As mentioned on our Penetration Testing page, we offer a compliance testing service. This activity possesses a number of similarities to penetration testing but it is not a penetration testing service.
Compliance Testing Goals
The primary goals of the compliance testing service is to identify if the network under test is compliant to the policies and documentation that led to its implementation. We utilise commercial and open source tools to scan networks or individual components under test to identify compliance and documentation deviations and vulnerabilities.
This information permits us to perform more detailed manual analysis on the findings to reduce errors and false positives.
Compliance Testing Outcomes
From the testing performed we develop a detailed gap analysis for the network or networked devices tested. This report provides its sponsor with an appropriate level of information to investigate further to identify policy and procedure shortcomings and be able to identify what and where specific remediation actions are required.
Who may find this service useful
Any organisation that desires to to improve the security posture of their organisation or has ongoing compliance activities to meet such as Sarbanes Oxley (SOX) or PCI-DSS obligations.