Penetration Testing for ISO-27001

Mon-Fri, 9am - 6pm CET

In ISO 27001, a process-based approach for establishing, implementing, executing, monitoring, maintaining and improving information security is based on an Information Security Management System. With an ISO 27001 certification you show to your clients that the information process is under control and client data is processed in a secure way.

To obtain an ISO 27001 certification, an organization must be able to demonstrate that the security of its applications and underlying systems is in order. Web Security Scan supports organizations in the certification process through an ISO 27001 penetration test, which examines whether the security of the IT systems is adequate.

Penetration Testing for ISO 27001 Certification

A component for obtaining an ISO 27001 certification is the execution of a penetration test. In this way, the current state of security is mapped out and demonstrated where it needs to be improved. The report enables the organization to demonstrate to the auditor that the necessary precautions have been taken to protect sensitive information against unauthorized access and processing.

Request a quote now for a ISO 27001 pentest, view our pricing model or contact us for more information.

ISO 27001 certified, yet a pentest?

Your organization is already ISO 27001 certified and has designed an Information Security Management System (ISMS) to control information security. As part of the Plan-Do-Check-Act cycle, an internal audit or a risk analysis must be carried out in order to improve as an organization. By means of a (periodic) pentest, the organization gains insight into the potential risks and input for implementing improvements in the ISMS. This way, the organizations is able to protect itself against external attacks and can be timely adjusted for vulnerabilities and security risks.

When do you perform a pentest as part of your Information Security Management System (ISMS)?

  • A penetration test contributes significantly to your ISMS project as part of the risk analysis process. Vulnerabilities in web applications, internal systems and applications are exposed and related to identifiable threats.
  • As part of the risk treatment plan that allows you to ensure that all implemented measures work as they are supposed to.
  • As part of the ongoing continuing improvement of processes, to ensure that measures are functioning properly, and that new and emerging threats and vulnerabilities are identified and corrected.