A penetration test is designed to evaluate your organisations security posture and ultimately to fortify your business. This process meets the requirements of your ISO 27001 accreditation, for vulnerability identification and mitigation.


The identification and remediation of vulnerabilities is a requirement under the ISO 27001 requirement:

“A.12.6.1 Control of technical vulnerabilities

Timely information about technical vulnerabilities of information systems being used shall be obtained, the organisation’s exposure to such vulnerabilities evaluated, and appropriate measures taken to address the associated risk.”

One of the most effective ways to meet this requirement and provide assurance to your clients, that you manage and maintain your data and systems securely, is to conduct a Penetration Test.

Precursor Security will work with you to help protect your data and reputation; subsequently avoiding compromise, breaches in compliance, large fines and ultimately ensuring the continuity of your business.


An ISO 27001 Penetration test and subsequent report will allow your business to:

  • Understand risks that exist across your organisation.
  • Make ongoing improvements to your security posture via specialist support, advice and consultancy.
  • Adhere to ISO 27001 compliance requirements to identify and mitigate vulnerabilities.
  • Gain access to a dedicated team of specialist CREST Registered penetration testers who use the latest tools and techniques to accurately assess and identify emerging threats.


1. Why do I need a Penetration test for ISO 27001?

The identification and mitigation of vulnerabilities is a requirement under ISO 27001 compliance requirement A.12.6.1. The most effective way to address this requirement is to conduct regular Penetration tests against your organisation to mitigate vulnerabilities before a real-world attacker can exploit them.

2. What will I receive after the test has been completed?

The deliverable from any Internal Network Test is a complete report, detailing and contextualizing each identified vulnerability against your business and relaying the risks that each issue poses to your systems and services.

The report provides a complete description of what each identified issue is, specific remediation advice on how to address the issue, and detailed evidence, wherever necessary to verify the issues impact.