I am currently reading the book "No Tech Hacking" by Johnny Long, Scott Pinzon and Kevin Mitnick.  I would certaintly recommend it when it comes to physical security

1. Receiving the assignment – At this stage, contracts have been signed and certain legal formalities observed.

2. Negotiating the Rules of Engagement – These define what you can and can’t do during testing and their purpose is usually to limit testers to a certain scope.

3. Performing Preliminary Research – You are now ready to pursue the initial information-gathering phase. This will take many forms:
 • Determining Risk – It’s important to accurately gauge the risk a project poses both to the company and to the team members executing it.
 • Writing a Test Plan – A formal (but flexible) test plan is a good idea from both project management and legal perspectives.
 • Gathering Equipment – Equipment is discussed in Chapter 8 but it’s important for the team to take gear that’s appropriate to the test without being over encumbered.

4. Providing documentation and legal requirements – Once the planning stage is complete you will have a not insignificant amount of documentation. We discuss what you should have and who should have access to it.