Service

Penetration testing

Helping your organisation to reduce the risk of information security breaches and reduce the costs of prevention, management, remediation and audit activities.

For enquiries contact:

About penetration testing

We provide vulnerability testing and consultancy services designed to minimise the security threat to your organisation. 

This service provides you with a complete solution: scoping, advice, testing, reporting and corrective actions.

Our testing methodology

All testing is carried out to our comprehensive methodology, which focuses on:

  • Identifying individual vulnerabilities within the system and applications based on security industry best practices
  • Helping understand the relevance and potential impact of these vulnerabilities to your system
  • Provide information on how to remediate them and recommendations to improve the overall security posture of the system to guard against future threats.

The methodology is an amalgamation of various industry standard methodologies, including but not limited to:

Testing reporting

A comprehensive report is produced at the conclusion of the testing, typically containing:

  • An executive summary: an overview of the entire assessment including any recommendations to improve the security posture of the in-scope environment
  • A graphical summary: a graphical representation of the key findings, split into three categories and then positioned against likelihood of exploitation
  • A vulnerability analysis: a detailed description of each discovered flaw including any necessary technical information and corrective recommendations
  • An exploitation probability: each listed vulnerability is assigned a probability rating based on how likely it is to be exploited.

Find out more

For more information on penetration testing, read our fact sheet

If you would like to find out more about our penetration testing service and charges, email [email protected].

Key benefits

  • Convenient testing schedules tailored around you
  • Knowledgeable and experienced testers from the sector
  • Saving you time and money.

Eligibility

This service is available to all Janet-connected institutions.

Use of this service is subject to adherence to the:

Service level description

Security

Please ensure your organisation understands and adheres to the security policy.

Hours of service

The service is available during the business day.

The business day is defined as Monday to Friday. It excludes 24-31 December, all English public holidays and also the Tuesday following the August public holiday. 

Service description

A service providing organisations with manual penetration testing and consultancy. 

Customer responsibilities

The customer is responsible on an ongoing basis for:

  • Ensuring that Jisc has up to date contact details of a suitable representative from within the customer’s organisation and any changes in responsibility promptly notified
  • Ensuring the list of authorised users is maintained where automated testing is employed.

Charges

Charges will be determined during the discussions of the requirements between the customer and Jisc.

Request for service

Request this service by contacting the service desk on tel: 0300 300 2212 or via email: [email protected].

Service delivery time

Customers will be contacted to discuss requirements within three business days of receipt of a request for assistance. 

Terms and conditions

Please ensure your organisation understands and adheres to the terms and conditions.

Escalation

If you are experiencing an issue with the service, and wish to escalate the issue please contact us via the service desk on tel: 0300 300 2212 or via email: [email protected].

ISO9001 with UK National Accreditation

This service is included within the scope of our ISO9001 certificate.

Read more about International Organisation for Standardisation (ISO) standards and view Jisc certificates.