The goal of penetration testing is to determine if unauthorized access to key systems and files can be achieved. Penetration testing is not a template driven process.  Each penetration testing program should be relevant for the size and scope of the business for which the testing is being conducted. All locations of sensitive data, all key applications that store, process, or transmit such data, all key network connections, and all key access points should be included in the design of the penetration testing program. The penetration testing should attempt to exploit security vulnerabilities and weaknesses throughout the environment.  If the penetration testing reveals vulnerabilities, the vulnerability should be corrected and the penetration testing re-performed until the test is clean and free of any vulnerabilities.