the Client's sovereign control. SR&D is not responsible for the security failures of third-party hosting providers chosen by the Client.
4. Limitation of Liability
•
Operational Risk: The Client acknowledges that offensive testing replicates real-world adversarial behavior and carries inherent risks of system instability or temporary service interruption. SR&D shall not be liable for any incidental, indirect, or consequential damages (including loss of data or revenue) arising from authorized testing conducted within the agreed-upon ROE.
•
Maximum Liability: In no event shall SR&D's aggregate liability exceed the total fees paid by the Client for the specific engagement giving rise to the claim.
5. Intellectual Property & Tradecraft
•
Client Deliverables: Upon final payment, the Client owns all final reports, strategic roadmaps, and custom architectural designs produced specifically for the Client.
•
SR&D Tradecraft: SR&D retains all ownership and rights to its proprietary methodologies, AI-driven orchestration agents, custom-coded exploit frameworks, and pre-existing automation scripts utilized during the performance of services.
6. Confidentiality & Non-Disclosure
Both parties agree to treat all non-public information as strictly confidential. SR&D shall not disclose identified vulnerabilities or Client infrastructure details to any third party. The Client agrees not to disclose SR&D's proprietary testing methodologies or “tradecraft” techniques to third parties without prior written consent.
7. Financial Terms
•
Payment: Fees are billed according to the schedule defined in the SOW.
•
Hardware Policy: For infrastructure projects, all third-party hardware or hosting costs must be paid in full by the Client prior to procurement or deployment by SR&D.
•
Expenses: Travel and specialized operational expenses will be pre-approved by the Client and billed at cost.
8. Indemnification
The Client agrees to indemnify, defend, and hold harmless SR&D and its personnel from any third-party claims, damages, or expenses arising from SR&D's authorized access to the Client's systems or networks during the performance of services.
9. Termination
Either party may terminate an engagement with thirty (30) days' written notice. Upon termination, the Client remains responsible for payment for all work completed and expenses incurred through the effective date of termination.
10. Governing Law
These Terms shall be governed by and construed in accordance with the laws of the State of Florida, without regard to its conflict of law principles.
Contact Us
For questions about these Terms of Service or engagement inquiries: