Terms of Business


4ITSec Limited, a limited company registered in England and Wales under company number 09082887 with its registered address at Butler’s Cottage, Gunton Park, Norwich, NR11 7HL, England (“4ITSec”).

You are a 4ITSec customer who has engaged 4ITSec to perform Services on behalf of the business that you work for (the “Client”).


The definitions and rules of interpretation in this clause apply in these Terms & Conditions of Service (“Agreement”).


Deliverables: all information, content and materials developed or provided by 4ITSec in relation to the Services in any media, including: data, diagrams, reports and specifications (including drafts);

Fees: the fees for the Services and Goods provided by 4ITSec under this Agreement (including any Third Party Materials), as detailed in an Order;

Goods: any software or hardware provided pursuant to an Order;

Intellectual Property Rights: any patents, trade marks, service marks, copyright, database rights, moral rights, design rights, unregistered design rights, domain names, rights in get-up, topography rights, know-how, confidential information and any other intellectual or industrial property rights whether or not registered or capable of registration and whether subsisting in England or any other part of the world together with any goodwill relating or attached to such rights;

Order: a written document describing the Services and/or Goods to be provided by 4ITSec to the Client and the applicable fees (including fees for any Third Party Materials).

Services: the services provided by 4ITSec under this Agreement, as specified in the applicable Order. This can include: Penetration Testing, Encryption, Cyber Health Check, Cyber Essentials Accreditation, Cyber Education & Training, ISO 27001 compliance, PCI DSS compliance, Regulatory compliance, Vulnerability scanning and Web application testing, Security Assessments and Security Compliance auditing;

Third Party Materials: any third party materials used in the Services, including any third party Goods; and

Third Party Suppliers: any third parties commissioned for the provision of any part of the Services or the Goods.

Unless the context otherwise requires, words in the singular shall include the plural and in the plural include the singular.

A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.

The terms ‘including’, ‘include’, ‘in particular’ or any similar expression shall be illustrative only and are not intended to limit the sense of the words preceding those terms.

The headings of the clauses of this Agreement are for convenience of reference only and are not intended to be part of, or affect, the meaning or interpretation of this Agreement.

A reference to ‘writing’ or ‘written’ includes faxes and email unless stated otherwise.


This Agreement will:

apply to and be incorporated into any Services provided by 4ITSec to the Client; and

apply to the exclusion of any other terms that the Client seeks to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.


4ITSec shall:

provide the Services with reasonable care and skill;

use reasonable endeavours to provide the Goods that are requested in an Order to the Client;

use reasonable endeavours to comply with any timeline set out in the Order. Any time frames or dates agreed with 4ITSec are based on estimates only and time will not be of the essence for the performance of the Services or the supply of Goods; and

engage any Third Party Suppliers for the provision of any part of the Services or the Goods in 4ITSec’s sole discretion.


The Client will:

provide access to its premises during the Client’s normal business hours for any site visits requested by 4ITSec;

provide access to its computer systems and local network as requested by 4ITSec;

promptly provide all such information, materials, co-operation and assistance reasonably required by 4ITSec pursuant to the Services; and

ensure that it has the appropriate consent and authorisation from any of its employees, contractors, sub-contractors or agents who will be subject to any aspect of the Services (for example, the right to ethically hack their mobile phones (if required)).

If 4ITSec’s performance of its obligations under this Agreement is prevented or delayed by any act or omission of the Client or the Client’s agents, sub-contractors or employees, 4ITSec will not be liable for any delay in the provision of the Services. For any such delays exceeding two weeks’ duration, the Client must pay to 4ITSec on-demand any costs or expenses incurred by 4ITSec as a result of the delay.


Whilst 4ITSec will take reasonable care not to damage data files, 4ITSec does not guarantee the integrity of the data held on any of the Client’s computers, storage devices or other items in its possession from time to time.

4ITSec will use reasonable endeavours to ensure that viruses and/or malware do not transfer from its systems to the Client’s systems. The Client acknowledges there is a risk of viruses being transmitted when connecting external computers to its systems and it is the Client’s sole responsibility to back-up any data which may be accessible during the performance of the Services by 4ITSec.


Unless otherwise agreed in writing, the Client will pay a deposit of 50% of the Fees upon receiving an invoice from 4ITSec prior to the commencement of the Services or the provision of the Goods. The remaining Fees and any other fees under this Agreement will be payable upon completion of the Services and/or the provision of the Goods (as applicable).

The Client will pay 4ITSec the Fees set out in the Order as well as any additional fees under this Agreement within seven days of the date of the relevant 4ITSec invoice.

All amounts due under this Agreement will be paid by the Client to 4ITSec in full without any set-off, counterclaim, deduction or withholding.

Unless otherwise stated, any Fees exclude:

VAT (or any similar sales tax in force from time to time) (where applicable); and

the cost of any ancillary expenses reasonably incurred by 4ITSec in connection with the provision of the Services, including travel and accommodation (where applicable).

Without prejudice to any other right or remedy that 4ITSec may have, if the Client fails to pay 4ITSec by the relevant invoice due date, 4ITSec may:

charge interest on such sum from the due date for payment in accordance with the Late Payments of Commercial Debts (Interest) Act 1998, accruing on a daily basis and being compounded quarterly until payment is made, whether before or after any judgment; and/or

suspend the provision of the Services.

All payments payable to 4ITSec under this Agreement will become due immediately on the termination of this Agreement, notwithstanding any other provision. This clause is without prejudice to any right to claim for interest or any other right under this Agreement.

4ITSec may, without prejudice to any other rights it may have, set off any liability of the Client to 4ITSec against any liability of 4ITSec to the Client.


The Client hereby grants to 4ITSec a non-exclusive, perpetual, irrevocable, royalty-free, worldwide licence to use the content and materials supplied by the Client for the purposes of the provision of the Services only.

All Intellectual Property Rights and all other rights in the Deliverables shall vest and remain vested in 4ITSec.

Upon final payment for the Services, 4ITSec licenses all Intellectual Property Rights in the Deliverables (to the extent that they do not include any Third Party Materials) to the Client on a non-exclusive, perpetual, irrevocable, non-transferable, royalty-free, worldwide basis to enable the Client to use the Deliverables for internal business purposes.

The copyright and other intellectual property rights in Goods supplied by 4ITSec may be owned by Third Party Suppliers. The Client acknowledges that the Client’s use of rights in Third Party Materials may be governed by, and will be conditional upon, the Client agreeing to an end-user licence (or sub-licence) of such rights directly with the relevant licensor.


The Client will indemnify and keep 4ITSec indemnified against all losses, costs and liabilities and all expenses, including reasonable legal or other professional expenses, suffered or incurred by 4ITSec arising out of or in connection with any claim in relation to:

any content, information or materials provided by the Client to 4ITSec directly or indirectly pursuant to the Services which are of a defamatory, offensive or illegal nature or that infringe data protection or privacy rights; and

actual or alleged infringement of a third party’s Intellectual Property Rights arising out of or in connection with the Deliverables or any content, information or materials provided by the Client to 4ITSec pursuant to the Services.


A party (“Receiving Party”) will keep in strict confidence all technical or commercial know-how, specifications, inventions, processes or initiatives which are of a confidential nature and have been disclosed to the Receiving Party by the other party (“Disclosing Party”) or its employees, agents or sub-contractors and any other confidential information concerning the Disclosing Party’s business, its products and services which the Receiving Party may obtain (“Confidential Information”).

In relation to any Confidential Information received from the Disclosing Party or from a third party on behalf of the Disclosing Party, the Disclosing Party and the Receiving Party agree:

to treat the Confidential Information in confidence and to use it only for the purpose of discharging the Receiving Party’s obligations under this Agreement;

not to disclose the Confidential Information to any third party without the express written permission of the Disclosing Party (except that the Receiving Party may disclose the Confidential Information to its employees, agents and sub-contractors who need access to the Confidential Information in connection with discharging the Receiving Party’s obligations under this Agreement and provided that such employees, agents and sub-contractors are made aware of the confidential nature of the Confidential Information and are subject to confidentiality obligations at least as onerous as those set out in this Agreement); and

to treat the Confidential Information with the same degree of care and with sufficient protection from unauthorised disclosure as the Receiving Party uses to maintain its own confidential or proprietary information.

Nothing in this Agreement will prevent the Receiving Party from using or disclosing any Confidential Information which:

is in or comes into the public domain in any way without breach of this Agreement by the Receiving Party or any person or entity to whom it makes disclosure;

the Receiving Party can show was (i) in its possession or known to it by being in its use or being recorded in its files prior to receipt from the Disclosing Party and was not acquired by the Receiving Party from the Disclosing Party under an obligation of confidence or (ii) to have been independently developed by the Receiving Party without reference to the Confidential Information;

the Receiving Party obtains or has available from a source other than the Disclosing Party without breach by the Receiving Party or such source of any obligation of confidentiality or non-use;

is disclosed by the Receiving Party with the prior written approval of the Disclosing Party; or

is required by law to be released (e.g. by a court order), provided that, when permitted by the applicable law, the Disclosing Party is given as much prior written notice as possible of such request.

This clause 10 shall survive termination of this Agreement, however arising.


The following provisions set out the entire financial liability of either party (including any liability for the acts or omissions of its employees, agents, consultants and sub-contractors) in respect of:

any breach of this Agreement howsoever arising;

any use made by the Client of the Services, the Goods or the Deliverables; and

any representation, misrepresentation (whether innocent or negligent), statement or tortious act or omission (including without limitation negligence) arising under or in connection with this Agreement.

All warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded from this Agreement.

Nothing in this Agreement limits or excludes the liability of either party for death or personal injury resulting from negligence or for any damage or liability incurred by a party as a result of fraud or fraudulent misrepresentation by the other party.

Subject to clauses 9 and 11.3:

neither party will be liable for loss of profits, loss of business, depletion of goodwill and/or similar losses, loss of anticipated savings, loss of goods, loss of contract, loss of use, loss or corruption of data or information or any special, indirect, consequential or pure economic loss, costs, damages, charges or expenses; and

each party’s total liability to the other party in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise arising under or in connection with this Agreement will be limited to the price paid or payable for the Services provided to the Client by 4ITSec giving rise to such claim for damages.


Without limiting any other rights or remedies, 4ITSec may terminate this Agreement by providing the Client with at least one months’ notice in writing.

Without limiting any other rights or remedies, either party (“Terminating Party”) may terminate this Agreement with immediate effect by providing written notice to the other party (“Defaulting Party”) on or at any time after the occurrence of any of the events specified below:

a breach by the Defaulting Party of its obligations under this Agreement which (if the breach is capable of remedy) the Defaulting Party has failed to remedy within 14 days after receipt of notice in writing from the Terminating Party requiring the Defaulting Party to do so;

an event, including (or similar in nature to) the following:

the Defaulting Party is unable to pay its debts as they fall due;

the Defaulting Party goes into liquidation either compulsorily (except for the purpose of reconstruction or amalgamation) or voluntarily;

a receiver is appointed in respect of the whole or any part of the Defaulting Party; or

a provisional liquidator is appointed to the Defaulting Party or the Defaulting Party enters into a voluntary arrangement or any other composition or compromise with the majority by value of its creditors or has a winding-up order or passes a resolution for the voluntary winding-up or has an administrative receiver appointed or takes steps towards any such event; or

the Defaulting Party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business.

If this Agreement terminate for any reason, 4ITSec will only charge the Client for Services provided up to the effective date of termination and for any financial commitments (in respect of Goods or Services) beyond the effective date of termination which cannot be cancelled.

Any provision of this Agreement that expressly or by implication is intended to come into or continue in force on or after termination or expiry of this Agreement shall remain in full force and effect.


Neither party shall in any circumstances have any liability to the other party under this Agreement if it is prevented from, or delayed in, performing its obligations under this Agreement or from carrying on its business by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes or illness involving the workforce of 4ITSec or any of the Third Party Suppliers, failure of a utility service or transport network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors. If the force majeure event continues for a period of four weeks or more, the unaffected party may terminate this Agreement by providing the other party with written notice.


4ITSec reserves the right at any time to update this Agreement and to impose new or additional terms. If the Client continues to use the Services after being notified of any such modification or additional terms, the Client will be deemed to have accepted these changes and they will be incorporated into this Agreement.

Subject to clause 14.1, no variation of this Agreement will be effective unless it is in writing and signed by the authorised representatives of the parties.

If the Client wishes to make a change to the scope of the Order, 4ITSec has no obligation to accept the change unless and until the parties have agreed in writing on the necessary variations to the Fees, the Order document and any other relevant terms of this Agreement to take account of the change.


All warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded from this Agreement.



This Agreement constitute the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter. Each party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that are not set out in this Agreement. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this Agreement.

If any provision or part-provision of this Agreement are or become invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of this Agreement.

No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy. The rights and remedies provided under this Agreement are in addition to, and not exclusive of, any rights or remedies provided by law.

The Client shall not, without the prior written consent of 4ITSec, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement. 4ITSec may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.

Nothing in this Agreement is intended to or shall operate to create a partnership between the parties, or to authorise either party to act as agent for the other, and neither party shall have authority to act in the name or on behalf of or otherwise to bind the other in any way (including without limitation the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

No one other than a party to this Agreement, their successors and permitted assignees, shall have any right to enforce any of its terms.

All notices must be in writing and are deemed given when mailed by registered or certified mail, return receipt requested, to the other party’s main business address. It is agreed that serving notice by email or fax will not be an effective method of providing notice of a claim under this Agreement.


This Agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation (including without limitation non-contractual disputes or claims) are governed by English law and the parties irrevocably submit to the exclusive jurisdiction of the English courts.

- Contact Details -