~2-page information security policy template on 'pentesting'.
Provided it is duly authorized and conducted competently, testing the security of a computer network, system, device etc. by attempting to compromise the defences can increase assurance regarding the effectiveness of the security controls, and lead to security improvements. However, incompetent penetration testing can be misleading and risky while unauthorized penetration testing is essentially hacking.
This policy specifies the governance, management, authorization and monitoring arrangements to maximize the business value and minimize the information risks associated with penetration testing.
Delivered as an editable MS Word document, easily customized for your organization's particular circumstances, information risks and security policy requirements.
Penetration testing policy
Information security policy template on penetration testing
See also the policies on: