Peer/manager review for any deliverables, post-mortems of any incidents, customer results briefings, and relationship extension/management processes should all be executed before the end of the engagement. Security assessments can sometimes become "fire and forget" (especially if they are conducted remotely), so the consultant often has to drive face time and gauge satisfaction through formal mechanisms. Tools like customer satisfaction surveys can help increase customer retention and drive improvements into the service.
Return to the security site assessment FAQ guide and read the rest of Joel's expert answers.
This was first published in May 2008