During the course of a penetration test project, a lot of documentation gets saved by the PenTest engineers – vendor documents, client documents, protocol documents, initial reports, final reports, e-mails, and everything that is recorded during that actual system attacks. Most of this data does not need to be retained at the end of a penetration test, except for a few distinct reasons.

A project manager who puts a lot of value into gathered data, whether it is for compiling metrics or other purposes, may want to retain everything. For some managers, having all the data available when needed is better than not having ...