This page discusses an answer to a question concerning vulnerability assessments
This page details the responsibilities for a project
At Secure Ideas we pride ourselves on our attention to detail in preparing clients for a project. We also understand that in order to ensure a successful project, and create the best possible experience for our clients, we must set forth clear and concise expectations and responsibilities for all parties.
We would also like to make note that regular communication prior to, during, and after the project is paramount in keeping a project on schedule and within budget. With that in mind, we take a collaborative approach in all aspects of the project. If you’re unsure of your responsibilities, have a question about scope or timing, or simply want clarification on a particular requirement to be better prepared, please let us know so we can work with you to provide these details. While this checklist will be modified depending on the specifics of your project, the following provides a solid indicator of what can be expected:
- Client will designate one (1) employee to serve as a primary point of contact for the project. This point of contact will be responsible for scheduling client resources for required meetings, interviews, and other needs deemed necessary to complete the project work as scoped. The point of contact will also participate in weekly status meetings, as needed, and will serve as the first point of escalation for any project-related requests or issues.
- The client is responsible for notifying impacted personnel of the testing as needed, and said testing will be conducted with the expressed authority of management (with full right, power, and authority to consent to services described within this document).
- The client is responsible for obtaining permission to test from any third parties if required. This includes cloud service providers, such as Amazon (for Amazon AWS) or Microsoft (for Azure).
- It is the client's responsibility to perform backups of data on all devices connected to client’s IP addresses and/or domain names prior to invoking the use of the services described within this document.
- The client will provide access to all information, target applications, and systems necessary to the success of this project.
- The client will execute all client data gathering activities in an efficient manner, and data will be promptly submitted to Secure Ideas consultants within a commercially reasonable response time. Any delays incurred in acquiring this information may result in the need for a Change Order and rescheduling of the project, at the discretion of Secure Ideas.
- The client will provide the necessary staff availability to complete identified tasks and/or to participate in interviews. The client’s inability to provide this staff may affect the completion of tasks and/or deliverables.
- The client will provide access to any necessary facility and/or remote access to complete the project.
Secure Ideas Responsibilities
- Complete all activities as described in the executed Statement of Work (SoW).
- Secure Ideas consultants consider all client information and documentation as sensitive and confidential and will handle it appropriately.
- Secure Ideas consultants will notify the client upon discovery of signs of compromise. Signs of compromise include evidence of exploitation by an unknown party, such as the presence of a back door or malicious script.
- Secure Ideas will cease any testing related to the system exhibiting signs of compromise until the client has evaluated the affected system and cleared Secure Ideas to continue.
- Secure Ideas consultants will, to the best of their ability, avoid unnecessarily disruptive or destructive activities on client systems.
- For example, Secure Ideas will not launch Denial of Service (DoS) attacks or run commands that are destructive in nature such as dropping database tables without prior written permission from the client.
Roles and responsibilities are just one important aspect of a project. If you’d like to know more about our project management approach and process before, during, and after a project, please feel free to review some of our other Knowledge Center articles.
Still Have Questions?
We hope this article helped you better understand the various project responsibilities, but if you still have questions, please contact us as we will be happy to provide more information and discuss any concerns you might have as you navigate this journey.