Based on specific requirements, an organization may choose to conduct any type of vulnerability assessment as discussed in the section earlier. However, it is important that the vulnerability assessment is approved and authorized by senior management. Though most of the professional vulnerability assessment is conducted in quite a controlled manner, there still remains the possibility of something becoming disruptive. In such a case, preapproved support from senior management is crucial.

An NDA is one of the most important documents that a VA tester has to sign before the test begins. This agreement ensures that the test results are handled with high confidentiality and the findings are disclosed only to authorized stakeholders. An organization's internal vulnerability assessment team might not require the signing of an NDA for each and every test, however, it is absolutely required for any test being conducted by an external team.