During your business meeting with the client (target organization), ensure that both you and the client understand the RoE prior to the actual penetration test. The RoE is simply a document created by the service provider (penetration tester) that outlines what types of penetration test are to be conducted, as well as some other specifics. These include the area of the network to be tested, as well as the targets on the network, such as servers, networking devices, and workstations. To put it simply, the RoE defines the manner in which the penetration test should be conducted and indicate any boundaries in relation to the target organization.

Ensure that you have obtained key contact information for the person within the target organization in the event that there is an emergency. As a penetration tester, there may be a crisis and you may need to contact someone for assistance, such as if you are conducting your tests after working hours within a building.

During a penetration test, if you discover any violations of human rights or illegal activities on targeted organization systems or networks, stop immediately and report it to the local authorities (the police). Should you discover a security breach in the network infrastructure, stop and report it to the person of authority within the organization and/or the local authorities. As a penetration tester, you need to have good morals and abide by the law; human rights and safety always come first, and all illegal activities are to be reported to the necessary authorities.