I write professional penetration testing Scope of Work and Rules of Engagement (RoE) documents — the legal and operational foundation that every responsible pentest engagement requires, protecting both the organization authorizing the test and the tester performing it.
Document contents: Scope of Work (services to be tested, test methodology overview, deliverables definition); Rules of Engagement (in-scope targets, out-of-scope systems, testing hours and blackout windows, permitted and prohibited techniques); Authorization Statement (explicit written authorization for testing); Emergency Contact Procedure (what happens if a critical system is impacted); Data Handling section (how findings are stored and shared); and Legal/Liability framing.
Premium documents include NDA template, multi-party versions (client/tester/third-party hosting provider), and compliance framework framing (PCI-DSS ROE requirements, HIPAA testing considerations).
Common use cases: scoping a pentest with an external firm; formalizing an internal red team engagement; providing authorization documentation to a Fiverr or freelance pentester; and creating audit evidence of authorized testing. Share the test type, target description, timeline, and parties involved.