eWeek has a decent RFP template you can use when selecting a company to provide PenTest services. It’s not perfect but it is a great start if you have nothing. The RFP is on page 44 of the July9th issue.
If you happen to be looking for those services check out NMI InfoSecurity Solutions. They produce the best reports I have ever seen from a security services company. They also have a risk metric system (RSK) that makes it easy to track changes in your security risk level.
**Disclaimer** Yes, I used to work for NMI and no I did not receive compensation for this plug 
–Chris
Leave a Reply