SECON CYBER SECURITY LTD

Penetration Testing

Secon's Penetration Testing service, is designed to help identify security vulnerabilities and weaknesses within the IT environment. The testing is undertaken by an expert team, of CREST certified testers, who will manage the entire process end to end. The service focuses on reports and recommendations to help improve cyber resilience.

Features

• Ad-hoc and scheduled routine pen test services.
• Addresses your IT Health Check requirements.
• Pen testing provides assurance on new or existing IT assets.
• Web application and mobile device testing services.
• Cloud services security reviews and assessments.
• External vulnerability scanning services.
• PCI DSS Approved Scan Vendor (ASV) scanning.
• Internal network and Wi-Fi testing services.
• Clear pen testing reports enabling pragmatic risk-based decisions.
• Provide assistance with pen test scoping and full post-test support.

Benefits

• Pen Test specialists with deep industry expertise.
• Provide independent oversight and validation of IT Security posture.
• Pen testing enables more accurate and informed risk-based decision making.
• Allows effective management of Data Breaches and IT Security Incidents.
• Enables compliance with GDPR, PCI DSS, ISO and contractual obligations.
• Realise and reduce your attack vectors and surface.
• Recognised industry standards and certifications - CREST / CHECK.
• Our pen testers hold a high National Security Vetting standard.
• Increase in service up-time, through pro-active prevention and detection.
• Increased Quality Assurance through regular pen tests.

£900 to £1,250 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cornelius.goosen@seconcyber.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

532312303947491

Contact

Cornelius Goosen
+447741 550 383
cornelius.goosen@seconcyber.com

Planning

• Planning service: Yes
• How the planning service works: Secon's planning service covers the onboarding of the Penetration Testing service, which involves the following stages:; ; 1) Mobilise – kick-off, planning and scheduling, set-up communication, clarify dependencies. ; 2) Testing – Customised testing of the in-scope assets. ; 3) Reporting – Produce and deliver test results and recommendations.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with: Penetration Testing

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: We have a robust internal quality management process, where our solution have undergone testing and validation before any deployment. We review each stage of the delivery process, with all parties concerned. We additionally have an approver process, when progressing from one phase to the next, to ensure all and issues are identified and resolved. We also practice a continuous improvement approach throughout the organisation, thereby striving towards achieving a high quality standard.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications: CREST

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: No

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 9 am - 5 pm UK time, Monday to Friday.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Secon provides a standard SLA-based support service for Penetration Testing.

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: One Compliance Cyber Ltd.

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: PCI Security Standards Council
• PCI DSS accreditation date: 30/04/2022
• What the PCI DSS doesn’t cover: No known exclusions.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: CREST

Social Value

• Fighting climate change:

  Fighting climate change

  Secon is working towards its carbon neutral goal. As a part of this initiative, our first step is to focus on efficient use of compute power for our solutions. This encompasses sourcing compute power from greener data centres and reducing unnecessary or wasteful use of energy. The second step is to look at staff travel and focus on reducing unnecessary travel and encouraging low CO2 based travel options. We have set up the necessary infrastructure for all staff to work remotely and have done so since 2020. Changing our decision-making processes and criteria to raise the standard for environmental sustainability across our sector; and making practical changes across our operations to improve our environmental performance, thus moving beyond compliance. Our social value commitment: 2022 to 2025 will be our years of action for environmental sustainability. By the end of this period, we will see environmental sustainability become part of decision-making across our organisation and our sector. We will change and adapt our ways of working and our approach will enhance our business output and improve our organisational resilience. We will ensure that we have the resources (funding and people) in place, for the effective delivery of this strategy. We will engage our employees and other partners to embed sustainability in all contract deliverables. We will provide guidance to those that we work with regarding our environmental sustainability expectations. We will highlight the environmental impact of the activities we undertake. We will monitor performance against this strategy, including through structured audit, measuring progress against the commitments and key objectives outlined.
• Covid-19 recovery:

  Covid-19 recovery

  During the pandemic, Secon offered a no obligation support, to key worker organisations, such as the NHS - we extended an enhanced security support to our existing customers who were providing frontline services, to support the pandemic recovery. Throughout the contracted period of any G Cloud 13 contract, Secon aims to ensure we are continuously retraining our current team and recruiting those suitable skilled, unemployed, as a direct result of Covid, back into a sustainable role. During critical Covid periods, while delivering projects to the NHS, we have ensured that our solutioning supported the Hybrid working model, to ensure BAU for organisations. Secon, has a duty of care to our team – we have encouraged working from home/ hybrid working patterns, to enforce social distancing, while implementing a Green travel scheme, which complements our commitment to fighting climate change. Secon aims to ensure that we collaborate with our supply chain, in a volunteering capacity – via Outreach initiates, to support local communities, wherein the contract is being delivered. This support can take the form of an “all hands-on deck” approach or indirectly supporting our supply chain at Charity days to enable them to deliver their commitments to social value. Our social value commitment: Secon strives to ensure that we are empowering local communities, with either resources or solutions, thereby ensuring organisations swift return to BAU, post covid.
• Tackling economic inequality:

  Tackling economic inequality

  Secon, is committed to encouraging diversity and eliminating discrimination in both its role as an employer and as a provider of services. As detailed in our Equality, Diversity and Inclusion policy, we aim to create a culture that respects and values each other’s differences, promotes dignity, equality and diversity, and that encourages individuals, to develop and maximise their true potential and outputs. We have bridged the gender divide within the industry and year on year have seen a dramatic increase in numbers of those, previously lowly represented. Those previously disadvantage, due to demographics, will be recruited, and adequately trained to Secon standards, to support the activities associated with the delivery of any G Cloud 13 project. We have adapted our work space to enhance the attraction to factor those with physical disabilities, while empowering less skilled individuals to attain and excel via CPD courses. This will continue throughout the G Cloud 13 contract period. We ensure that our supply chain is astute to our commitment in terms of EDI, we monitor all suppliers and customer commitment to EDI, on an annual basis. We also vet all suppliers and customers, where applicable in terms of their awareness to Modern Slavery and Human Trafficking – on an annual basis, we ensure all supply chain onboarding is reviewed and updated documents returned, where applicable. Our social value commitment: We will support educational attainment relevant to the contract, including training schemes that address skills gaps and result in recognised qualifications.
• Equal opportunity:

  Equal opportunity

  Secon recognises that it is essential to provide equal opportunities to all persons without discrimination. This policy sets out the organisation's position on equal opportunity in all aspects of employment, including recruitment and promotion, giving guidance and encouragement to employees at all levels to act fairly and prevent discrimination on the grounds of sex, race, marital status, part-time and fixed term contract status, age, sexual orientation or religion. Statement of policy - It is the policy of Secon to ensure that no job applicant or employee receives less favourable treatment on the grounds of: sex, race, marital status, disability, age, part-time or fixed term contract status, sexual orientation or religion, or is disadvantaged by conditions or requirements that cannot be shown to be justifiable. Secon recognises that adhering to the Equal Opportunities Policy, combined with relevant employment policies and practices, maximises the effectivness of an individual, to both the organisation and the employee, as a whole. Secon further recognises the great benefits in having a diverse workforce with different backgrounds, not solely employed on ability. All employees of the organisation will be made aware of the provisions of this policy. The equal opportunity policy covers: Recruitment and Promotion, Employment, Training, Grievances and Victimisation.
• Wellbeing:

  Wellbeing

  When the recent pandemic had forced employees to work from home, Secon had ensured a policy was put in place to look after its employees' wellbeing as well as those impacted in the family as a result of its employees working from home. This policy ensures all employees have the necessary equipment and assesses their home environment for 1) Health and Safety and 2) Personal Situations 3) Vulnerabilities and Dependencies. The company also provides Employee Benefits package that includes private medical insurance and Wellbeing assessment tools. On an annual basis we review our supply chain’s commitments to H&S, with great emphasis being placed on mental and physical wellbeing. Our welfare surveillance and prevention programme has ensured that we identify health issues affecting staff early and manage the impact they may have on how staff perform their duties. * Staff training and awareness: Focussing on health and wellbeing for the contract workforce. * Methods to measure staff physical and mental health and wellbeing engagement, over time and adapt to any changes from the results. * Commitment to report publicly, on the health and wellbeing of staff, supporting the contract workforce. We encourage our team and supply chain to capitalise on their interpersonal skills and integrate themselves within local communities. Our social value commitment: As a direct outcome of the surveillance programme, we are able to identify suitable assistive tools to ensure outcomes are obtained.

Pricing

• Price: £900 to £1,250 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cornelius.goosen@seconcyber.com. Tell them what format you need. It will help if you say what assistive technology you use.