HSCIC Security Testing Services Call-Off - Framework RM1557vi

• Security Testing and Vulnerability Analysis - such as Penetration testing, the provision of suitably (Check or Crest) qualified individuals able to perform application and infrastructure security testing in line with CESG requirements; • Security Assessment and audits – the provision of CLAS/ISO27001 Lead Auditors, who can perform all tests/audits against government standards/ISO27001/good practice; • Security consultancy – the provision of suitably (Check or Crest) qualified individuals to deliver specific security-related advice and consultancy in the areas of, but not limited to technology, architecture, risk assessment, risk treatment (as part of the ISO27001 ISMS risk assessment report) and threat assessment; • Security assurance – the provision of suitably (Check or Crest) qualified individuals to carry out assurance activities, including but not limited to supplier compliance reviews; • Forensics and investigations – the provision of suitably (Check or Crest) qualified individuals to conduct forensic and investigatory work, including but not limited to on site forensics, general security investigations and disk analysis.