+44 (0) 1242 652100

Terms & Conditions

1. Definitions                       

In these Conditions, the following definitions apply:

Business Day 09.00 to 17.30 on any day (other than a Saturday, Sunday or a public holiday) when banks in London are open for business.

Client The person or firm who purchases the Services from the Supplier under the Proposal.

Conditions These terms and conditions as amended from time to time.

Contract The contract between the Supplier and the Client for the supply of Services in accordance with these Conditions, a Proposal and a Support Service Level Agreement (if applicable).

Deliverables The deliverables set out in the Proposal.

Force Majeure Event An occurrence beyond the reasonable control and without the fault or negligence of the Party affected and which the said Party is unable to prevent or provide against by the exercise of reasonable diligence, including but not limited to:

  • acts of God (such as fires, explosions, earthquakes, drought, tidal waves and floods or other catastrophes);
  • war, hostilities, invasion, act of foreign enemies, mobilisation, requisition or embargo;
  • riot, commotion, strikes, go slows, lock outs of disorder, unless solely restricted to employees of either party; or
  • acts or threats of terrorism.

Intellectual Property Rights

All patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database right, topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world.

Proposal the costed proposal defining the proposed delivery of the Services and the associated fees, as agreed between the parties, and which forms part of the Contract between the parties.

Services The services, including the Deliverables, supplied by the Supplier to the Client as set out in the Proposal.

Statement of Work The document detailing the supply of Services, as agreed between the parties, and which forms part of the Contract between the parties.

Supplier Prism Infosec Ltd, registered in England and Wales with company number 5985734.

Work Output from the Service, including but not limited to any report generated, either electronically or in hard- copy. For the avoidance of any doubt, ‘Work’ does not include any Intellectual Property developed where software development forms part of the Services.

2. Basic Agreement

The Proposal constitutes an offer by the Supplier to supply the Services in accordance with these Conditions.

The Proposal shall only be deemed to be accepted when the parties issue written acceptance of the Proposal (or provide a purchase order for Services to be provided under that Proposal), at which point and on which date the Contract shall come into existence.

The Contract constitutes the entire agreement between the parties. The Client acknowledges that it has not relied on any statement, promise or representation made or given by or on behalf of the Supplier which is not set out in the Contract.

Any reports, drawings, descriptive matter or advertising issued by the Supplier and any illustrations or descriptions of the Services contained in the Supplier’s catalogues or brochures are issued or published for the sole purpose of giving an approximate idea of the Services described in them. They shall not form part of the Contract or have any contractual force. The only binding documents/artefacts are these Conditions, the Proposal and others specifically referred to within it.

These Conditions apply to the Contract to the exclusion of any other terms that the Client seeks to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.

Any quotation given by the Supplier shall not constitute an offer and is only valid for a period of thirty (30) days from its date of issue.

3. Charges and Payment                              

The charges for Services shall be set out in the proposal and/or quotation or, if no charges are quoted, the default position will be that the Services are charged on a time and materials basis:

  • the charges shall be calculated in accordance with the Supplier’s standard daily fee rates, as set out in the proposal or quotation;
  • the Supplier’s standard daily fee rates for each individual person are calculated on the basis of a normal Business Day;
  • unless agreed otherwise, the Supplier shall be entitled to charge overtime for any time worked by individuals whom it engages on the Services on a pro-rata basis as follows:
  • fifty per cent (50%) uplift on the standard daily fee rate for time worked outside the defined hours of a normal Business Day; and
  • one hundred per cent (100%) uplift on the standard daily fee rate for time worked on a non- Business Day.

The treatment of expenses (if applicable) will be set out in the Proposal. In the absence of any detailed expenses process in the Proposal, the default position will be that the Supplier shall be entitled to charge the Client for any reasonable expenses incurred by the individuals whom the Supplier engages in connection with the Services including, but not limited to, travelling expenses, hotel costs, subsistence and any associated expenses, and for the cost of services provided by third parties and required by the Supplier for the performance of the Services, and for the cost of any materials, subject to the production of receipts supporting such expenses which the Supplier seeks to recover. If a cap on expenses has been agreed in the Proposal, and if it becomes apparent that such expenses will necessarily exceed pre-agreed limits, written approval will be sought from the Client.

The Supplier reserves the right to:

  • increase the price of the Services, by giving notice and full written justification to the Client at any time before delivery, to reflect any increase in the cost of the Services to the Supplier that is due to:
  • any factor beyond the control of the Supplier (including foreign exchange fluctuations, increases in taxes and duties, and increases in labour, materials and other manufacturing costs);
  • any request by the Client to change the delivery date(s), quantities or types of Services ordered, or the Services Specification; or
  • any delay caused by any instructions of the Client in respect of the Services or failure of the Client to give the Supplier adequate or accurate information or instructions in respect of the Services.

Unless specified otherwise (for example, as a key term in the Proposal), the default invoicing position will be:

  • With respect to Consultancy and Testing Services, the Supplier shall invoice the Client monthly in arrears.
  • with respect to an Annuity Service, the Supplier shall invoice the Client annually or monthly in advance.

The Client shall pay each invoice submitted by the Supplier:

  • within 30 days of the invoice date;
  • in full and in cleared funds to a Pound Sterling bank account nominated in writing by the Supplier; and
  • time for payment shall be of the essence of the Contract.

All amounts payable by the Client under the Contract are exclusive of amounts in respect of value added tax (VAT) chargeable from time to time.

Where a scheduled Client Service as accepted by the Client in the Proposal is cancelled or postponed by the Client, the Supplier reserves the right to charge a postponement or cancellation fee on the following basis:

  • Postponement or Cancellation less than five (5) working days’ notice of scheduled commencement of

service delivery: 100% of proposed fee

  • Postponement or Cancellation between five (5) and ten (10) working days’ notice of scheduled

commencement of service delivery: 50% of proposed fee

Without limiting any other right or remedy of the Supplier, if the Client fails to make any payment due to the Supplier under the Contract by the due date for payment, the Supplier shall have the right to charge interest on the overdue amount at the rate 3% per annum above the Bank of England Base Rate. Such interest shall accrue on a daily basis from the due date until actual payment of the overdue amount. The Customer shall pay the interest together with the overdue amount.

The Client shall pay all amounts due under the Contract in full without any deduction or withholding except as required by law and the Client shall not be entitled to assert any credit, set-off or counterclaim against the Supplier in order to justify withholding payment of any such amount in whole or in part. The Supplier may not, without limiting its other rights or remedies, set off any amount owing to it by the Client against any amount payable by the Supplier to the Client.

4. Supplier Obligations              

The Supplier shall provide the Services to the Client in accordance with the Proposal and Proposal in all material respects. In providing the Services, the Supplier will at all times:

  • provide the Services and perform its obligations in accordance with good industry practice;
  • comply with all applicable laws and notify the Client of any proposed changes in applicable laws that the Supplier becomes aware of that may affect the provision of the Services by the Supplier to the Client;
  • perform the Services in a timely, reliable and professional manner, in conformity with good industry practice by a sufficient number of competent Supplier personnel with appropriate skills, qualifications and experience, and have the ability and capacity to meet such requirements.

The Supplier shall use reasonable endeavours to meet any performance dates for the Services specified in the Proposal, but any such dates shall be estimates only and time shall not be of the essence for the performance of the Services.

The Supplier shall have the right to make any changes to the Services which are necessary to comply with any applicable law or safety requirement, or which do not materially affect the nature or quality of the Services, and the Supplier shall notify the Client in any such event.

5. Client Obligations                                      

The Client shall:

  • ensure that the terms of the Proposal and Proposal are complete and accurate;
  • co-operate with the Supplier in all matters relating to the Services;
  • provide the Supplier, its employees, agents, consultants and subcontractors, with access to the Client’s premises, office accommodation and other facilities as reasonably required by the Supplier to provide the Services, and maintain a safe working environment for the Supplier in such facilities that complies with all applicable legislative requirements (including occupational, health and safety laws and regulations).
  • provide the Supplier with such information and materials as the Supplier may reasonably require to supply the Services, and ensure that such information is accurate in all material respects;
  • prepare the premises for the supply of the Services;
  • obtain and maintain all necessary licences, permissions and consents which may be required for the Services before the date on which the Services are to start;
  • keep and maintain all materials, equipment, documents and other property of the Supplier (Supplier Materials) at the Client’s premises in safe custody at its own risk, maintain the Supplier Materials in good condition until returned to the Supplier, and not dispose of or use the Supplier Materials other than in accordance with the Supplier’s written instructions or authorisation.

If the Supplier’s performance of any of its obligations in respect of the Services is prevented or delayed by any act or omission by the Client or failure by the Client to perform any relevant obligation (Client Default):

  • the Supplier shall without limiting its other rights or remedies have the right to suspend performance of the Services until the Client remedies the Client Default, and to rely on the Client Default to relieve it from the performance of any of its obligations to the extent the Client Default prevents or delays the Supplier’s performance of any of its obligations;
  • the Supplier shall not be liable for any costs or losses sustained or incurred by the Client arising directly or indirectly from the Supplier’s failure or delay to perform any of its obligations as set out in this clause arising from the Client Default; and
  • the Client shall reimburse the Supplier on written demand for costs or losses, up to the value of the goods and services provided by the Supplier, sustained or incurred by the Supplier arising directly from the Client Default.

6. Sub-Contract, Assignment and Alteration 

The Supplier shall not, without the prior written consent of the Client  assign, transfer, novate, charge, subcontract or deal in any other manner with all or any of its rights or obligations under the Contract to any third party.

The Client shall not, without the prior written consent of the Supplier, assign, transfer, novate, charge, subcontract or deal in any other manner with all or any of its rights or obligations under the Contract.

The parties shall at all times remain responsible for the acts and omissions of its subcontractors.

Because of the nature of the work to be undertaken by The Supplier, both parties accept that it may be necessary to agree to alter or adapt the Services and that any additional works required may not be included in the Consultancy Fee detailed in the Proposal. In the event that The Supplier estimates that these additional works will cause an increase in Consultancy Fee or delay in completion of the work, it shall notify the Client in writing. The parties accept that any changes or additions to the Proposal shall be valid only if agreed in writing by The Supplier and the Client.

7. Suspension                                         

In the event of any interruption of the Client’s or of The Suppliers business due to circumstances beyond each parties control such as but not limited to any industrial dispute, fire explosion or accident which would prevent or hinder the use of goods or work which is the subject of the Proposal both the Client and The Supplier shall have the right to suspend the Services until such circumstances have ceased.

8. Methods, Tools, materials and/or equipment                                    

The Supplier shall provide any equipment and/or tools and/or materials necessary for the provision of the Services. Whilst the Supplier’s methods to provide Services shall be their own, The Supplier may adopt and use other nominated processes and quality standards applicable to the Service suggested or recommended by the Client.

9. Confidentiality   

The Supplier and the Client shall be bound by the Confidentiality and Non-Disclosure Agreements in place and as such treat the information given by either party as confidential. The Supplier and the Client will use such information only for the purpose of the Service and shall not disclose to any third party any specific information regarding the Service without the prior written consent of the other party. Where reports, architectural diagrams or other technical data of a sensitive nature are issued, both parties shall exercise proper custody and control and return/dispose of such in accordance with the other parties’ written instructions.

With regard to data handled by the Supplier and where data retention requirements are applicable to a particular Service (for example, the delivery of Cyber Essentials services) then the Supplier shall retain information for the period of information mandated by that Service definition. Otherwise, the Supplier shall retain information as defined by its Data Retention Policy (available on request).

10. Patent and Other Rights

Where software development forms part of the Service the ownership of any intellectual property rights including but not limited to patents, registered designs, unregistered design rights and copyright arising from such developments shall be transferred to the Client and The Supplier shall co-operate in any measure necessary to make such transfer effective as soon as any such right arises.

11. Copyright

As part of the delivery of the Client project, a report shall be produced and provided. The copyright of all materials produced by The Supplier shall remain invested with us.

The Supplier hereby grants to the Client, in accordance with the terms and conditions of this Agreement, an exclusive, non-transferrable license to use the Work in the course of its business and for its own internal business purposes, and for no other purpose whatsoever without the express written permission of The Supplier. The Client shall not sell or distribute the Work in any way. the Client may copy the Work in accordance with the terms of this Agreement, for internal business purposes. Any other use made by the Client shall only occur upon the receipt of prior written approval from the Supplier.

The Client shall not sell, grant sub-licenses or distribute the Work in any way without the prior express written approval of the Supplier.

The Client hereby accepts such license and agrees that the Client shall not use the Work except in accordance with the terms and conditions of this Agreement.

The Client acknowledges that The Supplier is the sole and exclusive owner of the Work and of all associated intellectual property registrations and pending registrations, as applicable, and the Client shall do nothing inconsistent with such ownership.

The Client further agrees that it will not claim ownership rights to the Work, or any derivative, compilation, sequel or series, or related Work owned by or used by The Supplier.

The Client agrees that nothing in this Agreement shall give the Client any right, title, or interest in the Work other than the right to use the same in accordance with the terms of this Agreement.

The Client agrees not to make similar derivatives of the Work. the Client admits the validity of all copyrights for the Work and all associated intellectual property registrations, and acknowledges that any and all rights that might be acquired by the Client because of its use of the Work shall inure to the sole benefit of Licensor.

12. Indemnity

The Supplier shall indemnify the Client against all losses, damages, costs or expenses incurred by, awarded against the Client arising from:

  • any breach of data protection;
  • any breach of confidentiality;

13. Limitation of Liability

Nothing in these Conditions shall limit or exclude the Supplier’s liability for:

  • death or personal injury caused by its negligence, or the negligence of its employees, agents or subcontractors;
  • fraud or fraudulent misrepresentation by it or its employees;
  • breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession);
  • breach of clause 9 (Confidentiality); or
  • any other act or omission which may not be limited under applicable law.

Subject to the above in Clause 13, the Supplier shall not be liable to the Client, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any loss of profit, indirect, special or consequential loss or damage arising under or in connection with the Contract.

Subject to the above in Clause 13, the Supplier’s total liability to the Client in respect of all other losses arising under or in connection with the Contract, whether in contract, tort (including negligence), breach of statutory duty or otherwise, shall not exceed one hundred and twenty-five percent (125%) of the value of the order as set out in the applicable Proposal.

Except as set out in these Conditions, all warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded from the Contract.

This clause 13 shall survive termination of the Contract.

14. Termination (Defective Materials / Workmanship)    

The Client shall be entitled to cancel the Services Order and/or claim reimbursement for actual losses and expenses suffered in the event that:

  • The Supplier fails to deliver the Services in accordance within the terms of the Proposal and Proposal; or
  • The Supplier fails to rectify defective work within the timescale agreed in writing between the Client and The Supplier; or
  • the performance of The Supplier is demonstrably below normal industry standards for the type of Service.

Without prejudice to all the Client’s rights and remedies at law The Supplier will repair or replace at the Client’s request any defective item delivered by The Supplier. A defective item is one which does not comply with agreed acceptance criteria. the Client shall set out in writing to The Supplier, the nature of any supposed defective items.

The Supplier will investigate defective items on request by the Client and will provide the Client with a written report describing the cause or causes of such defects and setting out details of corrective action, which will prevent recurrence.

The Client shall warrant that all costs and expenses reasonably incurred by The Supplier due to carrying out the requested investigation where items turn out not to be defective will be fully paid by the Client.

15. Health and Safety at Work Act 1974

In accordance with the requirements of the health and safety at work act 1974 and any re-enactment or amendment thereof, any safety precautions required for the handling of the material covered by the Proposal are to be clearly indicated on each consignment by the consignee.

16. Computer Misuse Act 1990

Under the Computer Misuse Act 1990 it is an offence to gain unauthorised access to a computer system or to make unauthorised modifications to computer data. Client acceptance of a Statement of Work issued by the Supplier and/or permitting the Supplier to proceed with a project against computer systems outlined in a Statement of Work shall indemnify the Supplier from any claim under the UK Computer Misuse Act 1990.

It is the Client’s duty to inform any third-party (for example, cloud, system or application hosting providers) systems or networks that may be affected by the testing and as such the Client shall indemnify the Supplier against any claim arising from a third-party relating to the Services.

No deliberate denial of service testing will be performed; however, the Client shall indemnify the Supplier from any loss related to unexpected data additions or changes that affect Client processes (for example, messaging, order processing, security alerts), and metrics (for example usage, tracking, availability), unless this has been specifically communicated to the Supplier as a concern in the Statement of Work.

17. Human Rights Act 1998             

In compliance with the Human Rights Act 1998, the Supplier shall make all reasonable endeavours to ensure that an individual’s privacy is respected, where applicable. As such the Supplier shall ensure that personal and sensitive data is only collected and retained with agreement of the individual and specifically as part of the test requirements or objectives. Where the Client has already informed its employees that they have no right to privacy on Client systems and that email may be monitored, then the Client shall indemnify The Supplier against any claims arising.

18. Regulation of Investigatory Powers Act 2000

The Regulation of Investigatory Powers Act covers the interception or discovery of data on any electronic medium. During the course of testing Penetration testers may identify network traffic or data indicating inappropriate or illegal activities by the Client’s staff.

Should the Client take disciplinary or legal action against employees as a result of such findings then the Client shall indemnify the Supplier against any resulting breach of the Regulation of Investigatory Powers Act.

19. Communications Act 2003

The Communications Act makes the interception of wireless signals an offence unless authorised.

Where Wireless Network and Social Engineering testing is within the scope of the Proposal then the Client hereby grants authorisation to radio frequency interception and as such indemnifies The Supplier against any action under the Communications Act 2003.

20. Malicious Communications Act 1998

Where social engineering is included within the Proposal, e-mails or other electronic communications sent as part of the engagement may be deemed by recipients to fall within the terms of the Malicious Communications Act 1998. The Client shall indemnify the Supplier against any action by the Client or their Staff under this act for actions carried out as part of an authorised social engineering test.

21. UK Data Protection Act 2018 / UK General Data Protection Regulations 2018

Any information and data provided by the Client to The Supplier and used by The Supplier directly or indirectly in the performance of this Agreement shall remain at all times the property of the Client. It shall be identified, clearly marked and recorded as such by The Supplier on all media and in all documentation.

In enactment of this agreement, the Client confirms that the Supplier is authorised to act as a Data Processor for all categories of personal data collected by the Supplier during the course of the Work, without notification to the Information Commissioner under the terms of the UK Data Protection Act 2018 and UK General Data Protection Regulations and any other applicable regional law.

The Supplier shall take all reasonable precautions to preserve the integrity and prevent any corruption or loss, damage or destruction of the Client data and information.

In compliance with the UK Data Protection Act 2018, any personal information pertaining to an individual that is discovered during the course of the testing will be treated in confidence and destroyed once the commercial need for its retention has ended, this is usually marked by the delivery of the report to the client, although where clients request year on year comparisons of test data, such data may be securely retained in line with agreed data retention requirements. Such information will be appropriately protected throughout the course of its retention.

In the event of termination of this Agreement the Supplier shall when directed to do so by the Client, and instruct all its agents and sub-contractors to, erase all information and data provided by the Client and all copies of any part of the information and data provided by the Client from The Supplier’s systems and magnetic data.

All personal data acquired by Company from the Client shall only be used for the purposes of this Agreement and shall not be further processed or disclosed without the consent of the Client. The Supplier makes use of Amazon and Microsoft cloud-based information systems for storage of project and company data, within UK and EU regions. As such, all data handled by the Supplier is stored within the UK and the European Union. The Client hereby agrees to the use of this platform for storage of data procured during an engagement and indemnifies the Supplier against any claim arising for the storage of personal data on Supplier systems.

Nothing in this Agreement shall oblige the Client to disclose any information to The Supplier if it is of the view that to do so would be a breach of the UK Data Protection Act 2018.

In fulfilment of its obligations under Clauses 9 and 21 The Supplier will have in place and will maintain at all times the Information Standards which will deal comprehensively with:

  • The protection of the confidentiality, integrity and security of all and any information supplied to The Supplier by the Client;
  • The audit and accounting procedures in place to deal with the requirements of this clause;
  • The reliability and training of staff to ensure awareness of (and compliance with) their obligations under clauses 10 and 22.
  • Any other measures and procedures to ensure that The Supplier’s obligations under clauses 9 and 21 are met.

The Supplier agrees to:

  • Provide the Client with such information and access to its premises (upon giving reasonable notice) as the Client may reasonably require to satisfy itself that The Supplier is complying with the obligations referred to in this clause
  • Make such application for a change in its notification and take such other steps as may be reasonably practicable to afford the Client access to information which is reasonably required by the Client in connection with or for any purpose connected with its rights and obligations under this Agreement

The Supplier shall take all reasonable steps to ensure that all its agents, partners and sub-contractors comply with the all the provisions set out above whenever they are procession the Client information or data as part of this Agreement.

For further details, our privacy policy is available upon request which stipulates our approach to complying with Privacy regulations, how we handle personal data and the individual rights pertaining to our handling of it.

22. Freedom of Information Act 2000

The Freedom of Information Act 2000 requires public authorities to publish certain information if they receive a request to do so. The Act’s aim is to improve government transparency and to ensure that public authorities are held to account for their actions and decisions. The requirements of the Freedom of Information Act 2000 (where applicable to the Client) shall supersede all other rights to enforcing the confidentiality clauses, including details of contractual agreements in place between the Client and The Supplier.

23. Payment Card Industry Data Security Standard (PCI DSS)

Where any testing delivered for the Client incorporates assessment of the security of payment cards then the requirements of the latest version of the Payment Card Industry (PCI) Data Security Standard (DSS) and supplementary information on the delivery of penetration tests shall apply and be followed. The latest version of the PCI DSS as well as the PCI Security Standards Council (SSC) guidance on the delivery of penetration tests can be found at the following URLs: –

24. Insolvency

the Client shall be entitled at any time by notice in writing to The Supplier to terminate this contract without compensation to The Supplier in respect of the terminated portion but with full payment for Services carried out but unpaid in the event that:

  • The Supplier becomes insolvent or makes any compensation or arrangement with its creditors; or
  • The Supplier passes any resolution for The Supplier’s winding up; or
  • where any government or other special condition is incorporated by reference in the Proposal such special condition shall apply.

25. Information Security

Where a security classification appears in the Proposal, The Supplier and the Client shall at all times comply with the relevant security procedures for handling classified information including those contained in any security aspects letter issued by the Client’s security officer and agreed in writing by The Supplier and which shall form part of the Service.

26. Waiver

Any concession or indulgence made by either party shall not be considered as a waiver of that party’s rights under the order unless specifically authorised in writing on that party’s printed order or amendment form.

27. Force Majeure

If a Force Majeure Event prevents the Supplier from providing any of the Services and/or Goods, or the Client from complying with any of its obligations for more than fourteen (14) days, the Supplier shall, without limiting its other rights or remedies, have the right to terminate the Contract immediately by giving written notice to the Client as per clause 14.

28. Law

The construction validity and performance of the order shall be governed by the law of England and subject to the exclusive jurisdiction of the English courts.

Experiencing a security breach?
Contact the cyber security experts now

Prepare

Respond

Manage

About us
LuxisAI
Case studies
Sectors
Insights
Careers
Get in touch