IT Health Check – ITHC for PSN Compliance
Pentest People are a CHECK accredited organisation and can scope and perform your IT Health Check (ITHC) for access to the Public Services Network (PSN).
Receive an IT Health Check Report required for annual access to the Public Services Network.
Engage with Pentest People to ensure your scope is identifed in line with the PSN requirements.
Pentest People are a CREST accredited company able to perform IT Health Checks.
IT Health Check for PSN Compliance
The Public Services Network (PSN) is the government’s high-performance network, which helps public sector organisations work together, reduce duplication and share resources. Organisations, both 
public and private sector that require a connection to the PSN require to complete a Code of Connection (CoCo) application.
It is a requirement of the CoCo application to provide a recent (within 12 months) IT Health Check report that has to be performed by a qualified organisation. Pentest People, through their CREST membership, are able to provide ITHC services to organisations requiring connection to the PSN.
Organisations connecting to the PSN have to perform an annual IT Health Check in order to sustain the connection.
Requirements of the IT Health Check
An IT Health Check requires both an External and Internal assessment. Pentest People will assign a qualified security consultant to help with scoping the engagement and delivering the project. Depending on the size of the network and number of devices, sample testing of a minimum of 10 per cent of the estate can be performed and correct scoping is critical to ensure that the service offered meets the CoCo requiremetns without being over bearing and over budget.
External Assessment
The External Assessment part of the ITHC should include public-facing services such as email servers, web servers and other systems such as the firewalls in place to prevent unauthorised access from the public Internet into your organisation.
Any other inbound connections from the Internet such as Remote Access or Site-to-Site Virtual Private Networks (VPNs) also need to be assessed as part of the engagement. This assessment takes place for the infrastructure and authentication methods in place to protect the connections.
Internal Assessment
Internal testing takes the form of a Penetration Test and should include Vulnerability Scanning and a thorough Manual Analysis of your internal network.
At a minimum it should include:
- Desktop and Server build and configuration, and network management security
- Patching of Operating Systems, Applications and Firmware levels
- Configuration of Remote Access solutions including Virtual Private Networks (VPNs) and the associated authentication
- Build and Configuration Review of Laptops and other Mobile devices such as phones and tablets used for remote access
- Internal Security Gateway configuration including the Firewall connection to the PSN network.
- Wireless Network configuration
The assessment of the above look to provide assurance that your internal systems are configured in a secure manner and are being properly maintained.
How can we help?
Pentest People can provide a full engagement from scoping the assessment and carrying out both the external and internal assessments. An IT Health Check report will be presented as the deliverable of the project that can be used for your Code of Connection application for access to the Public Services Network.
The service would be delivered as part of the Pentest People Penetration Testing as a Service (PTaaS) and full access to the SecurePortal and other complementary tools would be provided.
IT Security and the associated terminology is a mainstream issue for all businesses due to the reliance business places on its IT systems combined with the prevalence of attacks. Various forms of compliance exist that mandate regular Penetration Testing as a standard and the risks of not doing anything are widely publicised.
Key Benefits
- Identify Security Vulnerabilities within your organisation allowing you to proactively remediate any issues that arise
- Improve your security posture, allowing you to reduce the threat of a cyber attack occurring against your business
- Comply with various regulatory bodies who mandate regular Penetration Testing be performed within your infrastructure
- Be able to prove to your supply chain that you are taking the necessary precautions to ensure your strong security posture
- Be able to focus efforts on important security issues by identifying the high-risk items identified in the Penetration Testing report
Frequently Asked Questions
-
What is an Infrastructure Penetration Test?
An Infrastructure Penetration Test is a full consultant-led assessment of the security of your external and internal infrastructure. Pentest People use industry leading methodologies and tools to identify the latest software and configuration vulnerabilities for all devices on your network.
-
What is the difference between an internal and external Penetration Test?
An Internal Penetration Test is where a consultant would be placed within your corporate environment and connected to your internal network looking for security issues from the inside.
An External Penetration Test is where a consultant looks for security issues from the outside of your network, generally over the public Internet.
-
What is the difference between a Vuln Scan and a Pen Test?
A Vulnerability Scan is performed by a software tool that scans the network and checks available services for known vulnerabilities. A Penetration Test takes this one step further and uses a consultant to check for vulnerabilities that an automated scanner cannot find as well as to manually confirm any identified vulnerabilities.
-
What is the deliverable from the service?
The deliverable from this service is a full Penetration Test Report that is uploaded to our SecurePortal and available for you to interact with.
This differs from the competition in the way this is delivered and we believe this is a much clearer way to work with an manage the results of the assessment.