SCAN AUTHORIZATION AGREEMENT

THIS AGREEMENT MUST BE COMPLETED BEFORE SCANNING BEGINS

⚠️ Important: By purchasing our services, you represent that you own or have legal authority to authorize security assessments on all domains provided. You will receive a Scan Authorization Agreement via email that must be signed before we begin scanning.

1. AUTHORIZATION TO SCAN

You hereby authorize Touchpoints Healthcare Security to conduct external security assessments on the domain(s) you provide during checkout.

2. REPRESENTATIONS & WARRANTIES

You represent and warrant that:

• You own the domain(s) OR have legal authority to authorize security assessments
• You have obtained all necessary approvals from your organization
• You will not hold THS liable for any service disruptions during scanning
• You understand scanning is external and non-invasive
• You are responsible for implementing any recommended fixes

3. SCOPE OF ASSESSMENT

THS will perform:

• External port scanning and service identification
• SSL/TLS certificate and configuration analysis
• DNS, email security, and web security header analysis
• Public data exposure assessment

THS will NOT perform:

• Internal network penetration testing
• Active exploitation of vulnerabilities
• Access to ePHI or patient data

4. ACKNOWLEDGMENTS

You understand and acknowledge:

• Assessment reports are for informational purposes only
• THS does not provide legal or compliance advice
• You must test all fixes before production deployment
• This is not a complete HIPAA Security Risk Assessment

Formal agreement will be sent via email after purchase.
Download blank form: Scan_Authorization.docx