CHECK Penetration Testing

Our CHECK Penetration Testing service provides government-approved security testing designed to assess and strengthen the resilience of systems handling sensitive UK government data. Delivered by National Cyber Security Centre (NCSC) CHECK-accredited testers, this service meets stringent standards set by the NCSC and is required for many government and public sector projects.

What is CHECK?

CHECK is the NCSC’s accreditation scheme for penetration testing providers that work with UK government, critical national infrastructure (CNI), and regulated industries. CHECK-approved testers have been vetted and assessed by the NCSC to perform testing on systems that handle OFFICIAL or OFFICIAL-SENSITIVE classified information.

Our CHECK Penetration Testing Service Includes:
  • Scoping & Compliance Alignment: Working with your stakeholders to define the scope in accordance with NCSC requirements and relevant frameworks (e.g., PSN, HMG Security Policy Framework).
  • Threat-Based Assessment: Emulating techniques used by real-world attackers, including nation-state-level threats where appropriate.
  • Manual and Automated Testing: Identifying and validating vulnerabilities through a combination of expert-led testing and proven toolsets.
  • Controlled Exploitation: Safe and authorised exploitation of vulnerabilities to demonstrate potential impact and aid risk prioritisation.
  • Reporting: A detailed, risk-based report suitable for government stakeholders, including technical findings, risk ratings, and remedial guidance.
  • Debrief & Retesting: Post-engagement support including findings walkthrough, Q&A, and optional validation of fixes.

Test Types Offered:
  • Internal and External Infrastructure Testing
  • Web Application Testing
  • Mobile Application Testing
  • Wireless Network Testing
  • Social Engineering (optional and scoped appropriately)
  • Secure Configuration Review
  • Cloud Security Assessment (aligned with UK government cloud guidelines)

Why Use CHECK Testing?
  • Required for many UK government and public sector systems
  • Performed by NCSC-vetted testers with security clearance
  • Demonstrates compliance with government security standards
  • Helps identify gaps before adversaries can exploit them
  • Aligns with protective monitoring, incident response, and broader assurance strategies

Who Is It For?
  • UK Government departments and agencies
  • Public sector organisations (e.g., NHS, central government and local authorities)
  • Private sector suppliers to government
  • Any organisation handling HMG-classified data

Why Choose Us?

As an NCSC-accredited CHECK organisation, we bring together deep technical expertise and a proven, risk-based methodology. Our assessments are tailored to your unique threat landscape, delivering relevant, actionable insights that go far beyond standard vulnerability scans.

Since 2008, we’ve supported public sector clients with extensive experience in delivering penetration testing for high-security, mission-critical systems across government, CNI, and emergency services.

draft

CREST Penetration Testing

READ MORE
Right arrow in grey