When performing a penetration test for an organization, what aspect of the SLA would BEST ensure that the expectations for the performance of the security testing are clearly defined and understood by both the service provider and the client?
Stating the required qualifications of the penetration testers
Detailing the financial penalties for non-performance
Documenting the legal ramifications of a data breach
Setting clear metrics for service delivery
Providing an inventory of tools to be used in testing
Outlining the security frameworks to learn for compliance