Certain precautions must be taken before the service is provided with the client (generally during the first framing meeting) to avoid violating certain regulations and laws.
| Precautionary measures |
|---|
| 1. Create and sign a consent form with the client, this form must at least contain this information: name of the client, name of the audit service provider, name of all stakeholders, authorized scope, date, signature of the stakeholders |
| 2. The tests will be carried out mainly within the scope defined by the consent form. |
| 3. Avoid running commands deemed aggressive on customer equipment (example: nmap -A -p- which crashes a Windows XP machine, or old industrial equipment) |
| 4. It is prohibited to access, disclose, or use the customer's personal data without his or her consent. |
| 5. It is prohibited to intercept electronic communications without the customer's consent (example: an undefined wifi network in the perimeter) |
| 6. It is prohibited to carry out tests on sensitive equipment covered by law without appropriate authorizations and without the consent of the customer (example: server hosting health data) |