Provision of ICT Health Checks

This requirement is for a Cyber Security health check company to perform vulnerability assessments and penetration tests on the DVLA infrastructure and applications (both physical and cloud based). In addition to performing on site testing the company must have a fully mature and documented remote testing solution in place, in order to remotely connect to our network. They must be PCI ASV approved and hold CESG, CHECK CERTIFIED GREEN LIGHT, CREST STAR, & Cyber Essential status. Criteria can be broken down as follows: • Must have experience of working with an internal Government Cyber Security teams to develop penetration testing strategies. • Must evidence how they have developed long term client partnerships in order to deliver required training and skills transfer. • Following the completion of the engagement the supplier must explain how they would provide guidance and recommendations on how to maintain the service alongside suggested next steps. • Fully mature remote testing solution.