RoE documents are the single most important protection for both tester and client - They must cover authorization, scope, parameters, communication, emergencies, and data handling - "Get-out-of-jail-free" letters protect testers during physical assessments - Authorization must come from someone with