Compliance & Due Diligence Cybersecurity Testing Services
Providing the penetration testing and security assurance your compliance obligations and due diligence processes require, delivered by CREST-accredited experts.
Pentest Compliance Services
Our Compliance & Due Diligence Services
We support organisations across a range of frameworks and due diligence processes, providing the technical testing and documented assurance evidence they require.
ISO 27001 Penetration Testing
ISO 27001 certification requires organisations to implement and maintain a range of technical controls as part of their Information Security Management System (ISMS), including controls relating to technical vulnerability management and information systems audit. Penetration testing and vulnerability analysis provide the evidence that these controls are implemented effectively and are functioning as intended.
Our ISO 27001 penetration testing service is scoped to align with your ISMS boundaries and the specific Annex A controls relevant to your certification. We provide testing that satisfies the requirements of your certification body and the expectations of your auditor, along with reporting that maps our findings directly to your control framework, making the audit process as straightforward as possible.
PCI DSS Penetration Testing
PCI DSS mandates that organisations storing, processing, or transmitting cardholder data conduct penetration testing at least annually and following any significant changes to their infrastructure or applications. Under PCI DSS v4.0, the requirements for that testing have been strengthened, making it more important than ever that testing is conducted by qualified professionals.
Our PCI DSS penetration testing service is scoped specifically to your cardholder data environment (CDE) and the systems in scope for your assessment. We test both your external perimeter and internal network segmentation controls, validate that your CDE boundaries are effective, and produce reporting that meets the evidence requirements of your Qualified Security Assessor (QSA) or Self-Assessment Questionnaire (SAQ) process.
Merger & Acquisition (M&A) Due Diligence
Cybersecurity is one of the most underestimated risk factors in any merger or acquisition. Inherited vulnerabilities, undisclosed breaches or unpatched systems can represent substantial financial and reputational liabilities, ones that become your problem the moment a deal completes.
Our M&A cybersecurity due diligence service is designed to give organisations an accurate, independent picture of the security posture of a business before completion. We assess the technical security of systems, applications, and infrastructure, identify material risks, and provide clear reporting that supports informed negotiation and post-acquisition remediation planning.
We work within the constraints typical of M&A processes, operating discreetly, to tight timelines, and with the level of access available at each stage of the transaction.
Additional Services
Additional Compliance Frameworks We Support
We assist organisations seeking to meet security testing obligations across a wide range of UK, European, and international regulatory frameworks, whether testing is a mandatory requirement or supports broader security and risk management obligations.
- GDPR / The Data Protection Act 2018
- Digital Operational Resilience Act (DORA)
- SOC 2
- Health Insurance Portability & Accountability Act (HIPAA)
- Sarbanes-Oxley Act (SOX)
- Federal Information Security Management Act (FISMA)
- NIS Directive
- SWIFT Customer Security Programme (CSP)