I have been assigned the task of making an "Ethical Hacking Policy" for an organization.
I have divided the content into 3 parts - Purpose, Scope and Compliance Measures

I am well aware of the compliance measures but I need help in figuring out how to write the Purpose and Scope for an Ethical Hacking Policy
Please help me out

Thanks in advance