ISO 27001 & our testing services
Information security has quickly moved up the agenda within organisations, with both senior management and clients often requiring assurances that security standards have been met. The ISO 27001 certification is an internationally trusted standard which helps organisations establish, implement, maintain, and continually improve their information security management systems (ISMS), ensuring that information assets remain safe and secure.
Penetration testing and vulnerability analysis is an essential part of ISO 27001 certification and control objective A12.6.1 states that:
“Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.”
Our ISO 27001 service has been designed to meet these requirements. But more than that, our service is here to support your security improvement, remediation efforts and provide you with the assurance that your information security is as robust as possible.
Pentest Ltd is not an accrediting body for ISO 27001, we test in accordance with the scope of your ISMS, as set by your Information Security Manager (ISM) or your independent Certification Body (CB). Our sister company, Xcina Consulting, can offer a full range of services related to ISO 27001 as a BSI Platinum Member.
Find out more about Pentest
Find out more about Pentest, the support we offer and
the reasons clients choose us.
Where does testing fit into the ISO 27001 process?
Our service can be utilised at various stages throughout the ISO 27001 process, helping you assess and remediate information security risks to your organisation.
What we test
Our ISO 27001 testing is tailored to your exact requirements, ensuring that you are meeting your certification requirements and providing assurances that your security measures are as robust as possible. Typically, our ISO 27001 testing will include:
Not sure what testing you need?
Our team will be happy to discuss your individual requirements and provide a no obligation proposal based on your needs.
Our ISO 27001 testing process
Every ISO 27001 test goes through a rigorous process, ensuring that you get the best possible outcome and that you are fully complying with the required standards. Below we outline the key stages our testing goes through:
Your dedicated account manager (AM) will work with you to fully understand your organisation, your security objectives and the systems under review. The AM will then work with the assigned Pentest consultants & your stakeholders to ensure testing meets your needs.
A bespoke proposal of work will be drawn up based on the information gathered from the earlier stage. This will outline the planned scope of work, our approach, the set rules of engagement and any preparations needed to allow us to start testing.
Testing will begin on the agreed date and our consultants will communicate with you throughout the engagement, to your set requirements. All testing is conducted manually, and our consultants will look to identify as many issues as possible in the time allotted.
A comprehensive, quality assured report will be delivered following the test. Our report will provide both a technical and managerial overview of testing, a comprehensive analysis of the vulnerabilities found and our detailed remediation advice.
5. Post-test support & retest
Our job does not finish with the delivery of the report and our consultants will be available after the test to support your remediation efforts. Once remediation efforts have been completed, we will conduct a fix-check ensuring the issues have been mitigated.
6. Evidence of testing
We can provide further evidence of testing, outlining the initial test engagement and reporting upon any retesting phases that were undertaken. These documents are designed to provide the detailed evidence needed to satisfy ISO 27001 certification requirements.
Why choose Pentest?
Our test process isn’t the only reason clients choose to work with us. Find out more about Pentest, our ethos and the support we offer our clients.
Want to find out more about our ISO 27001 penetration testing service? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.