Jisc Services Ltd

Penetration Testing

We offer a penetration testing service, which helps you identify vulnerabilities, assess risks, and take corrective action, all at a cost-effective daily rate. All work is carried out by our in-house cyber security experts, who are experienced, trained and certified. Jisc is a CREST-accredited provider of penetration testing.

Features

• White box, Black box and Grey box testing. Social Engineering
• Exploring vulnerabilities. Privilege escalation. Red Team. Web app.
• Active Directory. Physical on-site testing. Due deligence
• ISO 27001. ISO 9001. CE. Cyber Essentials. CE Plus.
• External network. Internal Network. Desktop review.
• Build review. Wi-Fi testing. Wi-Fi configuration. Eduroam. Vulnerability scan
• Purple Team. Phishing. Back-up infrastructure.Incident response

Benefits

• Collaboration with Jisc SOC and CSIRT teams. Workshops. Upskilling staff
• Sector specific threat intelligence
• Bolster security posture. Increase cyber defences. Due diligence. Training
• Tiger scheme. CREST. ISO:27001. ISO:9001.CIR-Level 2.
• Research and Development.
• Risk and impact. Identify risk and mitigations.

£1,000.00 an instance a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.support@jisc.ac.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

152649052421283

Contact

Bid Support
03003002212
bid.support@jisc.ac.uk

Planning

• Planning service: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Penetration testing can help assure the security and functionality of a platform. We can generate load on a service or network to verify its ability to function. We can coordinate with security staff to confirm the functionality of threat detection and response during simulated attacks. We do not carry out DDOS simulation as part of the penetration testing service.

Security testing

• Security services: Yes
• Security services type:
  • Cyber security consultancy
  • Security testing
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Cyber Scheme

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: We can carry out onsite and remote testing. Typically we prefer to engage remotely where it does not limit the functionality of testing as it allows more cost effective testing.; ; Testing of third party services requires permission from the provider, although some providers have terms of engagement that allow security testing without explicit permission per instance.; ; While we have testers qualified with CHECK-equivalent certifications, we currently do not have a CHECK team. As such, we are unable to carry out tests that must specifically be CHECK tests.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 working days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Our coordination team is ITIL certified and respond to general queries within 2 working days. Our testing and coordination teams are highly qualified and have a vast array of experience in the field. As part of a test, there will be a single point of contact within the coordination team, and identified tester contacts. Support and communication as part of a test includes:; • Scoping and planning calls.; • Pre-test calls to discuss the testing and arrange access.; • Commencement of test emails, communication channels during testing, and daily wash-up calls to ensure strong and clear communication.; • Post-test calls to ensure the findings are understood and gathering feedback.; Additionally, our member organisations are assigned a relationship manager who will be able to assist with identifying which services are helpful, and how to engage with them.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: 10/10/2023
• What the ISO/IEC 27001 doesn’t cover: All Jisc activities related to the provision of this service are covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • CREST
  • Tiger scheme
  • OSCP
  • GIACC
  • GCCC

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As part of our core strategy for 2022-2025 the theme ‘Be a force for good’ recognises sustainability as an organisational imperative. Committed to achieving Net Zero emissions by 2040, 10 years ahead of government target, we plan to cut our emissions by over half by 2030 and be net zero across our remaining scope three emissions (net zero plus) by at least 2050. We have a Net Zero Roadmap outlining how we will reduce emissions and our plans for future projects.; Below are some examples of what we have done:; ; Lowered our carbon footprint by: reducing the size of our estate, motion-controlled lighting to save electricity in our Bristol office, as well as generating electricity through solar power. ; ; Reduced travel emissions by: a hybrid working model, introduction of a staff electric car scheme, alongside an existing cycle to work scheme. ; ; An Environmental Policy outlining our commitment to continually improve our environmental performance: We are developing an environmental management system to ISO14001, this will guide action across key areas, such as consumption, waste, biodiversity, travel.; ; Started to embed sustainability into our procurement processes: We will introduce a Sustainable Procurement Policy to drive this further.; ; Sustainable Jisc Events: Jisc’s Digifest event offered a meat free menu, estimated to have saved 6.4 tonnes of carbon. Catering was locally sourced, and any food waste was disposed through anaerobic digestion. We encouraged exhibitors to use digital messaging, reducing printed materials. Our event app reduced the amount of printing required, and any required event printing is now FSC certified and fully recyclable. ; ; Reuse or recycle old IT equipment: Wiped and sold for reuse old IT equipment, and recycled equipment not suitable for reuse, resulting in zero waste to landfill. In 2022/23 we recycled over 370 pieces of IT equipment.

  Covid-19 recovery

  Providing our people with the flexibility they need to balance their personal lives and do well at work, Jisc offers a range of ways of working, including flexible hours and working from home. We have adopted a hybrid working model for most roles. Flexible working eliminates the limitations posed by geographical location and personal circumstances. To support their home working environment, remote workers are provided with an allowance for equipment and advice and training on DSE.; For the benefit of people and community, everyone at Jisc can make a difference, with up to three paid volunteering days per year. In 2022/23 29% of our staff took a volunteering day. Colleagues used 321 volunteering days across the year for the benefit of people and community. Examples include, foodbanks, animal sanctuaries, helping children to learn to read, litter picking, giving blood.

  Tackling economic inequality

  We are an accredited Living Wage Employer. Jisc meets the standards set by Citizens UK and the Living Wage Foundation by signing the ‘UK Living Wage Employer' licence agreement. This agreement confirms that Jisc pay the Real Living Wage as a minimum. We also ensure that people in our supply chain delivering goods and services are paid the National Living Wage as a minimum.; Jisc is committed to the development of our people, and encourage they use 10% of their time on development. To help our people to upskill and achieve, they have access to a huge variety of learning resources including access to the full LinkedIn Learning catalogue. Where a qualification is directly linked to career progression, Jisc contribute or cover the full cost of the training. ; Jisc provide their employees with a number of benefits. For example, our Pay Framework gives a fair, flexible and transparent pay structure to work within. Our employee Healthcare cash plan allows members to claim back everyday healthcare costs, like dental or eye care. ; Apprenticeships provide an amazing opportunity to boost the skills of the local community and beyond. We are extremely proud of our apprenticeship scheme at Jisc, which cover legals, marketing, network engineering, procurement, HR and finance. Our scheme celebrates diversity, and we know that it is critical to our success. We work hard to make sure we’re inclusive and welcome all applicants who share our values and want to join us in our mission to improve lives through digital transformation.

  Equal opportunity

  One of Jisc’s guiding principles ‘Always Inclusive’ reflects our commitment to equity, diversity and inclusion (EDI). ; Our EDI policy outlines our commitment to de-constructing systemic racism and other barriers which have historically affected under-represented groups in the workplace. We strive to be an organisation where everyone here is able to be their authentic self and recognise the benefits of diversity with regards to innovation, team performance and organisation-wide productivity. ; We engage with external partners such as the Black Leadership Group and Emerge. Emerge are co-designing on the delivery of our Conscious Inclusion of Leaders Programme. In 2023 we launched a new Board and Committee diversity policy. The Board believes a mix of skills, knowledge and experience with different perspectives and insights builds a strong foundation for well-informed decision-making and as a consequence, better performance of Jisc in support of its stakeholders. ; Our EDI steering group meets quarterly to address inclusion-related topics from our employee networks, including the faith and LGBTQIA+ networks. We provide EDI training through our leadership program and have conducted anti-racism masterclasses for staff. Our recruitment team has also received inclusion-focused personal development and assists hiring managers in refining their practices.; We won’t accept modern slavery, forced labour or any human trafficking anywhere within our operations or supply chain. Our Modern Slavery working group assess risk areas, implement improvements and monitor progress against our Modern Slavery objectives and policy. Staff are educated on how to report modern slavery in the workplace and what signs to look for. ; Currently four of nine of our executive leadership team are women, including our CEO. According to benchmarking we carry out as part of our commitment to the Tech Talent Charter, we are above the national average for employing women in tech roles, having 31% taken by women against 28% nationally.

  Wellbeing

  The health and wellbeing of our staff is crucial to us. In 2023 we introduced a new benefits package for staff including an employer paid healthcare cash plan, an electric car scheme and the opportunity to buy additional annual leave. We offer a cycle to work scheme and an employee assistance programme for advice on a range of legal, financial, physical, emotional and mental health issues. We value good work/life balance and work flexibly. We also offer a generous leave entitlement, enhanced sick policy and enhanced maternity, paternity and adoption leave in addition to statutory entitlement, and shared parental leave. ; Trained to support our staff, we have 41 (April 2024) mental health first aiders easily assessable to our people across our geographical locations. Promoting and delivering wellbeing initiatives within Jisc, some of our mental health first aiders are also wellbeing champions. ; Providing staff with education, support and tools to help them live a happier and healthier life, they have access to a Wellbeing centre through our Jisc reward scheme, where they can access a range of resources to support wellbeing.; Our employee assistance programme provides staff and their immediate family access to confidential advice on a number of topics covering physical, mental, financial advice and is accessible through various mediums. ; Volunteering has been shown to improve mental health, by giving a sense of purpose and reducing stress and anxiety. Our staff can use up to three days volunteering per year. Through our volunteering network, staff share their experiences with others.

Pricing

• Price: £1,000.00 an instance a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.support@jisc.ac.uk. Tell them what format you need. It will help if you say what assistive technology you use.