IT Health Check (ITHC)
JUMPSEC helps you determine the integrity of your systems and data with an IT Health Check (ITHC).
The Public Services Network (PSN) is the government’s network which helps public sector organisations work together. An ITHC provides an independent assessment of your organisation’s cyber security.
Providing assurance that your external and internal systems are protected from unauthorised access or change and to ensure you do not provide an unauthorised entry point into systems that consume PSN services. We work with you to accurately scope a penetration test for PSN Code of Connection (CoCo) compliance, and establish the most appropriate approach to meet your PSN compliance needs.
JUMPSEC is accredited by the National Cyber Security Centre (NCSC) to perform an ITHC under the terms and conditions of the CHECK scheme. The test is performed by our team of in-house expert CHECK and CREST certified ethical hackers and cybersecurity analysts who simulate real-world attacks, using industry-leading techniques. So you gain real-world insights into your vulnerabilities.
Our service is available immediately directly or can be procured via the Government Digital Marketplace (G-Cloud) check-service.
Why you need an ITHC?
- Mandatory Requirement – An annual ITHC is required by the PSN CoCo. Failure to comply may lead to disconnection from the PSN Network. Impacting your ability to connect with other public sector bodies.
- Renew your PSN certificate – The PSN certificate that grants access to Government PSN digital resources is an annual commitment. If your certificate expiry date is approaching, you will need to organise a new IT health check.
- Improve your security – An IT Health Check will ensure that your internal and external network infrastructure is securely deployed and hardened, and that adequate security has been implemented to protect the confidentiality, integrity and availability of your information, data and assets.
Why JUMPSEC ITHC?
- Management of risk though visibility of vulnerabilities – We provide you with a clear point in time view of what exploitable vulnerabilities you have, from an internal and external perspective so you know what risks you are exposed to.
- Strengthen your security posture – Our reports provide recommendations to you on how to remediate any vulnerabilities according to severity and potential impact to you, so you can decide on how to harden your position based on your appetite to risk. Outlining high level findings, recommendations, and root cause analysis. A detailed vulnerability report with point fix recommendations to include CVSS scores.
- Confidence that your security meets your PSN CoCo compliance needs – We work with you to determine the level of information security due diligence your organisation needs to ensure you meet your compliance requirements.
- Complex technical risk translated into business terms – We take the time to understand your organisation and present technical risks in terms that are relevant to you. Providing actionable insights to address risk areas and non-compliance.
What makes up JUMPSEC ITHC?
Internal & External Testing
Our external testing covers infrastructure such as firewalls, web and email servers, VPN’s that allows remote connection to your network from your employees or third-party suppliers.
Our internal testing includes vulnerability scanning and manual analysis of your internal network infrastructure including build configurations for desktops, servers, laptops, tablets, phones, or other mobile devices as well as network management devices security appliances. We will also look at any mobile management solutions, such as Bring your own device (BYOD). We conduct test patching at operating system, application and firmware levels and internal security gateways and wireless network configurations.
Rigorous analysis and reporting
Our experts provide you with comprehensive reports with evidential support detailing any vulnerability found, with a clear summary of the number, type, and severity (including CVSS base score mapping) of the issues identified and recommendations for remediation. At the start of the engagement we provide helpful guides to ensure the correct scope and our report follows a format that an assessor will be happy with.
In-House Expert Team
By understanding the hacker mindset, objectives, strategies and techniques our expert ethical hackers and security researchers ensure simulation of real world attacks, but in a safe non-disruptive way.
State of the art Tools and Techniques
Our team uses the latest techniques combined with state of the art toolsets drawing from commercial, open source and our own in-house developed tools. We constantly evolve our methodology to ensure the most up to date tools and techniques are employed.
JUMPSEC is CHECK approved and our expert team are CREST Certified. Our Penetration Testing methodologies are extensive and drawn from CREST, OSSTMM (Open Source Security Testing Methodology Manual), and OWASP (Open Web Application Security Project) and designed to offer our clients maximum assurance whilst ensuring that testing does not disturb your ongoing operations.
CONTINUOUS EXPERT SUPPORT
We love what we do and we are just a phone call away. When you take our Penetration Testing services you receive continuous expert support backed by rigorous processes and procedures. You can contact us at any time for any security related questions.
Learn more about NCSC and CHECK
NCSC CHECK Scheme
Further information regarding the NCSC CHECK scheme can be found here: