About our testing services
We provide tailored testing services to assess risk to your business focusing on your organisation’s needs.
From the onset we ensure that the testing you are seeking is actually what you need to help you robustly assess your risk.
Types of testing
Find out more about the different testing we do by clicking on links below:
How we manage a testing activity with a client
Once we have exchanged Non Disclosure Agreements (NDAs), we start with a scoping call which allows us to introduce the testers and other support staff that may be working on your test.
Scoping
We ask you to explain what you want from the test and where it fits into your overall security management.
You will be asked about previous testing you may have conducted, and about the impact and remediation steps you have taken since.
From this, we will develop a bespoke test plan around your requirements; leveraging good/best practice industry guidelines and standards like CSA(CCM), MAST, OWASP.
Suitable dates and times for the testing activity will be arranged and we’ll agree the timeline for report and debrief delivery.
Testing
During testing we regularly keep you informed on the progress and will contact you if we discover an urgent issue like a critical vulnerability or evidence of the exploitation of a vulnerability (aka a breach). We advise you when the testing phase is complete and conduct a hot wash-up. We then draft a report and presentation materials for your staff.
Reporting
We will deliver (not by email) your report and debrief materials. The report includes executive summaries and action plans to assist you in the remediation of the issues we’ve identified. We also conduct a debrief for you at a mutually convenient date/time.
Post-Test
If your accounts department is on the ball and pays their invoice within 15 days, we offer a retest of any medium or above finding and an up-issue of the report to confirm that the finding is closed.
3 months following completion of the testing we follow up with you to ensure you are progressing the remediation activity.
5 months after the completion we contact you again, as we destroy all data (scan results and reports etc.) from the testing at the 6 month point. You can however request that we retain this data for longer if you are planning additional support from us.