Terms of Use

1. Acceptance of these Terms

By accessing or using the Systems Risk Advisory website, you agree to these Terms of Use. If you do not agree, do not use the website.

These Terms apply to the website, website pages, articles, forms, downloadable resources, checklists, guides, toolkits, event materials, and other materials made available through the website unless a separate written agreement states otherwise.

Systems Risk Advisory may update these Terms from time to time. The updated version should be posted on this page with a revised last updated date. Continued use of the website after an update means the revised Terms apply to later website use.

2. Informational use only

The website provides general information about cybersecurity, physical security, OT/ICS and SCADA security, emergency planning, incident response planning, tabletop exercises, training, speaking, and critical infrastructure resilience.

Website content is not a substitute for professional judgment, site-specific assessment, engineering review, legal advice, regulatory advice, operational direction, incident command, emergency management direction, insurance advice, or procurement advice.

You are responsible for evaluating whether any information is appropriate for your organization, facilities, systems, personnel, legal obligations, operating environment, and risk tolerance.

3. No professional relationship from website use

Using the website, downloading a resource, submitting a form, sending an inquiry, or receiving a general response does not create a consulting relationship, engineering relationship, legal relationship, security advisory relationship, emergency response relationship, fiduciary relationship, or other professional relationship with Systems Risk Advisory.

A professional engagement begins only when Systems Risk Advisory and the client have agreed to written engagement terms, such as a proposal, statement of work, purchase order, consulting agreement, nondisclosure agreement, or other written authorization that defines the scope of work.

Website materials do not modify any signed agreement. If a signed agreement applies, that agreement controls the services, deliverables, confidentiality obligations, payment terms, and other engagement terms covered by that agreement.

4. No security, compliance, or operational guarantee

Systems Risk Advisory does not guarantee that website content, downloadable materials, checklists, examples, or general guidance will prevent cyber incidents, physical security incidents, operational disruptions, safety events, regulatory findings, legal claims, insurance disputes, or business losses.

Cybersecurity, physical security, emergency planning, OT/ICS security, SCADA security, and critical infrastructure resilience depend on site-specific conditions, leadership decisions, funding, staffing, vendors, system design, physical layout, operating practices, threat activity, and implementation quality.

No website page, checklist, guide, or toolkit can provide a complete assessment of your risk, compliance posture, facility security, cyber exposure, incident readiness, or operational resilience.

5. Not an emergency or incident reporting channel

The website, contact form, email inquiry process, resource download process, and general business contact channels are not emergency channels and are not monitored as incident response lines.

If you are experiencing an emergency, active cyber incident, safety issue, physical security issue, operational disruption, hazardous condition, public health concern, or law enforcement matter, follow your internal procedures and contact the proper emergency, operational, legal, insurance, law enforcement, regulatory, vendor, and incident response resources.

Do not rely on the website or a website form for urgent response, incident containment, public notification, emergency management, or safety decisions.

6. Do not submit sensitive security information through the website

Do not submit passwords, credentials, network diagrams, firewall rules, vulnerability details, exploit information, incident evidence, sensitive operational information, facility security weaknesses, law enforcement-sensitive information, protected critical infrastructure information, regulated data, or other sensitive security details through the website contact form or a general inquiry form.

Use website forms only to request contact and describe the general nature of your need. Detailed security information should be shared only through an approved channel and only after appropriate scope, authorization, and handling expectations are established.

Systems Risk Advisory may delete or decline to process sensitive material submitted through an unsuitable channel, subject to legal, contractual, operational, and recordkeeping needs.

7. Website forms and user submissions

When you submit information through the website, you represent that you have the right and authority to submit that information and that the information is accurate to the best of your knowledge.

You should not submit information that violates law, contract, confidentiality obligations, public records restrictions, export control obligations, data protection duties, personnel rules, security policies, or other obligations that apply to you or your organization.

You grant Systems Risk Advisory permission to use your submission to respond to your inquiry, evaluate service fit, prepare a proposal, provide requested resources, maintain business records, protect systems, and perform related business functions consistent with the Privacy Policy and applicable written agreements.

8. Downloadable resources, checklists, and tools

Systems Risk Advisory may provide downloadable resources, checklists, guides, worksheets, toolkits, briefing materials, templates, and similar materials. These resources are provided for general planning and educational use unless a written agreement states otherwise.

You may use downloaded materials internally within your organization for ordinary business, planning, training, assessment preparation, or discussion purposes. You may not resell, repackage, publish, sublicense, remove attribution from, or represent Systems Risk Advisory materials as your own without written permission.

Downloads may need to be adapted to your organization, sector, authority, procedures, systems, facilities, staffing, and legal obligations. Use of a template or checklist does not mean your organization is secure, compliant, ready, or protected from loss.

9. Intellectual property

The website and its content are owned by Systems Risk Advisory, LLC or used with permission. This includes text, page structure, service descriptions, resource descriptions, guides, checklists, downloads, graphics, logos, trade names, trademarks, and other website materials.

Systems Risk Advisory, the Systems Risk Advisory name, the SRA shield logo, and related branding are the property of Systems Risk Advisory, LLC. 15-Minute Cybersecurity Fixes is a trademark of Systems Risk Advisory, LLC. Other trademarks, service marks, product names, company names, agency names, and organization names are the property of their respective owners.

You may not copy, modify, publish, distribute, sell, license, scrape, or reuse website content for commercial purposes without written permission, except for limited fair use, internal review, procurement evaluation, citation, or other uses allowed by law.

10. Prohibited uses

You may not use the website to attack, probe, scan, disrupt, overload, scrape, reverse engineer, bypass controls, test security without authorization, transmit malware, submit false information, impersonate another person, violate law, violate third-party rights, or interfere with website operations.

You may not use website materials to plan, support, conceal, or carry out unauthorized cyber activity, physical intrusion, sabotage, fraud, social engineering, harassment, misuse of critical infrastructure systems, or other harmful activity.

Systems Risk Advisory may restrict access, block traffic, delete submissions, preserve records, cooperate with service providers, or take other reasonable steps if website misuse is suspected.

11. Third-party links and references

The website may link to third-party websites, government resources, association resources, event pages, book retailers, professional profiles, tools, publications, vendors, or other external resources. These links are provided for convenience and context.

Systems Risk Advisory does not control third-party websites and is not responsible for their content, security, privacy practices, availability, accuracy, or terms. Review the terms and privacy policy for any third-party site or service you use.

References to third-party organizations, standards, frameworks, tools, products, vendors, or agencies do not imply endorsement unless explicitly stated.

12. Availability and accuracy

Systems Risk Advisory works to keep website content useful and current, but website information may contain errors, omissions, outdated references, broken links, formatting issues, or incomplete details.

Systems Risk Advisory may change, remove, suspend, or update website content, downloads, forms, or pages at any time without notice.

The website is provided on an as available basis. Systems Risk Advisory does not guarantee that the website will be uninterrupted, error-free, secure, free from harmful components, or available at any particular time.

13. Limitation of liability

To the maximum extent allowed by law, Systems Risk Advisory, LLC and its owners, principals, personnel, advisors, specialists, contractors, service providers, and representatives are not liable for damages arising from or related to website use, reliance on website content, inability to use the website, downloads, third-party links, user submissions, or unauthorized access to information submitted through unsuitable channels.

This limitation applies to direct, indirect, incidental, consequential, special, exemplary, punitive, lost profit, lost revenue, lost data, business interruption, operational disruption, security incident, or other damages, whether based on contract, tort, negligence, strict liability, statute, or any other theory, unless the limitation is not allowed by applicable law.

Some jurisdictions do not allow certain limitations of liability. In those cases, the limitation applies only to the extent allowed by law.

14. Indemnification

You agree to hold harmless Systems Risk Advisory, LLC and its owners, principals, personnel, advisors, specialists, contractors, service providers, and representatives from claims, losses, liabilities, damages, costs, and expenses arising from your misuse of the website, violation of these Terms, violation of law, violation of third-party rights, or unauthorized submission of information.

This section does not alter any separate written agreement signed by Systems Risk Advisory and a client. If a separate written agreement applies, that agreement controls the indemnity obligations covered by that agreement.

15. Governing law and disputes

These Terms are intended to be governed by the laws of the State of Washington, without regard to conflict of law rules, unless a written agreement provides otherwise or applicable law requires a different result.

Any dispute related to website use should first be addressed by contacting Systems Risk Advisory so the issue can be reviewed. Formal dispute procedures, venue, forum, remedies, and other legal requirements may vary depending on applicable law and any separate written agreement.

This section should be reviewed by legal counsel before publication to confirm that it fits Systems Risk Advisory business practices, client types, and applicable jurisdictional requirements.

16. Relationship to Privacy Policy

The Systems Risk Advisory Privacy Policy explains how information submitted through the website may be collected, used, shared, protected, and retained. The Privacy Policy is incorporated by reference into these Terms.

If you submit information through the website, review both these Terms and the Privacy Policy.

17. Contact

For questions about these Terms, contact Systems Risk Advisory at kowens@systemsriskadvisory.com.

Systems Risk Advisory is based in Washington State and serves clients nationally, with onsite and remote support available depending on scope.