You are preparing for a penetration test of a multi-national company with offices in the US, EU, and Asia. The client has specified that physical security assessments are a part of the engagement. What is the FIRST step you must undertake to ensure compliance with scoping requirements?
Set a target list of physical locations to be tested without consulting with the client
Check local laws and regulations in each country regarding physical security testing
Conduct background checks on all team members who will perform the physical security assessments
Immediately start with physical intrusion attempts to test the real-time response of the security