[Insert Your Organization Logo]
Memorandum for File
Subject: Vulnerability Assessment and Penetration Testing Authorization
To properly secure this organization’s information technology assets, the information security team is required to assess our security stance periodically by conducting vulnerability assessments and penetration testing. These activities involve scanning our desktops, laptops, servers, network elements, and other computer systems owned by this organization on a regular, periodic basis to discover vulnerabilities present on these systems. Only with knowledge of these vulnerabilities can our organization apply security fixes or other compensating controls to improve the security of our environment.
The purpose of this memo is to grant authorization to specific members of our information security team to conduct vulnerability assessments and penetration tests against this organization’s assets. To that end, the undersigned attests to the following:
1) [Insert name of tester], [Insert name of tester], and [Insert name of tester] have permission to scan the organization’s computer equipment to find vulnerabilities. This permission is granted for from [insert start date] until [insert end date].
2) [Insert name of approver] has the authority to grant this permission for testing the organization’s Information Technology assets.
[Insert additional permissions and/or restrictions if appropriate.]
Signature: ___________________________ Signature: ___________________________
[Name of Approver] [Name of Test Team Lead]
[Title of Approver] [Title of Test Team Lead]
Date: __________________________ Date: __________________________