Compliance Testing

What is Compliance testing?

A compliance test is a penetration test conducted for a specific purpose or need, and often with a pre-defined scope of work established by the relevant accrediting body.
Unlike a typical penetration test where the scope of work and key goals or targets can be determined by your own security concerns, a compliance test will typically have a predefined set of requirements and intentions which will need to be met.

Why perform a Compliance Test?

Compliance based security assessments can be required for a number of reasons but are typically designed to confirm that your organisation is ensuring the security of your systems and the data you store.

The specific compliance requirement you wish to achieve may require varying levels of security testing, some more extensive than others, but each are designed to establish their own standardised level of security for any organisation wishing to achieve that level of accreditation.


Types of COMPLIANCE Test

There are numerous types of security compliance tests which our team at Precursor Security can help your organisation to achieve. The following types can each be carried out by our CREST Penetration testers, to help you meet all of the requirements necessary for your regulatory body.

cyber essentials
Cyber Essentials is a government backed scheme aimed at protecting your organisation from a range of common and easily exploitable internet born threats.

Achieving this compliance level is required for those organisations wishing to bid for central government contracts which involve sensitive or personal data or the provision of technical products and services.
credit card
PCI 11.3 Penetration Testing is a requirement set out by the PCI Security Standards council and is aimed at ensuring any systems involved with Cardholder data are protected.

For any organisations which accept, transmit or store Cardholder data this type of security assessment is a requirement.
certificate
Penetration Testing is a requirement under the ISO 27001 compliance standards as organisations are required to identify and address vulnerabilities which may be present within their systems.

Any organisation which is aiming to become ISO 27001 accredited will need to conduct regular security assessments to meet the needs of this compliance standard.
user
An IT Health Check is an annual requirement, for Penetration Testing, for those organisations wishing to gain or maintain access to the Public Sector Networks (PSN).

The security assessment forms part of a Code of Connection (CoCo) application form and is required to be conducted on a regular basis to ensure your organisation is managing and maintaining a secure network environment.

Ready to secure your business?

GET IN TOUCH