Penetration testing quality policy

## Overview Volkis prides itself in performing skilled, accurate, secure penetration testing with effective client communication and reporting. Achieving these outcomes requires the support of training, procedures, practices, systems, and processes. This Quality Policy provides the actions that Volkis mandates to provide this support and ensure these outcomes for our clients. ## Skilled testing @. Testers @. ## Accurate testing @. The scope of testing must be followed. No actions that may adversely affect ## Secure testing @. Tools used in testing must be investigated to ensure they are free from malware, trojans, and undesirable functions. @. Testers should take appropriate steps to limit availability risks in testing. ## Effective communication @. The tester may ## Effective reporting @. The format and presentation of the report should be chosen as per best judgement of the tester and in accordance to client requirements. The results could be presented in, for example, a PDF, word document, a spreadsheet, direct @. All reports must be reviewed prior to release according to the quality control process. @. Either the Volkis or client's risk assessment matrix may be used as appropriate. @. Risk assessments must be accurately assigned and must not be overstated or understated. @. Risk assessment inputs must be based on professional judgement and must take context into account. @. The likelihood and impact ratings should not be changed due to client requests, unless the client provides new information that changes the professional judgement of the tester.