- 28th September 2018
- Posted by: Fidus
- Category: Corporate
Startup to CHECK Approval in 13 Months
Fidus Information Security is proud to announce that we have been approved to be a member of the NCSC CHECK Scheme. As a CHECK service provider we are authorised to assess IT Systems for Her Majesty’s Government and other public sector bodies. In receiving this certification we have been recognised by the NCSC as among the top Cyber Security companies in the country, delivering a high standard of penetration testing and consultancy services. We are delighted to have received this accreditation in itself, but to have achieved this in just 13 months is a real testament to the hard work of our testers and the rigorous training they are put through.
Our company was founded in 2017 by two Penetration Testers, who wanted to provide Cyber Security services in a different way to the larger Penetration Testing companies. Their vision was to build Fidus Information Security on a consultancy based model with services tailored to each client. We want the service we provide to be both personal and to a high standard; therefore all clients are assigned a dedicated consultant from the very inception of a scope to the delivery of the finished report.
CHECK & ITHC’s
Though we have achieved CHECK approval in a short time, our consultants are CREST and TIGER scheme qualified and have extensive experience of conducting IT Health Checks (ITHC) on both small local council networks and larger central government networks. An ITHC is necessary as part of the Public Services (PSN) CoCo compliance and provides assurance that entry points into networks containing PSN devices are secured. All organisations that need to meet the requirements set out in the PSN CoCo as part of a new business relationship, require and need to plan their annual ITHC as well as those currently connected to the PSN. We acknowledge that ITHCs require certain criteria be met and so our testing is designed around that.
The ITHC process may seem complicated and convoluted, but it doesn’t have to be. The criteria, set by the government, of what needs assessing and reporting on is as follows:
- External scan of public facing assets, including: VPN’s, email portals and websites.
- Internal test of at least 10% of an IT estate, including servers, desktops and network devices. If the total number is low then all of the estate is to be assessed.
- Firewall Configuration Review of the PSN Firewall. It is highly recommended to have all main firewall rules reviewed too.
- Desktop and Server build configuration assessment.
- Mobile Device Management (MDM) assessment.
- Wireless Network configuration assessment.
Receiving CHECK approval has been a big step towards our plans for world domination. Opening ourselves to the Public Sector will allow us to continue our rapid growth and this is certainly an exciting time for Fidus Information Security. No matter the success though, we remain committed to our core values and will always put the client and the delivery of high standards as our top priority. Here’s to the next year. Watch this space.