Reviewing contracts with the client prior to a penetration test is recommended but not required, since the rules of engagement can be communicated verbally.
It is essential to review contracts and have a clear, written statement of work (SOW) before starting a penetration test. This is to ensure that the scope, rules of engagement, and expectations are formally documented and agreed upon, mitigating misunderstandings and legal risks. Relying solely on verbal communication is insufficient and can lead to noncompliance with professional and legal standards.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to have a written statement of work (SOW) for a penetration test?
What are the potential consequences of relying on verbal agreements for penetration testing?
What components should be included in a contract for a penetration test?