Penetration testing and vulnerability analysis is an essential part of ISO/IEC 27001 Information Security Management System (ISMS) certification and control objective A12.6.1, which states that ‘information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.’
Testing is usually carried out once the scope of the ISMS, and associated assets, have been identified, but there are other stages that may benefit from security testing. These include, when identifying vulnerabilities as part of the risk assessment process or when ensuring that the controls put in place are effective.
Siege Cyber penetration testing services are conducted by experienced security professionals that possess the technical expertise to identify and address vulnerabilities across systems, networks and applications. As part of all ISO penetration testing engagements, our team will produce a written report that is tailored to ISO requirements and can be used to demonstrate compliance.