Reviewing contracts with the client prior to a penetration test is recommended but not required, since the rules of engagement can be communicated verbally.
It is essential to review contracts and have a clear, written statement of work (SOW) before starting a penetration test. This is to ensure that the scope, rules of engagement, and expectations are formally documented and agreed upon, mitigating misunderstandings and legal risks. Relying solely on verbal communication is insufficient and can lead to noncompliance with professional and legal standards.