IT Health Check (ITHC)
Let our highly qualified team of CREST and TIGER scheme approved penetration testers work with you to complete your IT Health Check (ITHC). The team at Fidus have been trained in the most rigorous of security testing procedures and have successfully passed industry recognised certifications. Our consultants have extensive experience of conducting IT Health Checks on both small local council networks and larger central government networks.
An IT Health Check is mandated as part the Public Services Network (PSN) CoCo compliance and provides assurance that entry points into networks containing PSN devices are secured. An IT Health Check requires certain criteria be met and our testing is set out and based around that.
Why is an IT Health Check Important?
As part of the Code of Connection (CoCo), there is a requirement for an annual ITHC. Failure to comply, without remediation plans in place, with security controls defined in CoCo may result in your PSN connection being terminated or affecting the ability of being able to connect to other public-sector bodies.
The ITHC has been designed to provide assurance that both your internal and external systems are protected from unauthorised access. This include Wireless access points which connect to the internal network and remote working devices, such as company phones.
Why should I use this service?
You should use this service if:
- You need to meet the requirements set out in the PSN CoCo as part of a new business relationship.
- You require and need to plan your annual IT Health Check.
- You are currently connected to the PSN.
IT Health Check Process
The IT Health Check (ITHC) process may seem complicated and convoluted, but it doesn’t have to be.
You’re more than likely reading this paragraph because it’s time to get your Public Service Network (PSN) certificate renewed and it requires an ITHC to do so. The IT Health Check is a type of Penetration Test in which specific criteria, set by the government, needs to be assessed and reported on. These are as follows:
- External scanning of public facing assets, including; VPN’s, email portals and websites.
- Internal testing of 10% of your IT estate, including servers. If the total number is low then all servers and desktops should be assessed.
- Firewall Configuration Review of the Public Service Network (PSN) firewall. It is highly recommended to also have your main firewall rules reviewed.
- Desktop and Server build configuration assessment.
- Mobile Device Management (MDM) assessment.
- Wireless Network configuration assessment.
It is important to select the right provider for these assessments. Our consultants at Fidus are CREST and TIGER scheme certified with a wealth of experience delivering IT Health Check assessments.