Penetration Testing for ISO 27001 Certification
A component for obtaining an ISO 27001 certification is the execution of a penetration test. In this way, the current state of security is mapped out and demonstrated where it needs to be improved. The report enables the organization to demonstrate to the auditor that the necessary precautions have been taken to protect sensitive information against unauthorized access and processing.
Request a quote now for a ISO 27001 pentest, view our pricing model or contact us for more information.
ISO 27001 certified, yet a pentest?
Your organization is already ISO 27001 certified and has designed an Information Security Management System (ISMS) to control information security. As part of the Plan-Do-Check-Act cycle, an internal audit or a risk analysis must be carried out in order to improve as an organization. By means of a (periodic) pentest, the organization gains insight into the potential risks and input for implementing improvements in the ISMS. This way, the organizations is able to protect itself against external attacks and can be timely adjusted for vulnerabilities and security risks.
When do you perform a pentest as part of your Information Security Management System (ISMS)?
- A penetration test contributes significantly to your ISMS project as part of the risk analysis process. Vulnerabilities in web applications, internal systems and applications are exposed and related to identifiable threats.
- As part of the risk treatment plan that allows you to ensure that all implemented measures work as they are supposed to.
- As part of the ongoing continuing improvement of processes, to ensure that measures are functioning properly, and that new and emerging threats and vulnerabilities are identified and corrected.