Trust center

How NorthFirn scopes technical work

Plain-language boundaries for assessments, implementation, recovery testing, evidence, automation, and third-party systems.

Scope and authorization

Each engagement names the systems, locations, products, data, changes, test methods, evidence, timing, and people included. NorthFirn relies on authorized access and information supplied by the client. Production changes and disruptive tests require explicit approval and an agreed change plan.

The client keeps control of its accounts

NorthFirn does not need a permanent copy of ordinary client passwords. The engagement defines who operates each console, how temporary access is granted, what actions require approval, and how access is removed after the work.

What a test result means

A recovery result applies to the selected backup set, system, date, method, destination, validation checks, and conditions recorded in the report. Untested systems, hidden dependencies, later changes, vendor outages, and future incidents remain outside that observation.

Systems still need owners

The client remains responsible for business decisions, licensing, staff access, required approvals, safe operating windows, and information about its environment. Open findings need a named owner and a follow-up date.

Insurance, legal, audit, and compliance decisions

NorthFirn provides technical findings and dated evidence. Unless separately licensed and engaged, NorthFirn does not provide legal or insurance advice, interpret policy coverage, issue an audit opinion, or certify compliance. Clients approve their own statements to carriers, brokers, auditors, regulators, and other third parties.

Third-party products and services

Cloud platforms, carriers, software vendors, storage providers, identity systems, and other client suppliers remain responsible for their own products and availability. NorthFirn can document a dependency or help manage a vendor issue within scope.

Ongoing monitoring and emergency response

Recovery systems change after delivery. Recurring monitoring, testing, remediation, incident response, and after-hours support are included only when the service agreement says so. Ordinary contact or project work does not create 24/7 emergency coverage.