What is an Engagement Letter and How to Generate One

Last updated: September 12, 2025

An Engagement Letter is a one-page PDF issued when you initiate a penetration test with Astra. It serves as official proof that your company has engaged Astra to conduct a Vulnerability Assessment and Penetration Test (VAPT).

Companies often share this document with:

  • ISO 27001 and SOC 2 auditors (as audit evidence).

  • Clients or partners (to show that an independent pentest is in progress).

Tip: Keep a copy of your Engagement Letter ready when undergoing compliance checks. It assures auditors that pentesting is underway even before final results are available.

image.png

Why it’s Important

  • Provides immediate proof of pentest engagement during audits.

  • Builds trust with clients and stakeholders while testing is ongoing.

  • Serves as an interim compliance document before the final Pentest Report and Certificate of Completion are issued.

What the Engagement Letter Includes

  • Your organization’s name and website

  • The scope of testing (e.g., web apps, APIs, networks, cloud)

  • The testing plan and current status

  • A statement confirming Astra’s engagement

  • Next steps: detailed report, remediation guidance, re-test, and pentest certificate

How to Generate an Engagement Letter

Engagement Letters are only issued for manual pentest plans. They are not available for automated scanner plans.

  1. Log in to your Astra Dashboard.

  2. Go to the Reports page.

  3. Select Engagement Letter and click on Continue

  4. Select the Targets for which you want to generate this report and click on Continue

  5. Enter the business name and address, and click on Download to instantly generate a PDF letter