Assessment Scoping Questionnaire

SOClogix > Assessment Scoping Questionnaire
Please enable JavaScript in your browser to complete this form.

Scoping Questionnaire

Please fill out this questionnaire so that SOClogix can better understand the type of assessment that you are requesting and the size and scope of the assessment.

Please answer the questions as accurately as possible as any incomplete or missing information may result in the delay of service or an under-scoped or over-scoped assessment.

Not all questions will be applicable to each assessment. Please ignore or input 'N/A' to any questions that do not require an answer.

Completing and submitting this form is not an authorization for SOClogix to conduct the assessment. This questionnaire is part of our pre-engagement process.

If you have any other questions or need assistance with this form please contact

Thank you,
SOClogix Team

Customer Type
Select 'Reseller / Partner' if the scope of work is for a customer of your company; otherwise, select 'Direct Customer' if your company or organization is the end customer.

Company and Contact Information

Enter the following contact information for the company/organization requesting a Vulnerability Scan and/or Penetration Test.

If you are a Reseller or Partner, the Contact Person can be someone from your company rather than the client whom this assessment is for.

Contact Person
Assessment Address:

Previous History

Please input historical information regarding the below.

Assessment Details

Assessment Type
Check all that apply.

Internal Penetration Test - A controlled and authorized simulation of a cyberattack carried out within an organization's network and systems to identify vulnerabilities that could be exploited by malicious actors from within the organization.

Internal Vulnerability Assessment - The process of systematically scanning and evaluating an organization's internal network, systems, and applications to identify potential security weaknesses and vulnerabilities that could be exploited by attackers.

External Penetration Test & Vulnerability Assessment - Involves testing an organization's external-facing systems and applications to identify weaknesses and vulnerabilities that could be exploited by external attackers, often simulating real-world cyberattacks from outside the organization.
Scan Times
When should active portions (scanning, enumeration, exploitation, etc.) of the penetration test be conducted? (check all that apply) Please note that devices need to be powered on and connected to the network in order to be included in the assessment.

Assessment Frequency
Please select the desired frequency for the assessment(s).
If more than one assessment type has been selected, please select Other and specify the individual frequencies if necessary.
Compliance Requirements:
Is the penetration test required for a specific compliance requirement (HIPAA, FINRA, PIC, etc.)?

General Network Information

Approximately how many onsite devices are on the network? This number includes desktops, laptops, servers, printers, network devices, VOIP phones, and IoT devices (thermostats, POS systems, Ring doorbells, etc.).
Approximately how many onsite devices are part of the organization but not at any office or network location? This number includes desktops, laptops, servers, printers, network devices, VOIP phones, and IoT devices (thermostats, POS systems, Ring doorbells, etc.).
Server Technology:
What server technologies does the organization use?
What database technologies does the organization use?

Final Information

Please indicate any rules or limitations to the assessment(s).
Please indicate any expectations there are for the assessment(s).
Please provide any additional comments there may be regarding the scope of the assessment(s).

Access and Credentials

If necessary, please provide credentials to SOClogix via appropriate and secure channels.

Notification and Authorization

Have all relevant stakeholders and/or personnel been informed and authorized the assessment?

Cloud Server Penetration Testing

Amazon, Microsoft, and Google do not require notification before conducting penetration testing of servers hosted in their cloud environments.

The following sources are references regarding the Penetration Testing of cloud-based environments and are listed here for the benefit of the Penetration Tester:
AWS - Penetration Testing Policy
Azure - Penetration Testing
Microsoft Cloud - Penetration Testing Rules of Engagement
Google Cloud Security FAQ