Infrastructure Pen Test
Arcturus's team provide dependable penetration testing for internal and internet facing environments, ensuring protection from cyber threats.
Using CREST and CHECK ITHC accredited methodologies we perform state of the art automated vulnerability scanning, and carefully targeted manual testing to deliver an outstanding assessment encompassing internal and external estates.
Features
- CREST and CHECK ITHC accredited Application Penetration Testing
- Methodology based on OWASP, OWASP ASVS, WAHH
- Comprehensive automated and manual Penetration Testing
- Clear communication of threats and risks in their business context
- Complete technical vulnerability reporting
- Actionable remediation advice and support
- Operational acceptance, source code and gold image build reviews
- Assurance of security controls across all deployment platforms
- Dedicated technical lead supported by cross discipline team
Benefits
- Correct scoping ensures best return on investment with no surprises
- Meet regulatory and internal compliance requirements
- Remove uncertainty and de-risk penetration testing
- Actionable prioritized resolution advice; save time and drive efficiency
- Clear benefit realization against agreed performance indicators
- Penetration testing service aligned with your requirements
Pricing
£950.00 to £1,390.00 a unit a day
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
3 0 0 8 9 9 7 5 3 5 1 6 8 3 5
Contact
Arcturus Security Limited
Vikki Sharp
Telephone: 01635015635
Email: arcturusbidmanagement@cyberfortgroup.com
Planning
- Planning service
- No
Training
- Training service provided
- Yes
- How the training service works
-
Our Secure Coding Training/Workshop is a course aimed at software developers, software architects, security consultants and quality assurance engineers who want to understand how attackers uncover and exploit vulnerabilities in web applications, and what can be done by developers to prevent it.
The course covers a methodology used to assess the security of a web application and gives detailed guidance on secure development, relating to both the design and implementation of web applications.
The course is a mix of presentations and hands-on lab sessions where attendees will practice and experience how application vulnerabilities are detected and exploited by attackers, and how applications can successfully defend against these attacks. - Training is tied to specific services
- No
Setup and migration
- Setup or migration service available
- No
Quality assurance and performance testing
- Quality assurance and performance testing service
- No
Security testing
- Security services
- Yes
- Security services type
-
- Security strategy
- Security risk management
- Security design
- Cyber security consultancy
- Security testing
- Security incident management
- Security audit services
- Certified security testers
- Yes
- Security testing certifications
-
- CHECK
- CREST
- Cyber Scheme
Ongoing support
- Ongoing support service
- No
Service scope
- Service constraints
- No constraints
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Our Service Desk operates 24 hours a day 365 days a year and is primary point of contact for any incidents, requests or escalations.
Each inbound query made by the client is captured by our ticketing system and assigned a unique reference number with an appropriate priority rating.
A ticket number will be issued with an initial response within the first 15 minutes of logging a query and resolution times will be subject to the priority rating assigned. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- In regard to assistive users, our Online Chat service provider (Microsoft) undertakes and publishes regularly and routine testing for assistive requirements: https://www.microsoft.com/en-us/accessibility/
- Support levels
-
Effective service management is the key to the smooth delivery of our G-Cloud services during our engagement with clients, and as a result, they will receive secure, flexible and reliable services from us utilizing robust support and service management processes and best practice.
From the Service Desk to your dedicated Account Manager, all are in place to manage the relationship across your business and ensure that you receive the right engagement to help drive and deliver a great service.
• Our Service Desk operates 24 hours a day 365 days a year and is primary point of contact for any incidents, requests or escalations.
• The Service Desk team will proactively manage all support calls to resolution, escalating incidents and problems in line with comprehensive operational level agreements, service level agreements and any third-party underpinning contracts.
• We place significant importance on the support and service management function that is provided for each contract according to operational requirements.
• This is integrated into contracts and built into the price.
• Ongoing support and management will be led by a dedicated Account Manager supported by Service Delivery Manager, Technical Champion, and our team of specialists and subject matter experts.
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSi
- ISO/IEC 27001 accreditation date
- Valid from:19/05/20 - Expires: 18/05/2023
- What the ISO/IEC 27001 doesn’t cover
- A14.2.7 Outsourced Development 15.1.3 Information, Communications and technology supply chain
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- 247 CyberLabs Ltd
- PCI DSS accreditation date
- Valid from: 05/09/2021 Expires:05/09/2022
- What the PCI DSS doesn’t cover
- Requirement 3 Requirement 4 Appendix A1 Appendix A2
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- NCSC ITHC Service - CHECK Service Provider
- CREST - Cyber Incident Response, Vulnerability Assessment and Penetration Testing
- Data Security and Protection Toolkit
Social Value
- Fighting climate change
-
Fighting climate change
Arcturus are part of the Cyberfort Group, and are engaged with the group Social Value activities as follows:
Cyberfort are committed to fighting climate change and promoting sustainable development by reducing, as far as practical, our environmental impacts from business activities and as a result, an Environmental Management System (EMS) has been implemented which meets the requirements of BS EN ISO 14001:2015.
For example, against MAC 4.1 we are committed to achieving Net Zero by 2050. We have policy commitments to become a net-zero and environmentally conscious company by conserving energy, minimizing consumption, reducing, and preferring low pollution materials, maximizing environmental efficiency, whilst ensuring waste is managed and controlled.
Key Areas of focus:
• Cyberfort to consider who we purchase goods and services from ensuring providers are targeting net-zero initiatives and consider environmental impacts.
• Assess external provider environmental policies and sustainable product and services.
• Ensure ethical, equality, human rights and employee standards are met. Preferring external providers who are firmly committed to enhancing their environmental performance. - Covid-19 recovery
-
Covid-19 recovery
Arcturus are part of the Cyberfort Group, and are engaged with the group Social Value activities as follows:
Cyberfort commits to supporting the Covid-19 recovery, for example against MAC 1.5 we are undertaking regular Risk Assessments, implementing the following improvements in line with Risk Assessment findings and validated with our external Health & Safety partner:
• Closure of 3 offices where social distancing was not possible or appropriate, moving staff to either remote or hybrid working contracts.
• Reassessed our COVID risk assessment to ensure that appropriate controls remain.
• Allowing teams to return to remaining offices as required by managers for planning, collaboration or team-building meetings.
• Deconflicting teams on-site, continuing the ability to maintain controls where necessary.
• Provision of Lateral Flow Test kits for all remaining offices.
• Maintaining all sanitization stations and controls.
• Maintaining effective social distancing where appropriate. - Tackling economic inequality
-
Tackling economic inequality
Arcturus are part of the Cyberfort Group, and are engaged with the group Social Value activities as follows:
Cyberfort is committed to tackling economic inequality, through supporting new businesses, new employment opportunities and development of new skills. We are currently signatories of the Tech Talent Charter and the Armed Forces Covenant and are a Disability Confident Employer. Most recently we have become founding members of Neurodiversity in Business and we have partnered with to Lexxic help us on our journey to becoming a Neurodiversity Smart employer.
Specific commitments for example are:
Against MAC 2.2 - Cyberfort will be offering Apprenticeship placements in 2022.
Against MAC 2.3 – We have long been advocates of education and sharing our knowledge and regularly interact with local schools, colleges and universities and has been involved in supporting the East Kent Colleges in the development of the Cybersecurity GNVQ qualification. We have various work experience schemes in place for school children and contribute to virtual careers fairs in the Kent Area.
Against MAC 3.5 - With cyber security at the heart of Cyberfort, we have adopted the required technical standards and best practice as a basis for appropriate cyber security controls, including both our compliance and cybersecurity practices have NCSC certified services. - Equal opportunity
-
Equal opportunity
Arcturus are part of the Cyberfort Group, and are engaged with the group Social Value activities as follows:
Cyberfort is an equal opportunities employer and commits to supporting Equal Opportunities through Social Value. We value people as individuals with diverse opinions, cultures, lifestyles and circumstances. All employees are covered by our Equality & Diversity policy and it applies to all areas of employment including recruitment, selection, training, deployment, career development, and promotion. These areas are monitored, and policies and practices are amended, to ensure that no unfair or unlawful discrimination, intentional, unintentional, direct or indirect, overt or latent exists. As part of our ambition to be a Neurodiversity Smart employer, we will be auditing all our recruitment and selection processes to ensure we are inclusive of neurodivergent individuals.
Specific commitments for example are:
Against MAC 6.2 - We provide training, development and progression opportunities to all staff to support in-work progression. We are committed to ensuring that each employee/contractor is given the opportunity to develop within the organization, in accordance with ability, ambition and opportunities available. As a commitment to people, Cyberfort encourages everyone to reach the fullest potential with opportunities available. We have recently launched an internal mentoring scheme, connecting employees with experienced professionals who can support them with their professional journeys.
Against MAC 6.3 - While Cyberfort is not required under S.54 of the Modern Slavery Act 2015 to have an Anti-Slavery Policy, we feel passionately that we must act ethically and transparently in every situation and consequently have set out the steps that we take to ensure that modern slavery or human trafficking is not taking place within our business or supply chain. Modern slavery encompasses slavery, servitude, human trafficking and forced labor. We have a zero–tolerance approach to any form of modern slavery. - Wellbeing
-
Wellbeing
Arcturus are part of the Cyberfort Group, and are engaged with the group Social Value activities as follows:
Cyberfort fully supports and is committed to supporting Wellbeing, for example against MAC 7.1, we have understood the issues relating to health and wellbeing, including physical and mental health and have the delivered the following to support our workforce:
Mental Health First Aiders – We have 9 fully trained Mental Health First Aiders within our workforce. They are a point of contact and reassurance for any person who may experience a mental health issue of emotional distress, offering an ear, coffee and support and where needed signpost people to the appropriate services for further support.
Awareness Days – Through awareness we can support one another. We have organized and promoted events for the workforce, for example in February we offered a Free Webinar ‘5 ways to increase your happiness in 2022’ with Dr Andy Cope (the doctor of happiness) and we will be supporting Mental Health week in May with various activities each day.
Wellbeing Page - We have a Wellness Page on Cyberfort’s SharePoint that provides information on support available from Cyberfort, our Mental Health First Aiders, and links around advice from other organizations such as:
• Working from home - a Wellness Action Plan by Mind
• Every Mind Matters One You by the NHS
• App for meditation and relaxation by Calm
• 5 steps to mental wellbeing by the NHS
Pricing
- Price
- £950.00 to £1,390.00 a unit a day
- Discount for educational organisations
- No