# Pre-Engagement

For the pre-engagement process is necessary to stipulate the parameters, commitments, tasks, scope, limitations, and related agreements documented in writing. 

<figure><img src="https://1571945027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtgxeteB8N7iEoJU7WZh6%2Fuploads%2FNVaCMjdikyLK6mJntnbv%2Fimage.png?alt=media&#x26;token=0f8c0240-55ac-493d-8cb5-ebdd7cadbd01" alt="" width="375"><figcaption></figcaption></figure>

Some of the usual documents we found for this purpose, and that are defined in the pre-engagement meeting and kick-off meeting, are the following:

* **NDA (Non-Disclosure Agreement):** Specifies the boundaries of confidentiality and permissions to share the information received with third parties. Could be unilateral, bilateral, or multilateral
* **Scoping Questionnaire:** Defines the services we are going to provide to the client. In this, we ask specifically for details about the procedures and written results of the testing
* **Scoping Document:** Summarize the information from the Scoping Questionnaire
* **SoW:** Scope of Work or Penetration Testing Proposal, usually the contract that specifies the actions and scope of the assessment
* **RoE:** Rules of Engagement, a document that is created at the initial stages of a penetration testing engagement. This document consists of three main sections:
  * ***Permissions:*** Give explicit and legal permission for the engagement to be carried out
  * ***Test Scope:*** Annotate specific targets of a network to which the engagement should apply
  * ***Rules:*** Define exactly the techniques that are permitted during the engagement
* **Contractors' Agreement:** Used in physical and social engineering testing to justify our actions
* **Reports:** Summarize all the information after doing the pentest.