Penetration Testing
Examination of defined Internet facing IP addresses, testing for configuration, operating system and software vulnerabilities, as well as unauthenticated application level vulnerabilities. Security issues identified are reported and resolutions recommended, allowing the customer to eliminate or mitigate the risk, thus greatly reducing the likelihood of a successful attack.
Features
- Industry recognised methodologies (e.g. OSSTMM, OWASP, PCI) employed
- CVSS and CVE references included in reports
- Management summary with business implications
- Summary of risks identified, ordered from high to low severity
- Technical details of each issue found
- Recommendations for closing holes found
- Background information/evidence to support results
- Includes retesting of critical or high risk vulnerabilities identified
- Post-delivery support and guidance included
- Security cleared personnel (e.g. BPSS, SC, NPPV Level 3) available
Benefits
- Identifies security vulnerabilities and configuration weaknesses
- Demonstrates information security best practice
- Supports accreditation (e.g. RMADS) activities
- Aligns to an Information Security Management System (ISMS)
- Improves protection of business information and data assets
- Meets PCI Data Security Standard (DSS) compliance requirements
Pricing
£850 a person a day
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
7 5 4 2 5 5 0 2 9 5 7 6 0 9 8
Contact
NTA Monitor Ltd.
Gavin Simms
Telephone: 01634 721855
Email: gavin.simms@intertek.com
Planning
- Planning service
- No
Training
- Training service provided
- No
Setup and migration
- Setup or migration service available
- Yes
- How the setup or migration service works
- This service allows organisations who have procured services via the Digital Marketplace, or who are using cloud hosted software, infrastructure or platforms, to gain independent analysis and information security assurance regarding the governance and controls that are in place to protect these services and systems. Such assurance is vital for cloud based services which possess specific security considerations due to their on-demand, remotely accessible and multi-tenanted attributes.
- Setup or migration service is for specific cloud services
- No
Quality assurance and performance testing
- Quality assurance and performance testing service
- No
Security testing
- Security services
- Yes
- Security services type
-
- Cyber security consultancy
- Security testing
- Security audit services
- Certified security testers
- Yes
- Security testing certifications
-
- CHECK
- CREST
Ongoing support
- Ongoing support service
- No
Service scope
- Service constraints
- N/A
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Support Service Type:
• Email
• Phone
• Onsite
Support Availability
9:30am - 5:30pm (Mon - Fri)
Standard Response Times
Up to 24 hours (remote support) Up to 10 working days (onsite support).
Incident escalation process available
Yes - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Support levels
-
Support Levels:
• Email (FOC)
• Phone (FOC)
• Onsite (chargeable at day rate)
• A technical consultant would be allocated to handle any support issue
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Security Clearance (SC)
Pricing
- Price
- £850 a person a day
- Discount for educational organisations
- No