ISO/IEC 27001 penetration testing & vulnerability analysis

complying with information security management standards

Penetration testing and vulnerability analysis is an essential part of ISO/IEC 27001 Information Security Management System (ISMS) certification and control objective A12.6.1 states that ‘information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk’.

Testing is usually carried out once the scope of the ISMS, and its associated assets, have been identified, but there are other stages that may benefit from security testing. These include, when identifying vulnerabilities as part of the risk assessment process or when ensuring that the controls put in place are effective.

As part of Shearwater Group plc, we can offer a full range of services related to IEC/ICO 27001, helping clients obtain and maintain certification.

get in contact today

the benefits of penetration testing and vulnerability analysis as part of ISO/IEC 27001 certification

uncover vulnerabilities & prioritise improvement efforts

Penetration testing is one of the tools that allow you to identify and classify your most critical vulnerabilities, providing you with vital remediation advice. This gives you the information you need to make informed decisions regarding your security, to effectively prioritise improvement efforts and to reduce the overall likelihood of compromise.

protect your reputation

A data breach can ultimately lead to financial, operational and reputational damage for your organisation. Testing should therefore be carried out on a regular basis, helping protect you from potentially damaging cyber-attacks.

gain security buy-in

Obtaining budget for security improvements can be difficult. Our penetration testing can give you a clear picture of your current position, providing you with the support you need to gain all important security buy-in.

our approach

We go through a rigorous process, ensuring that you get the best possible outcome and to comply with the set IEC/ISO 27001 standards. Below we outline the key stages our penetration testing and vulnerability analysis goes through:

1.scoping

We work with you to fully understand your organisation, the required testing to be performed and the security objectives.

2. proposal & prerequisites

A proposal will be drawn up outlining the planned scope of work, the set rules of engagement and any preparations needed to allow us to start testing.

3. testing

Testing commences once the proposal has been agreed and signed authorisation has been granted.

Penetration testing approach - Pentest - Information security assurance

4. ongoing communication

Our consultants will communicate with you throughout the test, to your set requirements.

5. reporting

A comprehensive, quality assured report of test findings, and associated remediation advice, will be delivered.

6. post-test support

Our consultants will be available after the test to offer advice and guidance on any aspect of the report, as well as remediation efforts.

7. retest

We will conduct a retest once remediation has been complete, ensuring the vulnerabilities found during testing have been successfully mitigated.

why choose us?

experience and expertise

Our team of security consultants have years of experience in information security testing, hold numerous qualifications and have worked with many companies to provide penetration testing and vulnerability analysis as part of their ICO/IEC 27001 certification process.

part of Shearwater Group plc

As part of Shearwater Group plc, we can offer a range of additional services based around ICO/IEC 27001 certification. Xcina Consulting, our sister company, are a BSI (British Standards Institute) Associate Consultant Programme Platinum member.

Their services include advisory & oversight, formal assessment, gap analysis and remediation, implementation of ISMS frameworks, security policies and information security training.

post-test support

Our consultants will be available after our test report has been delivered, offering guidance on any aspect of the report, as well as to provide support for your remediation efforts.

dedicated account management

Every client is appointed a dedicated account manager to oversee the testing process and we work with all relevant stakeholders to ensure that the best possible outcome is achieved.

contact us

want to find out more about our compliance services or looking to start testing? Our team are on hand to provide you with the information and support you need.