PHE - Corporate - ICT - Authenticated application & code assisted pen testing via G-Cloud

Public Health England, an executive agency of the Department of Health and Social and Social Care (DH) (hereafter referred to as "Public Health England" or "PHE" also referred to as the "Contracting Authority" or the "Authority" or the "Employer") have awarded JUMPSEC Ltd a one year Call-Off Contract via G-Cloud 12 Framework Agreement (RM1557.12) in response to Covid-19. Public Health England have requested a penetration test against the Second-Generation Surveillance System (SGSS) solution; JUMPSEC propose conducting a security assessment to cover the following: 1- Penetration test of Public Health England's SGSS web application. 2 - Build and configuration reviews for devices deployed on MS Azure part of SGSS AD environment. 3 - A MS Azure cloud configuration review to assess the quality and security of the cloud environment and its deployment. 4 - An Active Directory configuration review of the SGSS domain.