I wouldn't put that t exactly like that, but I would talk to the director and put something similar.
Most compliance frameworks like SOC 2 have a requirement for an annual pen test, so if the pen test was over a year old it wouldn't matter anyway. Best approach would just be to talk to the director and say something along the lines of "Our next pentest is scheduled for date XYZ and we can send you those results upon completion".
People who tend to freak out in situations like these where "let's lie" is their go-to, when an honest approach is possible that will likely get the job done, scare me.
Most compliance frameworks like SOC 2 have a requirement for an annual pen test, so if the pen test was over a year old it wouldn't matter anyway. Best approach would just be to talk to the director and say something along the lines of "Our next pentest is scheduled for date XYZ and we can send you those results upon completion".
People who tend to freak out in situations like these where "let's lie" is their go-to, when an honest approach is possible that will likely get the job done, scare me.