Originally posted here by TechieChick

Talk to the person doing the testing directly
Ask what methods they plan on using and ask what they plan on implementing to limit unintentional damage to the network.
Ask what they plan on doing with the data after they are finished testing.

Personally, and this hasn't been tested in a legal sense yet as I've not had my hind end hauled into court yet but I have everyone involved sign a contract. I promise not to reveal details of anything discovered except to authorized personal, not to destroy or release data and adhere to the times set up for testing only.
I could'nt have said it better myself. I always have a non-disclosure agreement drawn up between myself and the client when I do network security checks. It protects me and them. Also if I hire any help for "ANY" job. I require at least three business references (not personal), of known companies in the area (or elsewhere depending on location). I always do a background check and depending on age. I check the highschool they came from. You would be amazed at what you can find out from a school about a prospect.

So no flames from me TC. I think you hit it on the nail. I would NOT hire some k1dd13 to work for me because he hacked AOL.

Just my $.02 worth.