IT Health Check (ITHC)

JUMPSEC helps you determine the integrity of your systems and data with an IT Health Check (ITHC).

The Public Services Network (PSN) is the government’s network which helps public sector organisations work together. An ITHC provides an independent assessment of your organisation’s cyber security.

Providing assurance that your external and internal systems are protected from unauthorised access or change and to ensure you do not provide an unauthorised entry point into systems that consume PSN services. We work with you to accurately scope a penetration test for PSN Code of Connection (CoCo) compliance, and establish the most appropriate approach to meet your PSN compliance needs.

JUMPSEC is accredited by the National Cyber Security Centre (NCSC) to perform an ITHC under the terms and conditions of the CHECK scheme. The test is performed by our team of in-house expert CHECK and CREST certified ethical hackers and cybersecurity analysts who simulate real-world attacks, using industry-leading techniques. So you gain real-world insights into your vulnerabilities.

Our service is available immediately directly or can be procured via the Government Digital Marketplace (G-Cloud) check-service.

Why you need an ITHC?

  • Mandatory Requirement – An annual ITHC is required by the PSN CoCo. Failure to comply may lead to disconnection from the PSN Network. Impacting your ability to connect with other public sector bodies.
  • Renew your PSN certificate – The PSN certificate that grants access to Government PSN digital resources is an annual commitment. If your certificate expiry date is approaching, you will need to organise a new IT health check.
  • Improve your security – An IT Health Check will ensure that your internal and external network infrastructure is securely deployed and hardened, and that adequate security has been implemented to protect the confidentiality, integrity and availability of your information, data and assets.

Why JUMPSEC ITHC?

  • Management of risk though visibility of vulnerabilities – We provide you with a clear point in time view of what exploitable vulnerabilities you have, from an internal and external perspective so you know what risks you are exposed to.
  • Strengthen your security posture – Our reports provide recommendations to you on how to remediate any vulnerabilities according to severity and potential impact to you, so you can decide on how to harden your position based on your appetite to risk. Outlining high level findings, recommendations, and root cause analysis. A detailed vulnerability report with point fix recommendations to include CVSS scores.
  • Confidence that your security meets your PSN CoCo compliance needs – We work with you to determine the level of information security due diligence your organisation needs to ensure you meet your compliance requirements.
  • Complex technical risk translated into business terms – We take the time to understand your organisation and present technical risks in terms that are relevant to you. Providing actionable insights to address risk areas and non-compliance.

What makes up JUMPSEC ITHC?

jumpsec red teaming open source intelligence gathering icon

Internal & External Testing

Our external testing covers infrastructure such as firewalls, web and email servers, VPN’s that allows remote connection to your network from your employees or third-party suppliers.

Our internal testing includes vulnerability scanning and manual analysis of your internal network infrastructure including build configurations for desktops, servers, laptops, tablets, phones, or other mobile devices as well as network management devices security appliances. We will also look at any mobile management solutions, such as Bring your own device (BYOD). We conduct test patching at operating system, application and firmware levels and internal security gateways and wireless network configurations.

jumpsec social engineering comprehensive reporting icon

Rigorous analysis and reporting

Our experts provide you with comprehensive reports with evidential support detailing any vulnerability found, with a clear summary of the number, type, and severity (including CVSS base score mapping) of the issues identified and recommendations for remediation. At the start of the engagement we provide helpful guides to ensure the correct scope and our report follows a format that an assessor will be happy with.

jumpsec managed vulnerability scanning experience vulnerability report analysis support icon

In-House Expert Team

By understanding the hacker mindset, objectives, strategies and techniques our expert ethical hackers and security researchers ensure simulation of real world attacks, but in a safe non-disruptive way.

jumpsec penetration testing state of the art tools and techniques icon

State of the art Tools and Techniques

Our team uses the latest techniques combined with state of the art toolsets drawing from commercial, open source and our own in-house developed tools. We constantly evolve our methodology to ensure the most up to date tools and techniques are employed.

jumpsec Cyber Incident Response Accredited Standards icon

ACCREDITED STANDARDS

JUMPSEC is CHECK approved and our expert team are CREST Certified. Our Penetration Testing methodologies are extensive and drawn from CREST, OSSTMM (Open Source Security Testing Methodology Manual), and OWASP (Open Web Application Security Project) and designed to offer our clients maximum assurance whilst ensuring that testing does not disturb your ongoing operations.

jumpsec penetration testing continuous expert support icon

CONTINUOUS EXPERT SUPPORT

We love what we do and we are just a phone call away. When you take our Penetration Testing services you receive continuous expert support backed by rigorous processes and procedures. You can contact us at any time for any security related questions.

Further Resources

Learn more about NCSC and CHECK

Further reading

NCSC CHECK Scheme

Further information regarding the NCSC CHECK scheme can be found here:

Jumpsec becomes CHECK approved

Press Release

JUMPSEC becomes a National Cyber Security Centre (NCSC) approved CHECK approved company

Keeping-you-informed

Contact

Get in touch

We love to talk! Give us a call on  0333 939 8080, email [email protected] or click below to fill out the contact form and we will get back to you straight away.