1. Emergency Response Procedures: Procedures for handling critical vulnerabilities discovered during assessment - include when client requires immediate notification of critical findings

2. Industry-Specific Compliance: Additional provisions for specific industry regulations (e.g., financial services, healthcare) - include when client operates in regulated industry

3. Cross-Border Data Transfers: Provisions for handling international data transfers - include when assessment involves multiple jurisdictions

4. Subcontractor Requirements: Terms governing the use of subcontractors - include when service provider plans to use third-party specialists

5. Insurance Requirements: Specific insurance coverage requirements - include when client requires particular insurance levels

6. Post-Assessment Support: Terms for additional support after assessment completion - include when ongoing support is needed

7. Training and Knowledge Transfer: Provisions for training client staff on findings - include when knowledge transfer is part of scope

1. Schedule A - Assessment Scope and Methodology: Detailed technical scope, systems covered, and assessment methodology

2. Schedule B - Service Level Agreement: Specific performance metrics, timelines, and service levels

3. Schedule C - Fee Schedule: Detailed pricing, payment structure, and any variable costs

4. Schedule D - Security and Confidentiality Requirements: Specific security measures and confidentiality protocols

5. Schedule E - Data Processing Agreement: GDPR-compliant data processing terms and conditions

6. Schedule F - Contact Matrix: Key contacts and escalation procedures for both parties

7. Appendix 1 - Technical Requirements: Technical specifications and requirements for the assessment

8. Appendix 2 - Report Templates: Standard formats for assessment reports and findings

9. Appendix 3 - Incident Response Protocol: Procedures for handling security incidents during assessment