PENETRATION TEST ADDENDUM

Effective as of January 1, 2024 (Version Number: 45292)

All terms not defined herein shall have the meaning ascribed to them in the DAS Standard Incorporated Terms and Conditions.

Penetration Test – If the executed COF or Cybersecurity Bundled Package includes “Penetration Test” in any form, DAS will use reasonable commercial efforts to provide: 

1. If included on the COF or included in a Cybersecurity Bundled Package, a Penetration Test (as outlined below) will be provided during the Calendar Year for which (a) the Penetration Test was initially ordered, provided that there was a UFC paid, or (b) 12 months’ MSC has been paid or agreed to be paid, and there has been no default or late payments by Client
2. The Client authorizes DAS to utilize standard penetration testing tools to identify and exploit vulnerabilities found.  The scope of penetrations tests are restricted to the public IP address space under the authorized control of the Client
3. It is understood and agreed by Client that there is an element of risk associated with penetration testing activities, especially to the systems tested in a live environment. This risk includes the potential that some services on Client’s system may be rendered unavailable during the test process. Risk is mitigated by DAS but never can be fully eliminated.   It is further understood and agreed by Client that there is no guarantee that every vulnerability in its systems will be identified during the test
4.  DAS does not assume any responsibility or liability for an act or omission, or other performance related to penetration testing services, or for the accuracy of information provided as part of the penetration test.  Penetration tests are provided on an “as-is” basis, without warranty or any kind
5. Service is to be considered one-time unless included in a Cybersecurity Bundled Package that is specified as Annual.