Pen Testing Company and Legal Documentation

From: Ricardo Mourato (ricardomcm@gmail.com)
Date: Mon Feb 26 2007 - 15:33:41 EST


hi folks, i'm thinking in creating a new department/service in my
company. In this case focusing in penetration testing, nowadays we
offer some services such as network consulting, VoIP, Server
administration (Linux, BSD and windows) and other services that
companys like my own do..
some of our customers frequently ask us about who can check if their
networks are secure, check their security policies and other thinks,
including penetration testing.
my problem is, what documentation do i need to do this? i need some
lawier to write any kind of agreement? or otherwise i can get into
troubles?
in more simple words, i think that i need papers (agreemnets,
contracts, or whatever...) to do some penetration testing LEGALLY
without getting on jail :P
i'm correct?
tnks in advice.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:36 EDT