[Insert Your Organization Logo]
Memorandum for File
Subject: Vulnerability Assessment and Penetration Testing Authorization
To properly secure this
organization's information technology assets, the information security team is required to assess our security stance periodically by conducting vulnerability assessments and penetration testing. These
activities involve scanning our desktops, laptops, servers, network elements, and other computer systems owned by this organization on a regular, periodic basis to discover vulnerabilities present on these
systems. Only with knowledge of these vulnerabilities can our organization apply security fixes or other compensating controls to improve the security of our environment.
The purpose of this memo is to grant
authorization to specific members of our information security team to conduct vulnerability assessments and penetration tests against this organization's assets. To that end, the undersigned attests to the
1) [Insert name of tester], [Insert name of tester], and [Insert name of tester] have permission to scan the organization's computer equipment to find vulnerabilities. This permission is granted for
from [insert start date] until [insert end date].
2) [Insert name of approver] has the authority to grant this permission for testing the organization's Information Technology assets.
[Insert additional permissions and/or restrictions if appropriate.]
Signature: ___________________________ Signature: ___________________________
Date: __________________________ Date: __________________________