Resume a paused pentest
without breaking the authorisation chain

A test action took an in-scope service offline, slowed a critical path, or surfaced an availability concern that the client could not absorb during business hours. The halt protects the client environment while the incident is contained and root-caused. Resume waits for the post-mortem to close, the corrective actions on the test side to land (rate caps, blast-radius limits, off-hours scheduling), and the client to confirm the environment is healthy.

A test discovered a live credential, an API key, or sensitive customer data in an unexpected location and the engagement needs to pause until the credential rotates and the replay window expires. Resume waits for the credential rotation to complete, the rotation to be verified across dependent systems, and the team to record the discovery against the engagement so the post-resume report carries the chain of custody for the exposure.

The client raises a question about whether a target, a test technique, or a finding sits inside the executed scope. The halt stops new test actions while the dispute is settled in writing. Resume waits for the scope reconciliation to complete (an addendum to the rules of engagement, an updated target list, or an explicit out-of-scope reclassification with residual visibility) so testing reopens on a scope both parties have signed.

A regulator pauses testing pending an investigation, a legal hold is raised against an asset under test, or a third-party processor invokes a freeze clause. Resume waits for the regulatory or legal authority to lift the hold in writing and for the engagement record to capture the case reference, the lift authority, and the conditions imposed (if any) on the renewed authorisation.

The target environment is unstable for reasons unrelated to testing (incident in production, planned change-window collision, data centre maintenance, vendor migration), or a planned change inside the test window means findings would not reflect the post-change state. Resume waits for the environment to stabilise or for the change to land and bake; testing then runs against the post-change state with the scope reconciled if the change altered surface area.

The client SME, the engagement lead, or a named approver becomes unavailable during the test window because of illness, role change, or organisational restructuring. The halt protects the engagement from running ahead of the people whose decisions it depends on. Resume waits for a replacement to be named and onboarded against the engagement, or for the original approver to return, with the resume notice naming who carries each role through to closure.

The engagement lead emails the client "we are good to resume Monday" and the client replies "okay". The resume reference becomes that email thread. Six months later an audit asks who authorised the resume, on what basis, and against which scope. Reconstructing the answer from email always reads weaker than a document on the engagement record. The fix is making the resume notice a deliberate counterpart to the stop-test letter, sitting on the same record.

The stop-test letter named six resume conditions. The resume notice claims they are all met. The audit later finds that the credential rotation actually completed only on the user-facing system and not on the upstream identity provider, or the post-mortem signed off on three of four corrective actions. The fix is walking the resume conditions line by line, recording the verification evidence, and refusing to issue the resume notice until each condition is closed against evidence.

The engagement resumes; nobody captures what was already tested before the halt; testing redoes work that had already produced clean evidence; the report at closure cannot reconstruct which findings predated the halt and which came after. The fix is the partial-scope reconciliation step. The inventory of work performed up to the halt becomes the baseline; the resume notice names what stays, what re-tests, and what falls out of scope. The reconciliation is contemporaneous, not retrospective.

The original deliverable date sits on the engagement letter. The pause has cost a week. The resume notice names a new resume date but says nothing about the deliverable date, the retest window, or the closure date. At closure the client expects the original date; the engagement lead expects the original-plus-pause date; the conversation is awkward and the engagement letter looks broken. The fix is the schedule recalculation step happening explicitly in the resume notice rather than getting reconstructed at closure.

The findings opened before the halt sit in one folder; the findings opened after the resume sit in another, sometimes on a separate workspace because the engagement lead opened a fresh project rather than continuing the original. The reports diverge; the deduplication is manual; the audit trail forks. The fix is keeping the engagement on the same record from open through halt through resume through closure, with the activity log capturing the halt and resume events as state transitions on the engagement rather than as workspace changes.

The eventual deliverable reads as if testing ran straight through. There is no mention in the methodology section that the engagement halted, why, for how long, or under what conditions it resumed. The report cannot defend its timeline if the client procurement team or a future auditor reads it back. The fix is naming the halt and resume as engagement events in the report methodology, with the dates, the trigger, and the resolved conditions captured concisely so the timeline is reconstructable from the report alone.

The resume notice opens with the stop-test letter document ID, the date it was issued, and the parties who signed it. The reference makes the resume notice an explicit counterpart to the halt rather than a standalone authorisation, which is what keeps the chain reading as halt then resume as one continuous event.

The resume notice restates the halt trigger from the stop-test letter and names the evidence that demonstrates the trigger has cleared: the post-mortem signature page, the credential rotation confirmation, the scope reconciliation addendum, the regulatory lift letter. Each named resume condition has the evidence reference next to it, not as a claim but as a pointer the audit can verify.

The resume notice names the scope that the engagement will execute against from the resume date forward. Where the original scope changes (something drops out, something gets added, a target is replaced), the change references the rules of engagement update or scope addendum that authorises it. The resumed engagement runs against a scope both sides have signed, not against an interpretation of what the original scope still covered.

The resume notice names the date active testing reopens, the revised estimated end date, and the elapsed days lost to the halt. The dates feed the deliverable timeline and the retest window in the engagement letter; the revised end date is the figure both parties refer to from the resume forward, and the original date is preserved for audit lineage.

The resume notice names how the lost days are absorbed: extension of the engagement end date by the equivalent number of working days, scope trim to absorb the time inside the original window, deliverable date push by the same delta, or a combination. The retest window referenced in the engagement letter shifts to track the new closure date so the post-engagement support clock does not start while testing is still in progress.

The stop-test letter contains an authorisation pause statement that suspends active testing under the engagement letter. The resume notice contains the corresponding reactivation statement that reopens active testing under the same engagement letter, with the conditions met. The reversal is explicit so neither side has to interpret whether the original authorisation still applies.

The resume notice is signed by the same parties who signed the original engagement letter and the stop-test letter, or by named delegates with signing authority documented against the engagement. A resume notice signed by a different authority than the halt is the most common cause of post-engagement disputes about whether the resumed work was actually authorised.

The resume notice carries forward the communication cadence, the evidence handling rules, and the confidentiality conditions from the engagement letter and rules of engagement. Where the halt added conditions (extra notification on production-impact tests, narrower test windows, mandatory pre-test approvals), those conditions are restated so they survive into the resumed work rather than getting forgotten in the relief of restarting.

Resume depends on pentest project management holding the original authorisation, the rules of engagement, and the schedule. Where the halt was triggered by a scope dispute, finding dispute resolution sits adjacent because the dispute settlement is one of the resume conditions. Status reporting keeps the client informed during the pause itself.

Resume feeds evidence management because evidence captured pre-halt has to carry forward intact, and retesting because the retest window in the engagement letter shifts to track the new closure date. The eventual report version captured through report version control names the halt and the resume in the methodology so the timeline is reconstructable from the report alone.

Each resume condition named in the stop-test letter has evidence captured against it on the engagement record. The resume notice references the evidence, not just the condition. The audit can verify the resume rather than reconstruct it.

The engagement record reads as one timeline: opened, in test, halted on date X, resumed on date Y, closed on date Z. Findings, evidence, deliverables, and reports stay on the same record through the pause rather than forking into a parallel workspace.

The revised end date, deliverable date, and retest window land on the resume notice rather than as a closure-time discovery. Both sides reference the same dates from resume forward; the original dates live on for audit lineage.

The methodology section names the halt and the resume as engagement events. A future reader of the report can reconstruct the pause without needing to ask the engagement lead. The deliverable defends its own timeline.