Understand Client Objectives: The first step is to determine what the client is looking to achieve.
Scope Definition: Define the boundaries of the assessment. This may include specific systems, locations, or even personnel.
Rules of Engagement: These should be clearly defined, understood and agreed upon by all parties before any activities commence. This may include allowable techniques, time-windows for attack, and actions on detection.