Penetration Testing Stop-Test Letter Template halt active testing without breaking the authorisation chain
A free, copy-ready penetration testing stop-test letter template. Twelve structured sections covering header and engagement references, parties and signing authority, the stop-test trigger, the scope of the halt (full or partial), the inventory of work performed up to the halt, immediate actions during the halt, the conditions under which testing may resume, the commercial impact, the schedule and deliverable impact, evidence handling and confidentiality during the halt, scheme references, and the authorisation pause statement and signatures. Pairs with the executed engagement letter and rules of engagement so the halt sits inside the existing authorisation chain rather than reopening it. Aligned with PTES, NIST SP 800-115, and the CREST Defensible Penetration Test specification.
Pause engagements on the same record they were authorised on
SecPortal stores the stop-test letter alongside the engagement letter, SOW, ROE, findings, evidence, and resume notice. One audit trail through the halt, the resume, and the eventual closure. Free plan available.
The letter opens with the engagement reference, the halt date and time, and the prior authorisation chain. The chain matters because the halt is a pause against an existing authorisation, not a fresh authorisation in itself. PTES and NIST SP 800-115 both treat halt events as part of the authorisation record; the references make that record traceable.
PENETRATION TESTING STOP-TEST LETTER
Engagement reference: {{ENGAGEMENT_REFERENCE}}
Stop-test letter reference: {{STOP_TEST_LETTER_REFERENCE}}
Effective halt date and time: {{HALT_DATE}} {{HALT_TIME}} ({{TIMEZONE}})
Letter execution date: {{EXECUTION_DATE}}
This letter halts active penetration testing under the engagement opened by:
- Engagement Letter reference: {{ENGAGEMENT_LETTER_REFERENCE}}, executed {{ENGAGEMENT_LETTER_DATE}}
- Statement of Work reference: {{SOW_REFERENCE}}, executed {{SOW_DATE}}
- Rules of Engagement reference: {{ROE_REFERENCE}}, executed {{ROE_DATE}}
- Master Services Agreement (where applicable): {{MSA_REFERENCE}}, executed {{MSA_DATE}}
The engagement letter remains in force. This letter pauses active testing, records the trigger and the resume conditions, and locks the inventory of work performed up to the halt. Any conflict between this letter and the SOW is resolved in favour of the SOW; this letter is to be read as a halt event under the existing authorisation rather than as a variation of it.
2. Parties and signing authority
Names the contracting client (the Authorising Party) and the testing firm (the Testing Party). The halt is signed by the same authority that opened the engagement, or a delegated equal, so the pause of authorisation is symmetric with how it was opened. Lower-level halts produce ambiguity that compounds when testing resumes.
Authorising Party (the Client):
- Legal entity: {{CLIENT_LEGAL_NAME}}
- Registered address: {{CLIENT_ADDRESS}}
- Authorising representative for the halt: {{CLIENT_AUTHORISING_NAME}}, {{CLIENT_AUTHORISING_TITLE}}
- Email: {{CLIENT_AUTHORISING_EMAIL}}
- Phone (out-of-band channel during the halt): {{CLIENT_AUTHORISING_PHONE}}
Testing Party (the Vendor):
- Legal entity: {{TESTING_FIRM_LEGAL_NAME}}
- Registered address: {{TESTING_FIRM_ADDRESS}}
- Engagement lead at halt: {{ENGAGEMENT_LEAD_NAME}}, {{ENGAGEMENT_LEAD_TITLE}}
- Email: {{ENGAGEMENT_LEAD_EMAIL}}
- Phone (out-of-band channel during the halt): {{ENGAGEMENT_LEAD_PHONE}}
The Authorising Party signatory below holds equivalent delegated authority to the signatory of the Engagement Letter referenced in Section 1. Where that signatory is unavailable, this letter is signed by their successor or a delegated equal whose authority covers the assets in scope. The Testing Party signatory below holds equivalent authority to the engagement lead named in the Engagement Letter, or is the engagement lead.
3. Stop-test trigger
Records why active testing has stopped. The trigger maps back to the rules of engagement where possible: a halt invoked under a stop condition recorded in the ROE is a discharge of an obligation already agreed, which is easier to defend than an ad-hoc halt. Trim the trigger options to the one that actually applies and capture the specific facts.
Stop-test trigger (delete those that do not apply):
- Production-impact stop: testing is suspected of contributing to or causing a production incident. Incident reference: {{INCIDENT_REFERENCE}}. Affected systems: {{AFFECTED_SYSTEMS}}. Severity at halt: {{INCIDENT_SEVERITY}}.
- Credential exposure stop: a credential supplied for authenticated testing has been exposed or is suspected exposed. Affected credential class: {{CREDENTIAL_CLASS}}. Compromise vector: {{COMPROMISE_VECTOR}}.
- Scope-out asset detected: an asset belonging to a third party, an unintended business unit, or a system outside the agreed scope has surfaced in active testing. Asset reference: {{SCOPE_OUT_ASSET_REFERENCE}}.
- Third-party permission gap: an asset in scope is hosted, managed, or owned by a third party for which the engagement does not hold a permission letter. Asset and third party: {{THIRD_PARTY_ASSET_REFERENCE}}.
- Regulator hold: a regulator, scheme authority, or compliance body has required a hold on the engagement. Notification reference: {{REGULATOR_NOTIFICATION_REFERENCE}}.
- Buyer-requested hold: the Authorising Party has requested a hold for an internal change window, board approval, audit overlap, or unrelated incident. Reason: {{BUYER_HOLD_REASON}}.
- Safety halt invoked under the Rules of Engagement: the engagement lead has invoked a stop condition recorded in the executed Rules of Engagement. Stop condition cited: {{ROE_STOP_CONDITION}}.
- Other (named): {{OTHER_TRIGGER}}.
Trigger evidence retained on the engagement record: {{TRIGGER_EVIDENCE_REFERENCE}}. Where the trigger references an open incident or a regulator notification, the underlying record is referenced rather than duplicated in this letter.
4. Scope of the halt
Whether the halt is full or partial. A full halt suspends all active testing across the engagement; a partial halt suspends testing against named assets while work continues elsewhere. Partial halts are common when only one asset is affected by the trigger; the discipline is naming the assets explicitly rather than letting a partial halt drift into a de facto full halt or vice versa.
Scope of the halt (delete the option that does not apply):
Option A: Full halt
All active testing under the Engagement Letter referenced in Section 1 is suspended from the effective halt date and time stated in Section 1. No further testing of any in-scope asset will occur until this letter is closed by a resume notice or by a closure letter.
Option B: Partial halt
Active testing is suspended against the assets named below from the effective halt date and time stated in Section 1. Testing against assets not named below continues under the Engagement Letter and the Rules of Engagement, subject to the existing authorisation chain.
Assets covered by the partial halt:
- {{HALTED_ASSET_1}}
- {{HALTED_ASSET_2}}
- {{HALTED_ASSET_3}}
Assets that remain in-scope and active:
- {{ACTIVE_ASSET_1}}
- {{ACTIVE_ASSET_2}}
- {{ACTIVE_ASSET_3}}
Where the partial halt depends on a network or environment boundary rather than a list of named assets, the boundary is described here:
{{HALT_BOUNDARY_DESCRIPTION}}
Activities that continue regardless of the halt option above: report drafting on findings already raised, evidence packaging on work already performed, retest preparation against findings already closed, and incident support to the Authorising Party where requested. None of these constitutes active testing.
5. Inventory of work performed up to the halt
Locks the position at the moment of the halt. The inventory is what the engagement record reflects at halt time: assets touched, tests run, findings raised so far, evidence captured. Capturing it in the letter prevents reconstruction disputes weeks later and gives the resume notice a clean reference point.
Work performed under the Engagement Letter up to the effective halt date in Section 1:
Assets actively tested up to the halt:
- {{ASSET_TESTED_1}}: {{TEST_PHASE}}, {{TEST_DEPTH}}
- {{ASSET_TESTED_2}}: {{TEST_PHASE}}, {{TEST_DEPTH}}
- {{ASSET_TESTED_3}}: {{TEST_PHASE}}, {{TEST_DEPTH}}
Tests run, by methodology category (PTES, NIST SP 800-115, OWASP WSTG, OWASP MASTG, OWASP ASVS):
{{TESTS_RUN_TO_HALT}}
Findings raised against the engagement record up to the halt:
- Critical: {{CRITICAL_COUNT_TO_HALT}}
- High: {{HIGH_COUNT_TO_HALT}}
- Medium: {{MEDIUM_COUNT_TO_HALT}}
- Low: {{LOW_COUNT_TO_HALT}}
- Informational: {{INFORMATIONAL_COUNT_TO_HALT}}
Evidence captured against the engagement record up to the halt: request and response captures, exploitation proofs of concept, screenshots, command output, payload references. Retained per the evidence and confidentiality terms of the SOW or MSA.
Tools and credentials in use at the halt: {{TOOLS_AND_CREDENTIALS_AT_HALT}}. The Testing Party confirms that authenticated sessions and stored credentials remain protected under the encryption controls referenced in the SOW or MSA throughout the halt.
6. Immediate actions during the halt
The actions each party will take while testing is paused. The Testing Party may continue incident support, evidence packaging, and report drafting; the Authorising Party may run incident response, rotate credentials, or open an internal investigation. Naming the actions prevents the halt becoming a void during which both sides assume the other is doing something.
Immediate actions by the Testing Party during the halt:
- Suspend all active testing as defined in Section 4.
- Preserve all evidence captured up to the halt on the engagement record.
- Make the engagement lead and the engagement team available for incident response support to the Authorising Party where requested.
- Retain all credentials and access tokens supplied for authenticated testing under the existing encryption controls; do not rotate, transfer, or share them.
- Escalate any new finding or observation that surfaces during the halt to the engagement lead rather than raising it as a fresh test result.
- Continue report drafting against findings raised before the halt, with a clear note that the engagement is paused.
- Confirm receipt of any resume notice or scope variation in writing within {{TESTING_PARTY_RESPONSE_HOURS}} business hours.
Immediate actions by the Authorising Party during the halt:
- Lead the response to the trigger event named in Section 3 (incident response, credential rotation, scope clarification, regulator coordination).
- Provide the Testing Party with periodic status updates on the trigger event at the cadence stated below.
- Notify the Testing Party in writing as soon as the conditions for resuming testing in Section 7 are met, or as soon as the engagement is to be varied or closed.
- Designate a single point of contact for halt-period communications: {{CLIENT_HALT_CONTACT_NAME}}, {{CLIENT_HALT_CONTACT_TITLE}}, {{CLIENT_HALT_CONTACT_EMAIL}}, {{CLIENT_HALT_CONTACT_PHONE}}.
Status update cadence during the halt: {{STATUS_CADENCE}} (typical default: written status update every two business days during the halt; daily where the halt is incident-driven and the incident remains open).
Out-of-band channel during the halt: phone numbers in Section 2 are the primary out-of-band channel. Workspace messages remain the system of record; phone calls are summarised back into the workspace within one business day.
7. Conditions for resuming testing
The concrete conditions that close the halt and authorise testing to restart. Naming them in advance prevents a tacit "when ready" understanding that drifts. The letter is closed by a written resume notice when the conditions are met; if they are not met, the engagement moves to closure or to a scope-change addendum rather than the halt extending indefinitely.
Testing under the Engagement Letter referenced in Section 1 may resume only when the conditions stated below are met. The conditions are cumulative: all stated conditions must be satisfied before resumption.
Trigger-specific conditions (delete those that do not apply):
For a production-impact stop:
- Incident {{INCIDENT_REFERENCE}} is closed by the Authorising Party, or the Authorising Party has confirmed in writing that the incident is unrelated to the testing.
- Any system change required by the incident response is in place and the asset list in scope is unchanged or has been varied through a separate scope-change addendum.
For a credential exposure stop:
- The Authorising Party has rotated the affected credentials and confirmed the rotation in writing.
- The Testing Party has confirmed receipt of the rotated credentials and that the prior credentials are no longer in storage.
For a scope-out asset stop:
- Scope clarification is in writing. Either the asset is excluded with the Rules of Engagement updated to record the exclusion, or the scope is varied through a scope-change addendum that authorises testing of the asset.
For a third-party permission stop:
- A third-party permission letter for the asset is on the engagement record, or the asset is excluded with the Rules of Engagement updated to record the exclusion.
For a regulator hold:
- The regulator has confirmed in writing that testing may resume, or the regulator condition has been satisfied with documented evidence.
For a buyer-requested hold:
- The Authorising Party has signed a written resume notice citing this stop-test letter.
For a safety halt under the Rules of Engagement:
- The stop condition cited in Section 3 is documented as resolved on the engagement record, and the engagement lead has confirmed in writing that the engagement may resume.
Resumption notice: when the conditions above are met, the Authorising Party signs a resume notice on the engagement record citing this stop-test letter. The resume notice records the date and time testing restarts and the assets that re-enter active testing.
Maximum halt duration before checkpoint: this letter is reviewed by both parties no later than {{HALT_CHECKPOINT_DATE}} (default ten business days from the halt date in Section 1). At the checkpoint the parties either confirm the halt continues, execute a resume notice, or move to a scope-change addendum or closure letter.
8. Commercial impact during the halt
The commercial position during the halt, recorded in the letter rather than left for later reconciliation. Treats time-and-materials engagements and fixed-price engagements explicitly. Disputes that surface weeks later almost always trace back to a halt where the commercial position was assumed rather than documented.
Commercial position during the halt (delete the options that do not apply):
For time-and-materials engagements:
- Active testing time does not accrue to the Authorising Party during the halt.
- Incident support time and report drafting time accrue at the rates stated in the SOW.
- Idle time of named team members is borne by the Testing Party for the first {{IDLE_TIME_GRACE_DAYS}} business days of the halt; thereafter idle time may accrue at a reduced rate of {{IDLE_TIME_RATE}} until the halt is closed.
For fixed-price engagements:
- The fixed price stated in the SOW remains the price for the engagement up to {{HALT_TOLERANCE_DAYS}} business days of halt time.
- A halt that extends beyond {{HALT_TOLERANCE_DAYS}} business days triggers a delay charge calculated at {{DELAY_CHARGE_BASIS}}, payable on the next invoice cycle.
- A halt that materially alters the schedule, asset list, or methodology re-opens the engagement to a scope-change addendum; the fixed price is varied under that addendum rather than under this letter.
Invoicing during the halt:
- Invoices for time accrued before the halt date in Section 1 are issued per the cadence in the SOW and are not deferred by the halt.
- Invoices for incident support, report drafting, and any chargeable idle time during the halt are issued separately, with line-item references back to this stop-test letter.
Reservation of rights: nothing in this section limits either party's rights under the SOW or MSA in respect of cause-based termination, force majeure, or material breach. The commercial terms above apply to a halt that closes by resume notice, scope-change addendum, or closure letter; a halt that becomes a termination event is governed by the SOW or MSA termination clauses.
9. Impact on testing window, schedule, and deliverables
How the halt moves the testing window, the reporting deadlines, and the deliverable dates. A halt that does not extend the schedule pushes the deliverables backward into the buyer's timeline; capturing the new dates avoids a second negotiation later. A halt that extends the schedule needs the new window stated explicitly so that retest authorisation in the eventual closure letter inherits the correct dates.
Testing window opened (per Engagement Letter): {{TESTING_START_DATE}} to {{TESTING_END_DATE}}
Active testing finished as of the halt date in Section 1.
Effect of the halt on the testing window (delete the option that does not apply):
Option A: Window extended by halt duration
The testing window end date moves to {{NEW_TESTING_END_DATE}}, which is the original end date plus the halt duration. The Engagement Letter remains otherwise unchanged.
Option B: Window unchanged
The testing window end date in the Engagement Letter remains in force. Testing under the resume notice runs only until the original end date. Where the halt makes the original end date unachievable for the agreed scope, the engagement varies through a scope-change addendum or closes through a closure letter.
Effect of the halt on reporting deadlines:
- Draft report deadline: {{DRAFT_REPORT_DEADLINE}}.
- Final report deadline: {{FINAL_REPORT_DEADLINE}}.
- Debrief meeting date: {{DEBRIEF_DATE}}.
- Other agreed deliverables: {{OTHER_DELIVERABLES}}.
Effect of the halt on retest scope: retest scope authorised under the Engagement Letter remains as stated in the SOW or in any prior scope-change addendum. The retest authorisation window in the eventual closure letter starts from the date of remediation closure rather than from the original engagement schedule.
Effect of the halt on scheme deadlines (where the engagement is run under CHECK, CREST OVS, CREST STAR, FedRAMP, DORA TLPT, MAS TRM TLPT, or TIBER-EU): scheme-specific reporting and notification deadlines override the deadlines above where the scheme requires it.
10. Evidence handling and confidentiality during the halt
Confirms that evidence preservation and confidentiality obligations remain in force throughout the halt. A halt is not a confidentiality reset: artefacts, credentials, and findings collected up to the halt remain protected under the SOW or MSA terms. The letter restates the position so the auditor can read the halt without cross-referencing the master agreement.
Evidence preservation during the halt:
- All evidence captured up to the halt is preserved on the engagement record under the existing data protection terms.
- No evidence is deleted, summarised, or transferred outside the engagement record without the written agreement of both parties.
- Findings raised before the halt remain on the engagement record as live findings; they are not back-dated, withdrawn, or downgraded by the halt itself.
Confidentiality during the halt:
- Confidentiality obligations under the SOW or MSA remain in force throughout the halt.
- Members of the engagement team named in the Engagement Letter retain access to the engagement record only as necessary to discharge the actions in Section 6.
- The Authorising Party may invite additional internal stakeholders (for example incident response leads, internal counsel, regulator-facing staff) to the engagement record on a need-to-know basis through the existing access control workflow.
Credentials and access during the halt:
- Credentials supplied for authenticated testing remain in encrypted storage under the controls referenced in the SOW or MSA.
- The Testing Party will not rotate, share, or use credentials during the halt except as required to support the actions in Section 6.
- The Authorising Party may rotate or revoke credentials at any point during the halt; rotation is recorded on the engagement record and the resume notice in Section 7 references the rotation.
Communications during the halt:
- The engagement workspace remains the system of record for communications between the parties.
- Out-of-band phone communications under Section 6 are summarised back into the workspace within one business day.
- The Authorising Party named contact in Section 6 controls the inbound communications channel during the halt.
11. Scheme and regulatory references (where applicable)
Where the engagement runs under a scheme (CHECK, CREST OVS, CREST STAR, FedRAMP, DORA TLPT, MAS TRM TLPT, TIBER-EU) the halt may carry a scheme-specific notification obligation. The letter cites the scheme and the obligation so the closure later inherits the correct notification record.
Scheme references applicable to this halt (delete those that do not apply):
- UK CHECK: the halt is recorded against the CHECK-scheme engagement; named CHECK Team Members per the engagement letter remain accredited and assigned during the halt.
- CREST Defensible Penetration Test: the halt is recorded against the CREST DPT engagement; named CREST Registered Testers per the engagement letter remain accredited and assigned.
- CREST OVS / STAR: scheme-specific halt language is carried from the SOW and ROE. Scheme-required artefacts (notifications, scheme reviewer updates) are produced where the halt duration crosses the scheme threshold.
- FedRAMP penetration testing: the halt is reported against the FedRAMP engagement record; sponsor agency notification follows the FedRAMP guidance where the halt crosses the notification threshold.
- DORA TLPT (financial entities subject to DORA): the halt is recorded under the threat-led penetration testing requirements of Regulation (EU) 2022/2554; tracker authorities are notified where required.
- MAS TRM TLPT (Singapore-regulated entities): the halt is recorded under the MAS TRM Notice expectations.
- TIBER-EU: the halt is recorded against the TIBER-EU engagement; the TIBER cyber team is notified per the framework where the halt crosses the framework threshold.
- Other regulator or scheme: {{OTHER_SCHEME_HALT_REFERENCE}}.
If no scheme applies to the engagement, this section reads: "Not applicable. The engagement is not run under a regulated scheme."
12. Authorisation pause statement and signatures
The clause that pauses the engagement letter authorisation, paired with the signatures that execute the halt. The pause is symmetrical with how the authorisation was opened: same authority on both sides. The letter is closed by a resume notice, by a scope-change addendum, or by a closure letter.
On the latest signature date below, active testing under the Engagement Letter referenced in Section 1 is paused as defined in Section 4 of this letter. The Engagement Letter remains in force. The pause continues until this letter is closed by:
- A written resume notice executed by the Authorising Party citing this letter and confirming that the conditions in Section 7 are met.
- A scope-change addendum executed by both parties varying the engagement, in which case this letter is referenced in the addendum as the trigger.
- A closure letter executed by both parties closing the engagement, in which case this letter is referenced in the closure letter as the trigger.
In the absence of one of the closing events above by the checkpoint date in Section 7, the parties will meet on or before that date to confirm the next step.
Signed for and on behalf of the Authorising Party (halt):
Name: {{CLIENT_AUTHORISING_NAME}}
Title: {{CLIENT_AUTHORISING_TITLE}}
Signature: ____________________________
Date: ________________________________
Signed for and on behalf of the Testing Party (halt):
Name: {{ENGAGEMENT_LEAD_NAME}}
Title: {{ENGAGEMENT_LEAD_TITLE}}
Signature: ____________________________
Date: ________________________________
This stop-test letter is effective on the latest of the two signature dates above, save that the halt date and time stated in Section 1 govern the moment from which active testing is paused. The engagement record opened under the Engagement Letter referenced in Section 1 is preserved in full throughout the halt.
How to use this template
Confirm the executed engagement letter, statement of work, and rules of engagement references are accurate. The stop-test letter is read against those documents; mismatched references break the audit chain through the halt.
Pick the trigger in Section 3 that actually applies and trim the rest. A halt cited under a stop condition recorded in the rules of engagement is easier to defend than an ad-hoc halt; capture the rules-of-engagement clause where you can.
Decide whether the halt is full or partial in Section 4. Partial halts need the asset list explicit; the most common drift is a partial halt that quietly becomes a full halt because the active assets were not named.
Capture the inventory in Section 5 at halt time, not at resume time. Counts and asset lists captured during the resume conversation are reconstructions; counts captured at halt are the audit-grade record.
State the resume conditions in Section 7 in concrete terms tied to the trigger. Avoid open-ended language such as "when both parties are comfortable to proceed"; name the artefact, the rotation, the regulator confirmation, or the resume notice that closes the halt.
Set the commercial position in Section 8 explicitly for the engagement type. Time-and-materials and fixed-price engagements have different halt economics; recording them now prevents reconciliation disputes weeks later.
Record the schedule effect in Section 9. A halt that does not extend the testing window pushes deliverables backwards into the buyer timeline; a halt that extends it changes the retest authorisation arithmetic in the eventual closure letter.
Trim Section 11 (scheme references) so only the schemes actually applicable to this engagement remain. Scheme halts may carry notification obligations that fall outside the parties to the letter.
Get the document signed by both sides on the same authority that signed the engagement letter, or by a delegated equal where the original signatory is unavailable. Lower-level signatures undermine the symmetry between opening and pausing the authorisation.
Store the signed stop-test letter alongside the engagement record so the chain (proposal, SOW, ROE, engagement letter, test plan, draft report, debrief deck, final report, retest evidence, attestation letter, closure letter) carries the halt event explicitly. The next testing rotation, scheme reviewer, or auditor reads the chain through the halt rather than around it.
Methodology and scheme references
PTES Section 2 (Pre-engagement Interactions) and Section 7 (Reporting) treat halt and resumption events as part of the authorisation chain. See the SecPortal PTES framework page for the operator-first walkthrough.
NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, planning and execution phases. See the SecPortal NIST SP 800-115 framework page.
CREST Defensible Penetration Test specification and CREST CHECK / OVS / STAR scheme documentation. See the CREST penetration testing framework page for the authorisation chain conventions cited in Section 11.
For research on how scope drift and disputed scope conditions interact with halts, the pentest scope creep research covers the patterns that most often drive a halt into a scope-change addendum rather than a clean resume.
Where the stop-test letter sits in the engagement
The full paper trail for a regulated penetration testing engagement runs RFP, proposal, SOW, ROE, engagement letter, test plan, kickoff, active testing (interrupted as needed by stop-test letters and resume notices), draft report, debrief deck, final report, retest evidence, attestation letter, and closure letter. The stop-test letter is the artefact that records a halt event during active testing without breaking the authorisation chain. It pairs with the executed rules of engagement (the document that lists the stop conditions in advance), the engagement letter (the authorisation that the halt pauses), and the scope change addendum (the artefact that varies the engagement when the halt resolves into a scope change rather than a clean resume).
For the resume workflow that reopens active testing once the halt conditions clear, see the resume a paused pentest use case (the partner artefact to this stop-test letter).
For the dispute mechanism when a halt is triggered by a disagreement over scope or finding handling, see the pentest finding dispute resolution workflow.
For the change-order pricing implications when a halt becomes a scope variation, see the pentest change order pricing guide.
This template is provided as a starting point for a penetration testing stop-test letter. It is not legal advice. Have the final letter reviewed by counsel and aligned with the master services agreement, statement of work, rules of engagement, and engagement letter that govern the broader relationship.