1. Authorized Testing Only

All testing activities must be fully authorized in writing by the client. The client confirms they have the legal right to grant permission for testing of the systems and environments in scope.

2. Scope Definition

Only the systems, domains, IP ranges, and applications explicitly listed in the agreed Scope Document will be tested. Any changes to scope must be approved in writing by both parties.

3. Testing Windows & Safety Controls

• Testing will be performed during the agreed dates and times.
• High-risk tests (e.g., stress tests, DoS conditions) will NOT be executed unless explicitly approved.
• Client may request an immediate pause at any time.

4. Data Handling & Confidentiality

All data observed during testing will be handled confidentially. Sensitive information will not be stored longer than necessary and will be securely destroyed after the engagement.

5. Reporting & Deliverables

Following the engagement, the client receives a detailed report including:

• Executive summary
• Technical findings with evidence
• Risk ratings
• Remediation guidance

6. Client Responsibilities

• Providing accurate system information
• Ensuring backups are available before testing
• Notifying internal teams if needed

7. Liability

Testing is performed carefully and according to industry best practices, but the client acknowledges that penetration testing inherently carries operational risks. ECHO Pentest is not responsible for unintended side effects unless caused by negligence.

8. Contact

For any questions regarding these terms, contact: contact@echopentest.com