CYFOR

Penetration Testing

CYFOR Secure comprehensive Penetration Testing Services are designed to identify and assess security vulnerabilities within your IT infrastructure. By simulating real-world attacks, we help you understand your security weaknesses and provide actionable insights to enhance your protection against cyber threats and benefit from a thorough assessment conducted by industry experts.

Features

• Flexible service tailored to the organisation's requirements
• In-depth testing conducted to industry standard methodologies
• Experienced and accredited security consultants
• Clear and concise reporting
• Vulnerability Assessments
• IT Health Check
• Web based Applications testing
• Infrastructure Testing

Benefits

• Proactively reduce risk and protect your digital assets
• Support compliance standards and regulations such as PCI-DSS and ISO27001
• High Quality test leads to greater levels of assurance
• Increased public and internal stakeholder confidence

£1,200 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@cyfor.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

168916862916907

Contact

Andrew Frowen
07425829844
bidteam@cyfor.co.uk

Planning

• Planning service: Yes
• How the planning service works: CYFOR Secure penetration testing planning and scoping process is meticulously designed to ensure a comprehensive security evaluation tailored to each client’s specific needs. Initially, our team collaborates with the client to define the scope of the test, identifying critical systems, applications, and data that require assessment. This phase includes determining the testing methods such as black-box, white-box, or grey-box approaches and the necessary compliance requirements, ensuring all relevant regulations and standards are considered.; ; Following scoping, we establish clear objectives and success criteria to focus the testing efforts effectively. This includes identifying the types of vulnerabilities and threats that are most relevant to the client’s infrastructure, thus ensuring a targeted and efficient testing process.; ; Throughout the planning stage, we prioritise clear communication with the client to align expectations and ensure transparency. This approach not only prepares the groundwork for effective penetration testing but also fosters a proactive security posture, enabling clients to address vulnerabilities proactively and enhance their resilience against cyber threats. Our rigorous planning and scoping process is fundamental in delivering precise, actionable insights that drive meaningful security enhancements.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: No

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: Our penetration testing services are designed to meet a wide range of security needs. However, there are a few constraints that buyers should be aware of to ensure alignment with their expectations:; ; Remote Services: Our penetration testing is primarily conducted remotely. Physical on-site testing is available but may require additional scheduling and incurs extra costs.; ; Technological Compatibility: Our testing methods are compatible with most modern technology stacks; however, specific legacy systems or proprietary technologies might require customised testing approaches.; ; These constraints are in place to ensure that our services are delivered with the highest quality and security standards.

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Support Levels: Email, Phone and Onsite support; Costs: dependent on contract; Technical account manager and Commercial account manager are provided on each engagement

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ALCUMUS ISOQAR
• ISO/IEC 27001 accreditation date: 29/04/2014
• What the ISO/IEC 27001 doesn’t cover: None - All requirements of the ISO27001 certification is covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are dedicated to implementing environmentally friendly practices that contribute to a greener future. To achieve this, we have developed a comprehensive strategy that focuses on encouraging sustainable modes of transport and other initiatives. We prioritise the use of public transportation for commuting purposes. Our employees are encouraged to utilise buses, trains, trams, and other forms of public transport whenever possible. In addition to public transport, we actively promote alternative modes of transportation, such as cycling and walking to local staff and operate a cycle to work scheme with secure parking. To further reduce the environmental impact of our travel, we actively promote video conferencing and virtual meetings as alternatives to business travel whenever feasible. By leveraging technology, we aim to minimise unnecessary air and road travel, thereby reducing CO2 emissions associated with transportation. Through these initiatives, we are committed to promoting sustainable transport and travel, playing our part in reducing the impact of CO2 emissions. With the current carbon neutral offset program with help from Carbon Neutral Britain, we are a carbon neutral business.

  Tackling economic inequality

  We commit to fostering enduring social value in tackling economic inequality through various initiatives: 1. Targeted Recruitment and Training: We prioritise engaging long-term unemployed, disabled individuals, and minorities through outreach and specialised training programs, aiming to provide meaningful employment opportunities and career advancement. 2. Apprenticeship and Work Experience: We offer apprenticeships and work placements, including the Cyber Security and Degree Apprenticeships, to equip individuals with necessary skills and support career development. 3. Schools and Colleges Outreach: We engage with educational institutions to raise awareness of career opportunities, deliver educational sessions, and support students in developing cyber skills. 4. Paid Placements for locally educated Individuals: We provide paid placements for city-educated individuals to gain practical experience and exposure to industry professionals. 5. Creating High-Skill Positions: We commit to creating high-skill positions in collaboration with local businesses to foster job growth and economic development. 6. Local Supplier Network: We prioritise local suppliers to bolster the economy and promote sustainable business practices, contributing to long-term economic and social progress.

  Equal opportunity

  CYFOR are dedicated to upholding equality of opportunity for all employees and job applicants throughout their career journey. CYFOR's Equal Opportunities policy applies universally across all staff levels and extends to visitors, clients, suppliers, and former employees, emphasising non-discrimination and equal treatment. We actively monitor and assess our employment records to gauge the effectiveness of our equality policy. This includes: 1. Collecting and categorizing data on applicants' and employees' race/ethnicity and gender. 2. Analysing the distribution and success rates of applicants and employees based on race/ethnicity and gender. 3. Documenting recruitment, training, and promotion decisions and reasons. Regular reviews of monitoring outcomes help evaluate policy implementation effectiveness. Adjustments are considered to enhance equality of opportunity for all.

  Wellbeing

  The CYFOR Group wellbeing Policy aims to promote a holistic approach to the health and wellness of our employees, ensuring a supportive work environment that fosters physical, mental, and social wellbeing. This policy is a key component of our commitment to social value, demonstrating our dedication to the wellbeing of our community and stakeholders. CYFOR Group is committed to fostering an environment that supports the well-being of all our employees and stakeholders. We recognise that our success is dependent on the health and happiness of our team, and we are committed to continuously seek ways to improve and promote wellbeing within our community. The CYFOR Group policy applies to all employees, contractors, and stakeholders engaged with CYFOR Group. It encompasses all aspects of wellbeing including mental health, physical health, work life balance, and community engagement. The policy aims to address the following key elements: 1. Enhance Mental Health: Provide resources and support systems to promote mental health, including access to counselling services, mental health days, and training for managers to recognise and support mental health challenges. 2. Promote Physical Health: Encourage physical health through initiatives such as health screenings, wellness programs, gym memberships, and ergonomic work environments. 3. Support Work-Life Balance: Foster a flexible work environment that respects personal time and family life, including flexible working hours, remote work options, and sufficient paid leave. 4. Community Engagement: Engage with the local community to enhance social well-being through volunteer opportunities, partnerships with local organisations, and initiatives that support local economic growth.

Pricing

• Price: £1,200 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@cyfor.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.