Where I work is looking to do some penetration testing. It is a relatively small company and this is the first time it has done any such test.

I was hoping that the community could give some advice on the do's, do not's and the bare in minds we should know when picking a person or company to test our servers.

I will also be researching the web but I know there are a lot of smart people on these forums, so any advice would be greatly appreciated.

Many Thanks