Phase 7
Reporting
Reporting turns the operation into a clear narrative. It shows what was attempted, what worked, what that unlocked, and why the client should care.
Purpose
The report must be usable. It needs enough detail for practitioners to fix the issue and enough structure for leadership to understand the risk without drama.
In Practice
Good reporting ties each finding to the control that failed, the path that followed, the evidence collected, and the practical fix. If the reader cannot reconstruct the operation, the report is too vague.