Legal

Security Assessment Disclaimer

Last Updated: June 1, 2026

This Security Assessment Disclaimer applies to the architectural security audit and related security advisory services provided by Jexorium Network ("Jexorium Network," "the Company," "we," "us," or "our"), and to the reports, findings, and recommendations produced in the course of such engagements. It supplements our Terms and Conditions and our Professional Services Disclaimer; in the event of any conflict, the executed Statement of Work for the engagement controls. By commissioning or relying on a security assessment from us, the client acknowledges and accepts the statements below.

1. Nature of an Architectural Security Assessment

Our security assessments are design-level reviews performed by network architects. They examine the structure of a network: segmentation and trust boundaries, access paths and privilege flows, exposure of management planes, redundancy and failure domains, and the potential blast radius of a compromised component. Unless the Statement of Work expressly includes them, our assessments are not penetration tests, vulnerability scans, red-team exercises, source-code audits, or forensic investigations, and the absence of findings that only those methods can produce must not be read as evidence that no such issues exist. Findings and severity rankings represent the professional judgment of our consultants applied to the information available at the time.

2. Point-in-Time Validity

A security assessment describes an environment as it existed during the assessment window, evaluated against threats, techniques, and industry practices known at that time. Networks change after we leave: configurations drift, new services are attached, personnel and processes turn over, and new classes of vulnerability are discovered continuously. For these reasons, a report is valid as a snapshot only. We recommend re-assessment after any material architectural change and, in any case, at regular intervals appropriate to the criticality of the environment.

3. No Guarantee of Security

No methodology can identify every weakness, and no design can make a network immune to compromise. We do not warrant or guarantee that an assessed network is secure, that it cannot be breached, that all vulnerabilities or misconfigurations have been identified, or that implementing our recommendations will prevent any particular incident. Security is a continuing operational discipline, not a state that an assessment can confer.

4. Not a Certification or Legal Compliance Opinion

An assessment report is not a certification. Unless the Statement of Work expressly provides for a formal assessment under a specific framework performed by personnel qualified for that framework, our work does not certify compliance with, and must not be represented as certifying compliance with, any law, regulation, or standard — including, without limitation, PCI DSS, HIPAA, SOC 2, ISO/IEC 27001, or sector-specific telecommunications regulations. Where a report maps findings to recognized frameworks, the mapping is provided as technical orientation only. Determining legal or contractual compliance obligations, and whether they are met, is a matter for the client's own qualified legal, compliance, and audit advisers.

5. Dependence on Information Provided

Assessment conclusions depend materially on the accuracy and completeness of what we are given: topology documentation, configuration exports, telemetry, interviews, and access. Undisclosed segments, shadow infrastructure, undocumented changes, and inaccurate records fall outside what an assessment can evaluate, and our findings do not extend to them. Where sampling is used — reviewing representative devices, paths, or configurations rather than every instance — the Statement of Work describes the approach, and conclusions drawn from samples carry the limitations inherent in sampling.

6. Authorization

We perform security assessment work only with the written authorization of the client for systems the client owns or is authorized to have assessed. By commissioning an assessment, the client represents and warrants that it has full authority to grant us the access provided, including any consents required from third parties such as cloud providers, colocation operators, carriers, or affiliated entities, and that granting such access violates no law and no agreement with any third party. The client is responsible for any notifications to third parties or internal stakeholders that its policies or contracts require.

7. Operational Conduct and Residual Risk

Architectural assessments are designed to be non-disruptive: our default methods are documentation review, configuration analysis, interviews, and read-only observation. Where the Statement of Work includes any form of active verification, it is performed only within agreed maintenance windows, under agreed constraints, with rollback plans and an agreed emergency contact on both sides. The client acknowledges that even carefully conducted activity on production infrastructure carries residual operational risk, and that the schedule and access constraints it imposes may limit the depth of verification possible.

8. Findings, Severity, and Remediation

Severity rankings reflect our professional judgment of structural risk in the context of the assessed environment; the same finding may warrant a different ranking in a different environment, and reasonable professionals can differ. Decisions about whether, when, and how to remediate findings are the client's alone, as is the implementation of any remediation, unless remediation support is separately scoped. We are not responsible for consequences arising from findings that the client elects not to remediate, from remediation performed incorrectly by others, or from compensating controls the client chooses in place of recommended changes.

9. Report Confidentiality and Third-Party Reliance

Assessment reports are Confidential Information of the highest sensitivity: they describe, in one document, where an environment is weakest. Reports are prepared solely for the named client and the engagement purpose stated in the Statement of Work. They may not be provided to, quoted to, or relied upon by any third party — including customers, insurers, investors, or counterparties — without our prior written consent, and no third party acquires any rights or reliance interest in a report. The client agrees to store and transmit reports through channels with protection appropriate to their sensitivity, and we do the same, as described in our Privacy Policy and the engagement terms.

10. Relationship to Other Terms

The warranty disclaimers, limitation of liability, and indemnification provisions of our Terms and Conditions apply in full to security assessment services and to this Disclaimer. Nothing in this Disclaimer excludes liability that cannot be excluded under applicable law.

11. Changes to This Disclaimer

We may update this Security Assessment Disclaimer from time to time. The version in effect on the date a Statement of Work is executed applies to that engagement. The "Last Updated" date at the top of this page indicates the most recent revision.

Questions about this Disclaimer

Email inquiries@jexoriumnetworkconsultancy.com

Address 425 S Cherry St, Denver, CO 80246

Phone +1 (303) 765-4330