Whilst the Company wants assessments and Penetration tests, It's down to the Supplier providing the Service of penetration testing to make sure that the client sees a Conformity Letter stating that whilst the Supplier is providing the penetrations tests the supplier will not be liable for any acts towards the systems they are pen - testing. The client must sign this as part of the proposal deal, if they don't it's down to the supplier if they want to proceed with the assessment knowing they could be liable. As we all know even when not attaching any testing equipment or even touching the infrastructure, the client will always point the finger at you when something goes wrong.
Big Blue when generating proposals make sure that the client signs a non disclosure and "get out of jail free letter" in case of problems such as penetration( Hacking) testing ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
