When performing a penetration test for an organization, what aspect of the SLA would BEST ensure that the expectations for the performance of the security testing are clearly defined and understood by both the service provider and the client?
Detailing the financial penalties for non-performance
Setting clear metrics for service delivery
Outlining the security frameworks to learn for compliance
Stating the required qualifications of the penetration testers
Providing an inventory of tools to be used in testing
Documenting the legal ramifications of a data breach