ISO/IEC 27001 penetration testing & vulnerability analysis
complying with information security management standards
Penetration testing and vulnerability analysis is an essential part of ISO/IEC 27001 Information Security Management System (ISMS) certification and control objective A12.6.1 states that ‘information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk’.
Testing is usually carried out once the scope of the ISMS, and associated assets, have been identified, but there are other stages that may benefit from security testing. These include, when identifying vulnerabilities as part of the risk assessment process or when ensuring that the controls put in place are effective.
As part of Shearwater Group plc, we can offer a full range of services related to IEC/ICO 27001, helping clients obtain and maintain certification.
The benefits of our ISO/IEC 27001 service
uncover vulnerabilities &
prioritise improvement efforts
Obtain security
buy-in
Protect your
reputation
Our approach
We go through a rigorous process, ensuring that you get the best possible outcome and to comply with the set IEC/ISO 27001 standards. Below we outline the key stages our penetration testing and vulnerability analysis goes through:
1. Scoping
We work with you to fully understand your organisation, the required testing to be performed and the security objectives.
2. Proposal & prerequisites
A proposal will be drawn up outlining the planned scope of work, the set rules of engagement and any preparations needed to allow us to start testing.
3. Testing
Testing commences once the proposal has been agreed and signed authorisation has been granted.
4. Ongoing communication
Our consultants will communicate with you throughout the test, to your set requirements.
5. Reporting
A comprehensive, quality assured report of test findings, and associated remediation advice, will be delivered.
6. Post test support
Our consultants will be available after the test to offer advice and guidance on any aspect of the report, as well as remediation efforts.
7. Retest
We will conduct a retest once remediation has been complete, ensuring the vulnerabilities found during testing have been successfully mitigated.
Contact us
Want to find out more about our ISO/IEC 27001 testing services? Our team are on hand to provide you with the information and support you need. Fill out the form below and one of our team will be in touch shortly.
Our latest research
Our Labs page is the place to discover our latest research, advisories, tool releases and challenges.
Looking to improve your security? Our insights are a great place to start.