3-page generic information security policy about pentesting.
Provided it is duly authorized and conducted competently, testing the security of a computer network, system or device by attempting to penetrate the defenses can increase assurance regarding the effectiveness of the security controls. However, incompetent penetration testing can be misleading and risky while unauthorized penetration testing is essentially hacking.
This generic policy specifies the governance, management, authorization and monitoring arrangements to maximize the business value and minimize the information risks associated with penetration testing.
Delivered as an editable MS Word document, easily customized for your organization's particular circumstances, information risks and security policy requirements.
Penetration testing policy
Template policy on pentesting
See also the policies on: