ISO/IEC 27001 penetration testing & vulnerability analysis

complying with information security management standards

Penetration testing and vulnerability analysis is an essential part of ISO/IEC 27001 Information Security Management System (ISMS) certification and control objective A12.6.1 states that ‘information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk’.

Testing is usually carried out once the scope of the ISMS, and associated assets, have been identified, but there are other stages that may benefit from security testing. These include, when identifying vulnerabilities as part of the risk assessment process or when ensuring that the controls put in place are effective.

As part of Shearwater Group plc, we can offer a full range of services related to IEC/ICO 27001, helping clients obtain and maintain certification.

The benefits of our ISO/IEC 27001 service

uncover vulnerabilities &
prioritise improvement efforts

Penetration testing is one of the tools that allow you to identify and classify your most critical vulnerabilities, providing you with vital remediation advice. This gives you the information you need to make informed decisions regarding your security, to effectively prioritize improvement efforts and to reduce the overall likelihood of compromise.​

Obtain security
buy-in

Obtaining budget for security improvements can be difficult. Our penetration testing can give you a clear picture of your current situation, providing you with the support you need to gain all important security buy-in.

Protect your
reputation

A data breach can ultimately lead to financial, operational and reputational damage for your organisation. Testing should therefore be carried out on a regular basis, helping protect you from potentially damaging cyber-attacks.

Our approach

We go through a rigorous process, ensuring that you get the best possible outcome and to comply with the set IEC/ISO 27001 standards. Below we outline the key stages our penetration testing and vulnerability analysis goes through:

1. Scoping

We work with you to fully understand your organisation, the required testing to be performed and the security objectives.

2. Proposal & prerequisites

A proposal will be drawn up outlining the planned scope of work, the set rules of engagement and any preparations needed to allow us to start testing.

3. Testing

Testing commences once the proposal has been agreed and signed authorisation has been granted.

4. Ongoing communication

Our consultants will communicate with you throughout the test, to your set requirements.

5. Reporting

A comprehensive, quality assured report of test findings, and associated remediation advice, will be delivered.

6. Post test support

Our consultants will be available after the test to offer advice and guidance on any aspect of the report, as well as remediation efforts.​

7. Retest

We will conduct a retest once remediation has been complete, ensuring the vulnerabilities found during testing have been successfully mitigated.

Contact us

Want to find out more about our ISO/IEC 27001 testing services? Our team are on hand to provide you with the information and support you need. Fill out the form below and one of our team will be in touch shortly.

Our latest research

Our Labs page is the place to discover our latest research, advisories, tool releases and challenges.

Looking to improve your security? Our insights are a great place to start.