ISO 27001 Penetration Testing & Vulnerability Analysis
Helping you achieve & maintain ISO 27001 certification
ISO 27001 & penetration testing
Information security has quickly moved up the agenda within organisations, with both senior management and clients often requiring assurances that security standards have been met. The ISO 27001 certification is an internationally trusted standard which helps organisations establish, implement, maintain, and continually improve their information security management systems (ISMS), ensuring that information assets remain safe and secure.
Penetration testing and vulnerability analysis is an essential part of ISO 27001 certification and control objective A12.6.1 states that:
“Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.”
Our ISO 27001 service has been designed to meet these requirements. But more than that, our service is here to support your security improvement, remediation efforts and provide you with the assurance that your information security is as robust as possible.
Pentest Ltd is not an accrediting body for ISO 27001, we test in accordance with the scope of your ISMS, as set by your Information Security Manager (ISM) or your independent Certification Body (CB). Our sister company, Xcina Consulting, can offer a full range of services related to ISO 27001 as a BSI Platinum Member.
How can penetration testing assist?
Our service can be utilised at various stages throughout the ISO 27001 process, helping you assess and remediate information security risks to your organisation.
Penetration testing is designed to identify as many vulnerabilities as possible within a set target and a set timeframe. These can then be analysed and ranked based on your risk criteria.
Our testing service can be implemented as part of your risk treatment planning, helping ensure that security controls are effective, and work as designed.
What is considered ‘secure’ today can be vulnerable tomorrow. Our services can be deployed on a regular basis, helping you stay on top of these ever-evolving threats. This may include internal auditing of systems, applications, processes and infrastructure covered by the ISMS. Internal auditing is an essential component of the ISO 27001 continuing certification, ensuring compliance (at regular intervals) with both the organisation’s and the International Standard’s requirements.
What we test
Our ISO 27001 testing is tailored to your exact requirements, ensuring that you are meeting your certification requirements and providing assurances that your security measures are as robust as possible. Typically, our ISO 27001 testing will include:
Web & Mobile Applications
Our application testing is aligned with industry standards such as OWASP and will look to uncover as many security issues as possible within a target application. The issues we look for will include injection vulnerabilities, security configuration & authentication, logic flaws such as access control & broken authorisation, data transfer & storage, as well as OWASP Top 10 vulnerabilities.
External & Internal Infrastructure
Our network infrastructure testing is designed to investigate your external networks (your publicly facing networks) and/or your internal networks (the servers, devices and software that make up your internal networks), identifying potential security issues and misconfigurations that could be exploited by malicious outsiders or insider threats.
Not sure what type of testing you need?
Our team will be happy to discuss your individual requirements and provide a no obligation proposal based on your needs.
The security confidence we provide doesn’t come from a one size fits all solution.
Every ISO 27001 test goes through a rigorous process, ensuring that you get the best possible outcome and that you are fully complying with the required standards. Below we outline the key stages our testing goes through:
Like the sound of our approach?
You can find out more about our test process and why it sets us apart.
Want to find out more about our ISO 27001 penetration testing service? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.