[ ] All in-scope targets are listed with correct IPs/hostnames - [ ] Out-of-scope items are documented - [ ] Testing dates and windows match actual engagement - [ ] Methodology is clearly described - [ ] Limitations and constraints are documented - [ ] Tools used are listed (including version number