A Rules of Engagement contract should have these components
- Introduction
- Contractor
- Penetration Testers
- Contact Information
- Purpose
- Goals
- Scope
- Lines of Communication
- Estimated Time
- Testing Type
- Methodologies
- Objectives
- Evidence Handling
- System Backups
- Information Handling
- Incident Handling/Reporting
- Status Meetings
- Reporting
- Retesting
- Disclaimers and Limitations of Liability
- Permission to Test