Pre-built NDA, MSA, DPA, and Statement of Work templates — written so your legal team has a real document to redline against. A pre-filled security questionnaire that answers the standard 50+ procurement questions. Skip three weeks of back-and-forth.
Standard mutual NDA covering both sides. Two-year term, customary carve-outs (publicly available info, independently developed, compelled disclosure). Plain English where the law allows, formal where it doesn't.
Master agreement that governs all engagements between you and CyberGrid. Order-form / SoW driven: sign the MSA once, then individual SoWs reference it. Includes IP, warranty, liability cap, indemnification, term, termination, governing law.
GDPR / UK GDPR Article 28 processor terms, CCPA / CPRA service-provider terms, sub-processor list, technical and organizational measures (TOMs) annex, data-transfer mechanism (SCC reference where applicable). EU-ready, US-ready.
Sample fully-populated SoW for a $4,999 web-application pen test. Concrete scope, in-scope / out-of-scope statements, methodology references, timeline, deliverables, retest policy, rules of engagement, point-of-contact table. Use as the literal template for your own engagement.
Answers to the standard procurement security questionnaire (SIG Lite / CAIQ / Vanta vendor review style). 60+ questions covering corporate security, data handling, infrastructure, access control, vulnerability management, incident response, business continuity, sub-processors. Hand to your procurement team and skip three weeks of back-and-forth.
NDA, MSA, DPA, SoW. Hand them to your legal team along with our pre-filled security questionnaire.
Most teams sign the templates as-is. Some redline the MSA. Either way: you're working from a starting document, not a blank page.
Signed via DocuSign / HelloSign or e-signed PDF — your call. Engagement-specific SoW signed at the same time.
Once papers are signed, we kick off within 3 business days. For pen tests: 5–10 business day turnaround from kickoff to delivered report.
These are templates, not pre-executed contracts. They're written to give your legal team a sensible starting document to redline. Nothing on this page constitutes a binding agreement until both parties have signed.
We will execute your paper too. If your procurement team has their own NDA / MSA / DPA they require, send it over — we'll review and counter-sign or redline. We don't need to use our templates; they exist to make procurement faster, not as a requirement.
These are not legal advice. They were drafted to reflect industry-standard terms for a security testing services provider. You should have your own counsel review before signing — anywhere we are not licensed to practice law (which is everywhere), we don't.
Some clauses are intentionally generous. The liability cap defaults to 1× fees paid; some vendors push for 0.5× or less. The IP terms grant you full ownership of the deliverables (your report, your findings); some vendors keep ownership and license it back. We think these are the right defaults — but they're starting points, not the only acceptable terms.
Questions about any of this? Email hello@thecybergrid.com — a real engineer (the same one who runs the engagement) replies.