Service

Vulnerability assessment and information service

Detects and manages internal and external vulnerabilities within your IT estate, helping you to manage your security risks, compliance and quality.

For enquiries contact:

About the vulnerability assessment and information service

Following a rigorous Official Journal of the European Union (OJEU) competitive tender process, we chose Khipu Networks to provide the following services:

  • Vulnerability assessment: provides automated, predetermined security vulnerability assessments of your IT assets
  • Vulnerability management: produces reports which verify IT assets against new vulnerabilities and provide measurable information on improved IT security
  • Vulnerability information: keeps track of announcements, vulnerabilities and patches in your IT infrastructure

If you require manual penetration testing, we provide this through our penetration testing service.

How to apply

To apply, contact Khipu Networks by email vulnerability.assessment@jisc.ac.uk or call 0345 2720900. 

Details of the framework agreement can be found in the vulnerability assessment and information services framework buyers’ guide.1

Email Khipu Networks

Key features and benefits

  • Improved security
    Meets the highest security standards and is ISO9001 and ISO27001 certified. Helps your organisation to detect vulnerabilities such as Heartbleed and Shellshock.
  • Tailored service
    Meets the needs of the UK education and research sector. Offers you the flexibility to scan your own networks and generate bespoke reports on known security vulnerabilities specific to your systems.
  • Easy installation
    Easy to implement and integrate with existing IT systems, enabling you to analyse your IT network devices, identify security vulnerabilities and resolve security issues.
  • Compliance
    Automatically verifies whether your IT security policies are followed and implemented through compliance and secure configuration modelling. By identifying and resolving vulnerabilities on your network, the service helps your organisation reduce the risk of information security breaches and associated costs. The service is able to scan public-facing IP addresses for PCI DSS (Payment Card Industry Data Security Standard) compliance and can be accredited by an ASV (Approved Scanning Vendor) if required.
  • Saved purchasing time
    We selected Khipu Networks following a rigorous tender process, saving you time and money so you don’t have to undertake your own procurement exercise.

Eligibility

The service is available to UK higher education (HE) institutions, further education (FE) colleges and research councils.

Services are also provided to other organisations, such as local authorities, which work in the areas of education, training or research.

Further information

The service is provided by Khipu Networks.

Find out more by visiting the Vulnerability assessment and information service community pages

Service level description

Service packages

These services are combined into four different packages. The first three are provided as managed services and the fourth is a self-managed approach where Khipu Networks provide maintenance and support:

  • PCI-DSS scan - scanning of named public facing IP addresses for PCI compliance with self-assessment or PCI-DSS ASV certification through a centrally hosted solution
  • External and URL scan - scanning public facing IP addresses and website URLs through a centrally hosted solution
  • Internal scan - scanning of internal assets through a deployed device/sensor or tunnelled connection
  • Supported appliance - includes all other packages except PCI-DSS ASV using a deployed appliance supported by Khipu Networks.

You can select which of these four packages will best meet your organisation’s requirements.

In addition, members taking any of these services will also benefit from access to a comprehensive vulnerability information service that helps to keep track of announcements, vulnerabilities and patches about your IT infrastructure environment.

Service package costs

Please contact Khipu Networks or your Jisc account manager for more information.

Hours of service

Khipu Networks standard support hours are 09:00 – 17:30.  However each service offer can have any level of support from standard office hours to 24/7 for fully managed services. Khipu Networks will work with individual members to ensure the service level meets their requirements.

ISO9001 with UK National Accreditation

This service is included within the scope of our ISO9001 certificate.

Read more about International Organisation for Standardisation (ISO) standards and view Jisc certificates.

Footnotes

  • 1 You will need to request membership to access the guide