SlideShare a Scribd company logo

BSidesLV 2019 - Cover Your A**: How to Protect Yourself as an Independent Security Consultant

Download as PPTX, PDF
S
Suchismita Pahi

The BSidesLV Proving Grounds slide deck accompanying my talk for independent security consultants on how to protect themselves from lawsuits (and get paid!)

Presentations & Public Speaking
1 of 44
Cover Your A**: How to Protect Yourself as an Independent Security Consultant
About Me My name is Suchi Pahi I’m a Data Privacy & Cybersecurity Attorney You can find me on Twitter! @SuchiPahi
I am not your lawyer, This is not legal advice.
What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which pieces do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
What Documents Do I Need?
Your standard set of documents for an assignment should include:  Non-disclosure Agreement* - Mutual agreement to protect your information and client’s information  Master Services Agreement – The high-level umbrella document that has who, what, where, when, how & why  Scope of Services / Statement of Work – The detailed document that goes into each assignment for client  Authorizations* - Get Out of Jail Free Card!
How You Should Think of These Documents
MSA SOW 1 SOW 2 SOW 3 NDA Get Out of Jail
Non-Disclosure Agreement (NDA) Date Identify Self & Client Address Purpose I (Consultant) won’t share your information externally, and You (Client), won’t share my information.
Master Services Agreement The Basics • Parties • Purpose • Definitions During Agmt. • Rights & Responsibiliti es • Assignment • Reps & Warranties • Payment End of Agmt. • Limitation of Liability • Indemnificati on • Severability • Governing Law • Waiver • IP
The SOW – Protecting Yourself PURPOSE PROJECT SCHEDULE TARGETS METHODS CONTROLS DELIVERABLES TOTAL COST PROVISION THAT THE SOW IS SUBJECT TO THE MSA
Authorizations Phys Sec – Keep a Get Out of Jail Free Card! (Document that says your auth’d to do what you’re doing) It should be signed by the folks who have hired you as consultant. Otherwise, keep the emergency contact # and name of a person who can keep you out of trouble.
What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which provisions do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
How Do I Get These Documents? • They send an NDA • Initial meeting with client • You prepare a scope of services and proposal • You also provide your version of an MSA Client reaches out or You reach out to Client • Definitions • Payment • Indemnification & Liability • Termination Then we start MSA Negotiations • Targets • Both Party’s Responsibilities • Delays • Deliverables Next, SOW Negotiations
What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which provisions do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
The Big 5 – These, Done Right Protect You From Trouble #1: The Document Statement of Work/ Scope of Services #2 - #5: Provisions of Interest Limitation of Liability Confidentiality Requirements Indemnification Contract Termination
What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which provisions do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
What do I need to know about the Statement of Work (AKA Setting Expectations!) Purpose Process Scope Deliverables
What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which provisions do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
Odds & Ends How do you get paid? IP Track Changes Will you get sued? Third parties Your Client, Your Contract The CFAAAAAAAAAA (CFAA)
What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which provisions do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
Whelp. That was a lot. Halp me.
What are the takeaways?
Carefully define your scope of services/ statement of work.
Don’t leave the liability, indemnification, how you get paid, or termination provisions ambiguous
Draft your own NDA and MSA, so you have a form.
Ask your peers for their suggestions and resources. Share the knowledge.
Thanks, Y’all!  Many thanks to the community, especially BSides Proving Grounds organizers and mentors (props to Clint Gibler for being an awesome mentor) and additional help/ not to be forgotten:  Jeff Man  Lisa Angelo  Jon Nichols  Falcon Darkstar  Wendy Knox Everette  and others! This list gets long quickly.
Additional Resources  Sample Documents and Provisions  A short template for general contracting  Sample Provisions for your documents (see Slides XX – XX)  How to Draft a Contract  Contracting for Non-Lawyers  This has some good details  UpCounsel’s Explanation of SOWs  How to read a Contract  Effectively Negotiating  Negotiating the MSA (Nixon Peabody)  Top 5 for Negotiating  Legal to Lay People Terms (see Slides 30 -31)  Examples of Provisions (Slides 32-42)  Who do I hire? (What Lawyer Does What?)
Legal Term What it Means Indemnification Client makes you whole/ protects you from harm Governing Law/ Choice of Law The state law that administers the entire Agreement Assignment Someone stands in your (or client’s) shoes to fulfill the Agreement Limitation of Liability A list of things that you or both parties can’t be sued for and if you can be sued, the maximum amt. you can be sued for. Breach Violation
Legal Term What it Means Force majeure Unforeseeable circumstances that will stop you from fulfilling the contract (e.g. war, hurricanes, death) Injunction Court order to “stop doing the thing you’re doing” or be fined/ imprisoned. Damages $$$ to make someone whole after they’ve been injured (e.g. economic loss). Copyright IP right applies to tangible works of authorship, incl. software.
Ex. A - What Should Your Proposal Have? A Table of Contents! NAME OF AGREEMENT 1. Executive Summary 2. Scope of Services 3. Project Schedule 4. Fees and Expenses 5. Master Services Agreement 6. Signatures
Ex. B : The Executive Summary of a Proposal and SOW after Initial Client Meeting I. Executive Summary YOUR COMPANY is pleased to present this proposal and Statement of Work (“SoW”) to POTENTIAL CLIENT COMPANY. Based on the initial discussion on DATE between YOUR COMPANY and POTENTIAL CLIENT COMPANY, a requirement exists to DO A THING (vulnerability assessment? Audit? Pen test?) During DO A THING, YOUR COMPANY will perform USE THESE METHODS (GENERAL) AND TARGET THESE THINGS (e.g., iOS). YOUR COMPANY will provide THIS DELIVERABLE. PRICING TERMS. YOUR COMPANY will provide a final product of FINAL DELIVERABLE (REPORT, RECOMMENDATIONS, ETC). YOUR COMPANY looks forward to working with POTENTIAL CLIENT COMPANY
Ex. C: Make the SOW subject to the MSA  All YOUR COMPANY work is subject to the terms and conditions in the fully executed Master Services Agreement between YOUR COMPANY and CLIENT COMPANY dated DATE. This Statement of Work and, unless specifically stated otherwise, all Statements of Work between YOUR COMPANY and CLIENT COMPANY, and all work and services performed by YOUR COMPANY for CLIENT COMPANY, are subject to the terms and conditions of the Master Services Agreement.  This Statement of Work (“SOW”) is made pursuant and subject to the Master Services Agreement(the “Agreement”) by and between YOUR COMPANY, and CLIENT COMPANY and shall be dated DATE. This SOW describes Services to be performed and provided by YOUR COMPANY pursuant to the Agreement. Capitalized terms used but not defined in this SOW shall have the meaning ascribed to them in the Agreement. If any item in this SOW is inconsistent with the Agreement, the terms of the Agreement will control, unless otherwise specified in writing
Ex. D: Assignment, Waiver, Severability, and Choice of Law provisions (Found in MSA)  Waiver  No provisions of this Agreement or any breach thereof shall be deemed waived unless such waiver is in writing and signed by the Party claimed to have waived such provision or breach. No waiver of a breach shall constitute a waiver for excuse of any different or subsequent breach.  Assignment  Neither party may assign (whether by operation or law or otherwise) any of its rights or delegate or subcontract any of its obligations under this Agreement without the prior written consent of the other Party. Notwithstanding the foregoing, CLIENT COMPANY shall have the right to assign its rights and obligations hereunder to any entity that is an affiliate or successor of CLIENT COMPANY, whether by merger, acquisition, change in control, or other transaction involving the sale of all or substantially all of CLIENT COMPANY assets, without the prior approval of YOUR COMPANY.  Severability  Any provision of this Agreement that is determined to be invalid or unenforceable will be ineffective to the extent of such determination without invalidating the remaining provisions of this Agreement or affecting the validity or enforceability of such remaining provisions.  Governing Law*  This Agreement shall be governed and interpreted in accordance with the laws of the state of WHICH STATE, excluding its conflicts of laws provisions. Jurisdiction and Venue for any dispute relating to this Agreement shall exclusively rest with the state and federal courts in THE SAME STATE
Example E: Setting forth compensation in your MSA Fees. Company will pay Contractor the fee specified in each SOW as Contractor’s sole compensation for the Services, provided such Services meet the term of the SOW and this Agreement and are of a quality consistent with industry standards. Contractor shall be responsible for all expenses incurred in performing Services under this Agreement, except as set forth in the SOW. Upon termination of this Agreement for any reason prior to completion of a SOW, Company will pay Contractor fees and expenses on basis stated in the SOW for work which is then in progress, within 14 days after the later of (a) Contractor’s invoice, and (b) the effective date of such termination. Invoicing. Unless otherwise provided in an applicable SOW, (a) payment to Contractor of undisputed fees will be due 14 days following Company’s receipt of an invoice which contains accurate records that document work performed for the invoiced fees; and (b) Contractor will submit invoices to Company on a monthly basis.
Example F: Mutual Indemnification Indemnification by YOUR COMPANY. YOUR COMPANY shall defend CLIENT COMPANY against any claim, demand, suit, or proceeding (”Claim”) made or brought against CLIENT COMPANY by a third party arising from (a) YOUR COMPANY’s breach of its confidentiality obligation under this Agreement, (b) YOUR COPANY’s gross negligence or willful misconduct, and (c) YOUR COMPANY’s breach of its [ANY SECURITY EXHIBITS/ DATA PRIVACY AGREEMENTS?] set forth as Exhibit [x] to this Agreement, and shall, in each case, indemnify CLIENT COMPANY for any damages against, or agreed to by YOUR COMPANY in settlement of, any such claims. CLIENT COMPANY shall defend YOUR COMPANY against any Claim made or brought against YOUR COMPANY by a third party arising from CLIENT COMPANY’s provision of [WHAT DOES THE COMPANY GIVE YOU SO YOU CAN DO YOUR JOB?] or CLIENT COMPANY’s use of Services in violation of this Agreement, and shall indemnify YOUR COMPANY for any damages finally awarded against, or agreed to by CLIENT COMPANY in settlement of any such claim.
Exhibit G: Limitation of Liability  In no event shall either party’s liability arising out of or related to this agreement, whether in contract, tort, or under any other theory of liability, exceed the amount paid or payable to YOUR COMPANY under this agreement in the prior six month period. The limitations on liability set forth in this section or otherwise set forth in this agreement shall not apply to liabilities arising from (a) either party’s indemnification obligations under this Agreement, (b) either party’s breach of its confidentiality obligations under this Agreement, (c) either party’s gross negligence or willful misconduct.
Exhibit H: Termination Termination without Cause. Either party may terminate this Agreement or any SOW without cause at its convenience upon thirty (30) days’ prior written notice to the other party. Each party will pay only those fees and expenses related to services actually performed up to and during such notice period as specified in the SOW. Termination with Cause. Either party may terminate this Agreement immediately in the event that the other party has materially breached the Agreement and fails to cure within five (5) day of receipt of written notice by the non-breaching party, setting forth in reasonable detail the nature of the breach. Only those fees and expenses related to services actually performed during such notice period, as specified in the SOW, will be paid. SOW Termination. The termination of an SOW pursuant to the SOW’s terms shall not invalidate or terminate this Agreement.
Exhibit I: Project Phases in Statement of Work tied to Compensation Milestone Fee (USD) Compensation will be payable in accordance with the table immediately above. In the event that the Agreement or this SOW is terminated prior to completion of the services set forth in the SOW, YOUR COMPANY will issue a final invoice for all Milestones accepted by CLIENT COMPANY prior to the effective date of the termination.
Exhibit J: What rights do you and the client have if they don’t like your product? This is an approval of deliverables clause. If CLIENT COMPANY determines that the Services for which YOUR COMPANY is responsible under this SOW are not satisfactory as a consequence of any YOUR COMPANY act or omission, CLIENT COMPANY may give YOUR COMPANY notice of the deficiency. YOUR COMPANY shall have a reasonable opportunity to investigate the reported deficiency, and the Parties shall use reasonable, good faith efforts to agree on the cause of the deficiency.
Exhibit K: IP Rights  Reservation of Rights. Subject to the limited rights expressly granted hereunder, YOUR COMPANY reserves all rights, titles, and interest in and to the Services, including all related intellectual property rights. No rights, express or implied, are granted to CLIENT COMPANY other than as expressly set forth herein.
Who Do I Hire? Types of Lawyers Type of Concern Type of Lawyer Can I patent this? Where is my copyright? How does software IP and licensing work? Intellectual Property Attorney My client won’t pay me! General Civil Litigator There is an incident involving data! Cybersecurity Lawyer (but read the description on their bio page, they could be *compliance, or *cyber-crime, or *incident response only My client is suing me for CFAA things This is *still* a Civil Litigator The Feds are after me! Criminal Defense Attorney (probably pro bono)
Questions?  Key Takeaways:  Don’t leave terms (especially the four provisions – indemnification, liability, confidentiality, and termination) ambiguous  Carefully define the SOW  Draft your own NDA and MSA (if possible)  Ask your peers for resources/ knowledge sharing Suchi Pahi Data Privacy & Cybersecurity Attorney @SuchiPahi

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 

More Related Content

Recently uploaded

Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 

Recently uploaded (20)

Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdf
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 

Featured

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn
 

Featured (20)

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 

BSidesLV 2019 - Cover Your A**: How to Protect Yourself as an Independent Security Consultant

  • 1. Cover Your A**: How to Protect Yourself as an Independent Security Consultant
  • 2. About Me My name is Suchi Pahi I’m a Data Privacy & Cybersecurity Attorney You can find me on Twitter! @SuchiPahi
  • 3. I am not your lawyer, This is not legal advice.
  • 4. What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which pieces do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
  • 6. Your standard set of documents for an assignment should include:  Non-disclosure Agreement* - Mutual agreement to protect your information and client’s information  Master Services Agreement – The high-level umbrella document that has who, what, where, when, how & why  Scope of Services / Statement of Work – The detailed document that goes into each assignment for client  Authorizations* - Get Out of Jail Free Card!
  • 7. How You Should Think of These Documents
  • 8. MSA SOW 1 SOW 2 SOW 3 NDA Get Out of Jail
  • 9. Non-Disclosure Agreement (NDA) Date Identify Self & Client Address Purpose I (Consultant) won’t share your information externally, and You (Client), won’t share my information.
  • 10. Master Services Agreement The Basics • Parties • Purpose • Definitions During Agmt. • Rights & Responsibiliti es • Assignment • Reps & Warranties • Payment End of Agmt. • Limitation of Liability • Indemnificati on • Severability • Governing Law • Waiver • IP
  • 11. The SOW – Protecting Yourself PURPOSE PROJECT SCHEDULE TARGETS METHODS CONTROLS DELIVERABLES TOTAL COST PROVISION THAT THE SOW IS SUBJECT TO THE MSA
  • 12. Authorizations Phys Sec – Keep a Get Out of Jail Free Card! (Document that says your auth’d to do what you’re doing) It should be signed by the folks who have hired you as consultant. Otherwise, keep the emergency contact # and name of a person who can keep you out of trouble.
  • 13. What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which provisions do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
  • 14. How Do I Get These Documents? • They send an NDA • Initial meeting with client • You prepare a scope of services and proposal • You also provide your version of an MSA Client reaches out or You reach out to Client • Definitions • Payment • Indemnification & Liability • Termination Then we start MSA Negotiations • Targets • Both Party’s Responsibilities • Delays • Deliverables Next, SOW Negotiations
  • 15. What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which provisions do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
  • 16. The Big 5 – These, Done Right Protect You From Trouble #1: The Document Statement of Work/ Scope of Services #2 - #5: Provisions of Interest Limitation of Liability Confidentiality Requirements Indemnification Contract Termination
  • 17. What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which provisions do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
  • 18. What do I need to know about the Statement of Work (AKA Setting Expectations!) Purpose Process Scope Deliverables
  • 19. What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which provisions do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
  • 20. Odds & Ends How do you get paid? IP Track Changes Will you get sued? Third parties Your Client, Your Contract The CFAAAAAAAAAA (CFAA)
  • 21. What’s on Tap? What is included in the contract? How do I get these documents? Okay, but which provisions do I really care about? What do I need to know about the Statement of Work/ Scope of Services? Where are the sticking points in the contract? Odd and ends Recap Resources
  • 22. Whelp. That was a lot. Halp me.
  • 24. Carefully define your scope of services/ statement of work.
  • 25. Don’t leave the liability, indemnification, how you get paid, or termination provisions ambiguous
  • 26. Draft your own NDA and MSA, so you have a form.
  • 27. Ask your peers for their suggestions and resources. Share the knowledge.
  • 28. Thanks, Y’all!  Many thanks to the community, especially BSides Proving Grounds organizers and mentors (props to Clint Gibler for being an awesome mentor) and additional help/ not to be forgotten:  Jeff Man  Lisa Angelo  Jon Nichols  Falcon Darkstar  Wendy Knox Everette  and others! This list gets long quickly.
  • 29. Additional Resources  Sample Documents and Provisions  A short template for general contracting  Sample Provisions for your documents (see Slides XX – XX)  How to Draft a Contract  Contracting for Non-Lawyers  This has some good details  UpCounsel’s Explanation of SOWs  How to read a Contract  Effectively Negotiating  Negotiating the MSA (Nixon Peabody)  Top 5 for Negotiating  Legal to Lay People Terms (see Slides 30 -31)  Examples of Provisions (Slides 32-42)  Who do I hire? (What Lawyer Does What?)
  • 30. Legal Term What it Means Indemnification Client makes you whole/ protects you from harm Governing Law/ Choice of Law The state law that administers the entire Agreement Assignment Someone stands in your (or client’s) shoes to fulfill the Agreement Limitation of Liability A list of things that you or both parties can’t be sued for and if you can be sued, the maximum amt. you can be sued for. Breach Violation
  • 31. Legal Term What it Means Force majeure Unforeseeable circumstances that will stop you from fulfilling the contract (e.g. war, hurricanes, death) Injunction Court order to “stop doing the thing you’re doing” or be fined/ imprisoned. Damages $$$ to make someone whole after they’ve been injured (e.g. economic loss). Copyright IP right applies to tangible works of authorship, incl. software.
  • 32. Ex. A - What Should Your Proposal Have? A Table of Contents! NAME OF AGREEMENT 1. Executive Summary 2. Scope of Services 3. Project Schedule 4. Fees and Expenses 5. Master Services Agreement 6. Signatures
  • 33. Ex. B : The Executive Summary of a Proposal and SOW after Initial Client Meeting I. Executive Summary YOUR COMPANY is pleased to present this proposal and Statement of Work (“SoW”) to POTENTIAL CLIENT COMPANY. Based on the initial discussion on DATE between YOUR COMPANY and POTENTIAL CLIENT COMPANY, a requirement exists to DO A THING (vulnerability assessment? Audit? Pen test?) During DO A THING, YOUR COMPANY will perform USE THESE METHODS (GENERAL) AND TARGET THESE THINGS (e.g., iOS). YOUR COMPANY will provide THIS DELIVERABLE. PRICING TERMS. YOUR COMPANY will provide a final product of FINAL DELIVERABLE (REPORT, RECOMMENDATIONS, ETC). YOUR COMPANY looks forward to working with POTENTIAL CLIENT COMPANY
  • 34. Ex. C: Make the SOW subject to the MSA  All YOUR COMPANY work is subject to the terms and conditions in the fully executed Master Services Agreement between YOUR COMPANY and CLIENT COMPANY dated DATE. This Statement of Work and, unless specifically stated otherwise, all Statements of Work between YOUR COMPANY and CLIENT COMPANY, and all work and services performed by YOUR COMPANY for CLIENT COMPANY, are subject to the terms and conditions of the Master Services Agreement.  This Statement of Work (“SOW”) is made pursuant and subject to the Master Services Agreement(the “Agreement”) by and between YOUR COMPANY, and CLIENT COMPANY and shall be dated DATE. This SOW describes Services to be performed and provided by YOUR COMPANY pursuant to the Agreement. Capitalized terms used but not defined in this SOW shall have the meaning ascribed to them in the Agreement. If any item in this SOW is inconsistent with the Agreement, the terms of the Agreement will control, unless otherwise specified in writing
  • 35. Ex. D: Assignment, Waiver, Severability, and Choice of Law provisions (Found in MSA)  Waiver  No provisions of this Agreement or any breach thereof shall be deemed waived unless such waiver is in writing and signed by the Party claimed to have waived such provision or breach. No waiver of a breach shall constitute a waiver for excuse of any different or subsequent breach.  Assignment  Neither party may assign (whether by operation or law or otherwise) any of its rights or delegate or subcontract any of its obligations under this Agreement without the prior written consent of the other Party. Notwithstanding the foregoing, CLIENT COMPANY shall have the right to assign its rights and obligations hereunder to any entity that is an affiliate or successor of CLIENT COMPANY, whether by merger, acquisition, change in control, or other transaction involving the sale of all or substantially all of CLIENT COMPANY assets, without the prior approval of YOUR COMPANY.  Severability  Any provision of this Agreement that is determined to be invalid or unenforceable will be ineffective to the extent of such determination without invalidating the remaining provisions of this Agreement or affecting the validity or enforceability of such remaining provisions.  Governing Law*  This Agreement shall be governed and interpreted in accordance with the laws of the state of WHICH STATE, excluding its conflicts of laws provisions. Jurisdiction and Venue for any dispute relating to this Agreement shall exclusively rest with the state and federal courts in THE SAME STATE
  • 36. Example E: Setting forth compensation in your MSA Fees. Company will pay Contractor the fee specified in each SOW as Contractor’s sole compensation for the Services, provided such Services meet the term of the SOW and this Agreement and are of a quality consistent with industry standards. Contractor shall be responsible for all expenses incurred in performing Services under this Agreement, except as set forth in the SOW. Upon termination of this Agreement for any reason prior to completion of a SOW, Company will pay Contractor fees and expenses on basis stated in the SOW for work which is then in progress, within 14 days after the later of (a) Contractor’s invoice, and (b) the effective date of such termination. Invoicing. Unless otherwise provided in an applicable SOW, (a) payment to Contractor of undisputed fees will be due 14 days following Company’s receipt of an invoice which contains accurate records that document work performed for the invoiced fees; and (b) Contractor will submit invoices to Company on a monthly basis.
  • 37. Example F: Mutual Indemnification Indemnification by YOUR COMPANY. YOUR COMPANY shall defend CLIENT COMPANY against any claim, demand, suit, or proceeding (”Claim”) made or brought against CLIENT COMPANY by a third party arising from (a) YOUR COMPANY’s breach of its confidentiality obligation under this Agreement, (b) YOUR COPANY’s gross negligence or willful misconduct, and (c) YOUR COMPANY’s breach of its [ANY SECURITY EXHIBITS/ DATA PRIVACY AGREEMENTS?] set forth as Exhibit [x] to this Agreement, and shall, in each case, indemnify CLIENT COMPANY for any damages against, or agreed to by YOUR COMPANY in settlement of, any such claims. CLIENT COMPANY shall defend YOUR COMPANY against any Claim made or brought against YOUR COMPANY by a third party arising from CLIENT COMPANY’s provision of [WHAT DOES THE COMPANY GIVE YOU SO YOU CAN DO YOUR JOB?] or CLIENT COMPANY’s use of Services in violation of this Agreement, and shall indemnify YOUR COMPANY for any damages finally awarded against, or agreed to by CLIENT COMPANY in settlement of any such claim.
  • 38. Exhibit G: Limitation of Liability  In no event shall either party’s liability arising out of or related to this agreement, whether in contract, tort, or under any other theory of liability, exceed the amount paid or payable to YOUR COMPANY under this agreement in the prior six month period. The limitations on liability set forth in this section or otherwise set forth in this agreement shall not apply to liabilities arising from (a) either party’s indemnification obligations under this Agreement, (b) either party’s breach of its confidentiality obligations under this Agreement, (c) either party’s gross negligence or willful misconduct.
  • 39. Exhibit H: Termination Termination without Cause. Either party may terminate this Agreement or any SOW without cause at its convenience upon thirty (30) days’ prior written notice to the other party. Each party will pay only those fees and expenses related to services actually performed up to and during such notice period as specified in the SOW. Termination with Cause. Either party may terminate this Agreement immediately in the event that the other party has materially breached the Agreement and fails to cure within five (5) day of receipt of written notice by the non-breaching party, setting forth in reasonable detail the nature of the breach. Only those fees and expenses related to services actually performed during such notice period, as specified in the SOW, will be paid. SOW Termination. The termination of an SOW pursuant to the SOW’s terms shall not invalidate or terminate this Agreement.
  • 40. Exhibit I: Project Phases in Statement of Work tied to Compensation Milestone Fee (USD) Compensation will be payable in accordance with the table immediately above. In the event that the Agreement or this SOW is terminated prior to completion of the services set forth in the SOW, YOUR COMPANY will issue a final invoice for all Milestones accepted by CLIENT COMPANY prior to the effective date of the termination.
  • 41. Exhibit J: What rights do you and the client have if they don’t like your product? This is an approval of deliverables clause. If CLIENT COMPANY determines that the Services for which YOUR COMPANY is responsible under this SOW are not satisfactory as a consequence of any YOUR COMPANY act or omission, CLIENT COMPANY may give YOUR COMPANY notice of the deficiency. YOUR COMPANY shall have a reasonable opportunity to investigate the reported deficiency, and the Parties shall use reasonable, good faith efforts to agree on the cause of the deficiency.
  • 42. Exhibit K: IP Rights  Reservation of Rights. Subject to the limited rights expressly granted hereunder, YOUR COMPANY reserves all rights, titles, and interest in and to the Services, including all related intellectual property rights. No rights, express or implied, are granted to CLIENT COMPANY other than as expressly set forth herein.
  • 43. Who Do I Hire? Types of Lawyers Type of Concern Type of Lawyer Can I patent this? Where is my copyright? How does software IP and licensing work? Intellectual Property Attorney My client won’t pay me! General Civil Litigator There is an incident involving data! Cybersecurity Lawyer (but read the description on their bio page, they could be *compliance, or *cyber-crime, or *incident response only My client is suing me for CFAA things This is *still* a Civil Litigator The Feds are after me! Criminal Defense Attorney (probably pro bono)
  • 44. Questions?  Key Takeaways:  Don’t leave terms (especially the four provisions – indemnification, liability, confidentiality, and termination) ambiguous  Carefully define the SOW  Draft your own NDA and MSA (if possible)  Ask your peers for resources/ knowledge sharing Suchi Pahi Data Privacy & Cybersecurity Attorney @SuchiPahi

Editor's Notes

  1. This was originally – Cover Your A**, how to protect yourself when you’re red teaming. But, turns out, the principles are a little broader – so it’s Cover Your A** - How to Protect Yourself as An Independent Security Consultant!
  2. Why am I here: I found myself helping friends who are working in the hacker space when it came to protecting themselves and their work when contracting with clients. I’ve been a cybersecurity/data privacy lawyer for ~ 5 years, mostly working on the big corporate side with the Fortune 100 companies. But I grew up with tech nerds and engineers in my family, which means I know more than a few folks who are independent consultants and need help sometimes on figuring out whether they are going to get sued, and if they do, what they can do to protect themselves.
  3. This is meant to be informative. TL;DR - I drink, and I know things. And I’m here to share with you the tips and tricks that I’ve shared with my friends.
  4. “Alright folks, here’s what’s on tap for this talk. We’re going to walk through various pieces of what you need as an independent consultant and spot the issues. We’re going to start at the beginning of the whole process – so if you’re pretty savvy on the contracting part of this, hang in there with me. By the end of this presentation you should have an idea of what you need to keep an eye out for when you’re working with your clients. I do briefly touch on the intellectual property part of this, e.g. licensing and copyright at the end. I’ve also included a few resources for you in the last slide. When you take a look at the resources and use this talk/ slides later (or your notes etc.) remember that you are operating in a very flexible situation with different client types and sizes. So you should tailor everything, and be diligent in reviewing your own documents.
  5. TL;DR now and then we’ll go into these in detail later. There are a few ways in which a contract or agreement might be set up between you and a client. The contract or agreement could be one document that includes an authorization, confidentiality provision, and scope of services/ statement of work. Or, it could be multiple documents that together act as a complete contractual agreement. Depending on your state, if you ever end up in court, you may have to argue what makes up your contract. Typically, courts will only really buy that your contract is contained within the four corners of a document / set of documents. That means your side conversations, or emails, or texts, won’t have bearing on the actual total Agreement that you have with your client. So – your job as an independent security consultant, is to make sure that you include *all of the terms* that you could want in your actual agreement(s) itself. Now – back to the documents themselves - in my experience, first, you most often see a non-disclosure agreement that is signed prior to the rest of the agreement, so that you and the client can have an honest discussion about what you have to offer as a red teamer to them, and then a second document that is a primary agreement that includes, in frequently fancy lawyer language: What you’re going to do The company’s direction/authorization that you do it How long you’re authorized to do the thing When and how you’re going to be paid When and how either party can breach the contract Who is on the hook for breaches and what the parties can sue for This primary agreement is then supplemented by a third piece of paper (or multi-page document) that has the exact scope of services, also known as the scope of work. This answers questions such as - how many boxes, what kinds of boxes, IP address ranges, types of authorized attack vectors, etc. This second set can also cover intellectual property (or, the MSA will have the IP rights). If you’re doing any type of physical security work, some folks make it a point to get an express written authorization that they carry on them in hard copy form so that if there is any trouble at the premises of the client, you can show that. Or have a cell #// name, etc. Let’s look at a quick example of each- just so you know/ can be familiar with the face of the document.
  6. Thinking about these in a visual manner can be helpful – here, if you have an MSA in place where you’ve negotiated all of the important terms of the contract, including how you get paid, then you’ll have the specific statement of work or scope of services documents follow from the MSA. They’ll incorporate the MSA by reference (e.g. ”Nothing in this Statement of Work/ Scope of Services is intended to replace or otherwise change the terms of the MSA, signed on [DATE]. Any conflicting terms or definitions will be resolved in favor of those used in the MSA”) Note, the NDA is not after the MSA and does not fall from the MSA. The NDA also is not necessarily before the MSA, although considering you’re in security consulting, there is probably an NDA. If you have a Get Out of Jail Free Card – it is going to tag in with your SOWs (Statements of Work or Scope of Services documents).
  7. Okay let’s start with the first document (most likely first) - the Non-Disclosure Agreement. What other sections do you see in an NDA? Definitions – including the definition of confidential information or proprietary information You can typically request that the Client clarify what information is Confidential by marking it as such. However, in many cases if you have a mid-size to large client, they’ll tell you all of it is Confidential Information/ and includes things like business knowledge, business relationships, types of technology, financial information, trade secrets, etc. Equally important in this definition is to make note of what is *excluded* from Confidential Information. These tend to be what we call boilerplate – information that is public knowledge, information that you, the red teamer, have developed or are bringing to the Agreement, anything disclosed pursuant to certain legal requirements, e.g. a Court Order or Subpoena, or anything disclosed with written authorization from the Owner. Requirements of You – the NDA will require you to protect any confidential information and you’ll have an obligation not to re-disclose that information If you use any subcontractors or vendors, you’ll want to consider whether/ how you’ll include them as parties to the NDA and other parts of the Agreement. No copying/no modifying No unauthorized use Remedies if you violate the NDA – for example, an injunction (which means “stop doing what you’re doing”), a requirement that you return, a right to terminate contracts, potentially a right to sue based on any damage to the business caused by disclosures, indemnification (we’ll discuss how that works later), and attorney fees. The term/ time limit for the NDA Sometimes a direct reference to Whistleblower protections.
  8. *The next document you’re going to see if likely called the “Master Services Agreement.” The point of this document is to set forth the purpose of the relationship between you and the client, define terms, and then cover things like “how you get paid” (Compensation) and “what you produce” (Deliverables). Your actual project or project(s) will be included in the scope of services, and the MSA is going to be the overarching document for these various smaller agreements that are time or box-limited. This actually does a great thing for you - If the client likes you, and you’ve negotiated a master services agreement – then the client just has to negotiate the details in the scope of services or scope of work. So you don’t go back to the drawing board every time.
  9. This is where you really get into the nitty gritty of your project. Which, we’ll get into later. But for now, a Scope of Services or Statement of Work is a more closed in/ limited document. The point of this is to tell the client – What you’re going to do A timeframe or schedule of when you’re going to do things What the targets are/ is How you’re going to do this generally (e.g. Reverse Engineering, Forensic Analysis) What you’re testing for (what are those dreaded compliance checkboxes the client wants and what does your work do to check the boxes) What you’re going to provide to the client – including format, time for delivery, and any review.* You can also let them know whether you validate remediation. Deliverables can be reports, scripts, and more. You can sometimes also include within these Statement of Work or Scope of Services things like: Assumptions you’re making – e.g. that you’ll be operating during business hours and business hours are X to X times Responsibilities for each party – e.g. that the Client will provide access to the targets or will provide items you need for the targets Any pre-engagement lists – things that need to be done before you actually start your side of the project + any penalties if you get delays from the client side (and what you’re offering if you delay from your side).
  10. I don’t have much to tell you here – you guys have industry standards for how to operate when it comes to physical security assignments, but in the event that you aren’t sure, ask one of your friends, and if you can’t get the information that way – I have seen people either keep hard copies of express authorizations to engage in phys. sec work or I’ve seen folks keep copies of emergency numbers and names. E.g. medium size to smaller size company coming from the top, if super-large company not so senior, might be head of engineering or something. For red teams – for which you’re doing physical stuff or stealthy things, so you’ll need a super senior person.
  11. Alright! That was a lot! So what is the process by which you actually get these documents?
  12. I’ve mentioned earlier in this presentation that there is a lot of flexibility with the “how to” of actually contracting. While this process starts with a Client reaching out to you or you reaching out to a client – they may sign your NDA if you provide them with one, or they may have you sign their NDA. Then, at the initial meeting with the client, you’re doing some discovery about how they operate, what their pain points are, and what they really need. Subsequently, you’re going to prepare a proposal of the services you’re going to provide (the scope of services) as well as a master services agreement. What I’ve pulled out for the negotiation parts of each is the important areas. What you won’t see in the MSA or Scope of Service/ Statement of Work negotiations here is the fact that *if you find things while you’re doing this work that you think the client should know about but they haven’t engaged you to provide, I highly recommend you discuss with the person who has engaged you in person and let them know that they exist but that you won’t include them in writing unless the Client wants you to” This may suck. But – they are the client, and you’ve done your due diligence by at least bringing it to their attention orally. Your MSA should make sure to include the fact that you are *only* on the hook for *exactly* what is described in the scope of services and not liable for any other vulnerabilities or flaws that are otherwise included in the Client’s ecosystem. Negotiations may take a week or two minimum. It can take up to a month depending on the client – so when you’re going in, you have to have an idea of what provisions you’re flexible on and what provisions you have absolutely zero flexibility on. Which brings us to – how to approach the important provisions. Talk about why a 3rd party might sue (two examples). <downstream examples>
  13. So what should you care about when you’re contracting? These five things – because if you don’t get these right, they’ll get you in the most trouble. The first of these is a document, and the other four are provisions. Statement of Work- Where you lay out, in detail, exactly what you’re going to do, when, and your basic assumptions so that your Client is aware of the things you are doing on behalf of the client and such that you can’t be nudged into doing anything that isn’t within that scope at risk to your own business/ money/ personal anything. Limitation of Liability - Where establish the things that your client can not sue / hold you liable for (limiting their ability to put you on the hook for things that you should not be on the hook for based on industry practices/standards, and your scope of service/work). This is typically within the MSA. This is also where you cap liability (how much can you get sued for). Confidentiality Requirements – Where you establish the items that you’re supposed to keep confidential, and the things that they’re supposed to keep confidential, as well as the time limits for these confidentiality provisions (OR – more specifically, the time limits on an NDA). Indemnification – Where the client agrees to indemnify you (meaning, on your behalf take the arrow, if particular things happen. E.g. if a downstream vendor is affected by the work you do for client, they’ll “indemnify you” so that you don’t have to hire attorneys to handle the claim). Contract Termination – in short, you need to know how to finish the contract in the event that 1) they aren’t paying you on time; 2) you can’t do what they want you to do; or 3) the relationship has soured.
  14. This is where you tell the client: What you’re going to do (Purpose) Generally how you’re going to do it (Process/Methodology) Scope (Target etc.) Deliverables (How you’re going to provide feedback). What am I talking about when I say Purpose? Why has the client engaged you? If the client has engaged you for a network security assessment, then your purpose should include that you’re going to be reviewing the network infrastructure, performing a pen test of the same, and that this will allow you to identify weaknesses and/or vulns. Are you also going to provide remediation/ mitigation? Or some form of risk rating? Then include that as part of your purpose. This should be a clear and straightforward 3-5 sentences maximum. What about Process. Methodology? Let’s start with Methodology here - It is difficult to predict ahead of time what you may run into and what tools you may end up using. That’s a fair problem to have. But you should have a general idea of the world of tools and methods you may use. So if you’re doing a code review, e.g. a source code analysis, you can let the client know that you’re going to do a static analysis with generally, “static analysis tools.” You don’t have to list every tool that you use or think you may use. The Process is level-setting with your client. What can your client expect while you’re completing this project for them. Are there multiple phases in your work? What are those phases? When are those phases? This is the project management side of the contracting. Are you going to do a Phase 1 assessment? What does that include? Some of the best contracts I’ve seen (or Statements of Work) will clearly list out that they’re going to have an initial call and that initial call will help do things like define IP ranges, produce a timeline, determine what resources need to be interviewed. And then there will be a second call or in person meeting that is just info gathering via tools so on, and so forth. Scope? This is where you really need to focus. This scope section should *at least* cover what you’re going to be working with. For example, if you’re doing a network security assessment, you should, within your scope, list all of the domains that you’re going to be testing. What is off limits? What is not off limits? If you don’t scope clearly - your client may ask you to do things that are 1) Not what you expected 2) open you up to lawsuits from other entities (not including the client) and 3) Result in more work than the fees your charging are worth.
  15. *Protip re: pay – do this in parts, partly after, partly before, not at the end. IP rights – the things I bring are mine, you don’t own them. Don’t leave the history on your tracked changes on in Word if you’re sending over redlines on a contract to the other party. CFAA (Computer Fraud and Abuse Act): If you have unauthorized access or exceed authorized access, both terms of art, you’re facing potential civil charges outside of the contract charges for accessing a computer without authorization.
  16. These folks were really encouraging and also helped review this slide deck to make sure it is helpful to you! I recommend following them on Twitter and meeting them in person if you’re looking for people who are bright and know what they’re doing (and helpful). They’re likely better assets for you since you’re in the actual tech side of this space!
  17. These are *super* basic definitions of what some of the terms in your contract mean.
  18. These are *super* basic definitions of what some of the terms in your contract mean.
  19. If you ARE proposing after a client meeting, and have an MSA or SOW, then you NEED to ensure your Proposal includes what you’d include in the SOW + a reference to the MSA (unless you’re also negotiating in MSA, in which case, refer to an MSA but also attach a template of the same or SOLICIT THEIRS)
  20. So this would be if you’ve already reached out and have an MSA in place. You can tailor this to instead offer a proposal, MSA, and SOW. If you’re thinking in terms of stages of acquiring documents for your client relationship, then this is stage 1 of the process – they’ve reached out or you’re reaching out and providing to them information following an NDA. Any Bold and CAPS need to be replaced.
  21. You can choose either of the two types of verbiage above to make your Statement of Work subject to the negotiated Master Services Agreement.
  22. Most folks use Governing Law to be the State that your Company is registered and incorporated in. Many large businesses/ clients you’ll see will look for a Delaware Choice of Law Provision. Notice how Party is randomly capitalized? It’s because you can define a term and then indicate that it is a defined term in your contract. So if I have an agreement, and I’m starting with this is the MSA (“Agreement”) between Company A (“nickname”) and Company B (“nickname”), collectively “Parties” and individually “Party.” Anything can be a defined term in an Agreement. This example is of in-line term definitions. The other part of your contract that will include definitions is your MSA Definitions section. Then, when you use those terms during the rest of your Agreement, you always capitalize them so that people know you’re talking about defined terms. This is there you define terms like: Vulnerability Equipment Network Downtime Server ANY OTHER TERMS OF ART (TERMS THAT NEED TO BE SPECIFIC OR ARE SPECIFIC IN YOUR INDUSTRY)
  23. Your Compensation section in the MSA can include general information about how you’ll handle receiving fees, invoicing, and collection – as well as timing of payments and how/when you submit invoices. Remember, your SOW/SOS is where you really want to detail phased payments for particular pieces of your project for the client.
  24. You may limit liability to be even more specific: For example “with respect to any indemnification obligation of YOUR COMPANY, the aggregate liability of each Party hereunder, for any and all causes of action and/or claims, liabilities (including reasonable attorneys’ fees), expenses, damages, costs, or losses arising out of or relating to this Agreement, whether based in contract, warranty, negligence or otherwise, will in no event exceed the aggregate amount equal to twelve (12) times the aggregate amount invoiced by YOUR COMPANY for Services rendered (excluding surcharges, taxes, and/or fees) during the calendar month prior to the calendar month in which the event giving rise to liability occurred. You can also just set a cap. That you’re only liable for 300K, or 1M.
  25. You’ll want to have Termination without cause (option to exit the Agreement for no reason) and Termination with cause (option to leave when someone messes up).
  26. In the SOW - you can also set forth Expenses reimbursement (in addition to milestones and compensation details). For example: Expenses. CLIENT COMPANY will reimburse YOUR COMPANY for those reasonable expenses incurred in carrying out the scope of Services, provided that any such expenses are pre-approved in writing by CLIENT COMPANY and are supported by invoices and receipts.
  27. After this provision – you can set forth various options. For example, if your company or your company’s equipment caused the problem, then you could give the Client Company the right to ask you to correct/ replace/re-perform the Services; withhold money owed under the SOW until the issue has been corrected; terminate the SOW and/or Agreement (If you allow this particular part, you should insist that Your Company is entitled to payment for Services to the date of the notice of termination).
  28. This is a super short non-specific reservation of rights. IP sections can get very lengthy.
  29. Please start your questions with “Who, What, Why, Where, When, or How” and end them in a “?”