Mnemonic AS

Penetration Testing

Applications, systems, networks and people form the technological foundation for any business. By having security experts test this foundation they will identify risks, isolate vulnerabilities and prioritize remediation before exposures can be exploited by attackers.

Features

• Application security
• Web application and APIs
• Cloud security testing (AWS, Azure, Google Cloud)
• Infrastructure security
• Red-team exercises, including TIBER (Threat-Intelligence Based Ethical Red Teaming)
• Internet of Things (IoT) and smart devices
• ICS, SCADA, and OT assessments

Benefits

• Identify and understand your organisation’s vulnerabilities and problem areas
• Practical advice on recommended remediation
• Receive thorough documentation of the security assurance activities
• Penetration Testing specialists with deep industry expertise
• Penetration testing enables more accurate and informed risk-based decision making
• Highly experienced Penetration Testing consultants

£185 to £370 a unit an hour

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nathan@mnemonic.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

361792092070651

Contact

Nathan Jones
+447891234688
nathan@mnemonic.co.uk

Planning

• Planning service: Yes
• How the planning service works: Penetration testing serves primarily as quality assurance. It should; provide increased knowledge and understanding, and it helps to make informed choices to manage technical risk both in a short and long-term perspective. This happens in multiple ways. The immediate impact of doing a security test, is discovery of as many vulnerabilities and potential weaknesses as possible, verification of potential impacts, and initial prioritisation. This makes it possible to prioritise and handle these defects in the short term, or establish compensating controls. Testing will typically identify both "quick wins", and more strategic improvement needs. While security testing can never eliminate all bugs, actively looking for security flaws and vulnerabilities helps increase software quality and decreases the likelihood of critical bugs going undetected or being discovered by someone else.; ; We begin the security test with an initial meeting to plan the assessment in detail and coordinate initial activities. The goal of the startup meeting is that all formalities are handled, that both sides get all the information needed to proceed with the project, and that the penetration testers gets an optimal understanding of the goals and needs of the customer.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Mnemonic’s security tests combine open standards and industry best practices with our own experience, tools, and methodology. We utilize the whole breadth of mnemonic’s security offering by including relevant expertise from other parts of our organization, such as our security operations center, threat intelligence analysts, product experts, and the R&D team. This gives our offensive team a unique advantage, and enables us to go deeper and provide the best possible advice.; ; The main output of the activity is a structured written report, which can be used either as-is or in part for both internal and external stakeholders, auditors, et cetera. Having a process for regularly testing, assessing, and evaluating technical and organizational security measures is also a requirement under GDPR (Article 32), and the regular security test reports will help document that this is being met.; Finally, an output of security testing is mnemonic's recommendations and advice on how to improve the security of the system, based on our observations during the test. This builds on both our knowledge of relevant industry practices and standards, and not least how similar risks have been reduced or mitigated by others.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Cyber security consultancy
  • Security testing
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Other
• Other security testing certifications: SANS

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: N/A

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: All customers receive the same support level. At the start of each project, the customer is assigned a Technical Account Manager (TAM) from mnemonic whose responsibility is to coordinate and attend regular service meetings. The TAM serves as a trusted adviser to the customer to make recommendations on how to improve the service and security in general. This is all included in the service cost.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV GL - Business Assurance
• ISO/IEC 27001 accreditation date: 31/05/2005
• What the ISO/IEC 27001 doesn’t cover: The certificate is valid for the following scope:; ; Security solutions sales, support and system integration. Security solutions consulting. Managed security services. Risk-based vulnerability analysis, penetration testing, security audit of applications, networks and security systems. In accordance with Statement of Applicability version 136, 2022-02-16.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: SRC - Security Research and Consulting, GmbH
• PCI DSS accreditation date: June 2018
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001:2015
  • NSM quality scheme for incident handling
  • SOC 2 - SOC for Service Organizations

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  mnemonic complies with national and international environmental legislation, and has operationalized its environmental commitment through specific measures as part of the certification as an Environmental Lighthouse. With this, the company can document compliance with strict criteria within energy, transport, purchasing, waste, emissions, aesthetics and working environment. Eco-Lighthouse places strict demands on management and mnemonic's employees, and shows our suppliers, customers and partners that we take environmental work seriously. The certificate is valid for the period 2019-2022. mnemonic moved its head office to Indekshuset, Oslo in August 2019. The building has a green profile with a high degree of waste recycling, activity-based lighting and ventilation that significantly reduces the climate footprint.

  Tackling economic inequality

  mnemonic acts in accordance with social legislation, including: Forced labor / slave labor (ILO Convention Nos. 29 and 105) Trade union organization and collective bargaining (ILO Convention Nos. 87, 98, 135 and 154) Child labor (UN Convention on the Rights of the Child, ILO Convention Nos. 138, 182 and 79, ILO Recommendation No. 146) Discrimination (ILO Conventions Nos. 100 and 111 and the UN Convention on the Elimination of All Forms of Discrimination against Women) Brutal treatment (UN Convention on Civil and Political Rights, Art. 7) Health, safety and the environment (ILO Convention No. 155 and Recommendation No. 164) Wages (ILO Convention No. 131) Working hours (ILO Convention Nos. 1 and 14) Regular employment (ILO Convention Nos. 95, 158, 175, 177 and 181) Marginalized population groups (UN Convention on Civil and Political Rights, Articles 1 and 2)

  Wellbeing

  Working environment is an important focus for the company, and is described in our Code of Conduct. We work actively to ensure good working conditions for our employees, which has yielded results. mnemonic is consistently rated amongst the top employers in Norway and Europe. In 2023 mnemonic was rated 1st in the “Great Place to Work” assessment for Norway. Based on a company culture with shared incentives for long term value, the employee retention rate has always been above 96%.

Pricing

• Price: £185 to £370 a unit an hour
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nathan@mnemonic.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.