When performing a penetration test for an organization, what aspect of the SLA would BEST ensure that the expectations for the performance of the security testing are clearly defined and understood by both the service provider and the client?
Outlining the security frameworks to learn for compliance
Documenting the legal ramifications of a data breach
Setting clear metrics for service delivery
Stating the required qualifications of the penetration testers
Providing an inventory of tools to be used in testing
Detailing the financial penalties for non-performance