Penetration Testing Agreement
This document serves to acknowledge an engagement between the Business Owner and Data Custodian (see descriptions page 2), collectively of the following system(s) or application, the University Chief Information Officer, and the University IT Security Officer.
All parties, by signing below, accept and agree that:
1. The Information Security and Policy Office (ISPO) will take reasonable steps to preserve the operational status of systems, but it cannot be guaranteed.
2. The ISPO is authorized to perform the component tests listed above, at their discretion using appropriate tools and methods.
3. Test results are related to specific tests only. They indicate, but do not and cannot measure, the overall security posture (quality of protections) of an application system.
4. All information related to this testing will be treated as highly confidential Level III security data, with commensurate protections.
