+44 (0)1252 377321 | info@activityim.com

Hunches. Confirmed.

ITHC (CHECK)

Activity’s security assessment team consists of both CHECK and CREST qualified consultants

Who are certified to perform both Application and Infrastructure assessments under both schemes and have recent experience of working on security tasks in accordance with:

  • Security Policy Framework
  • CESG Infosec Standard IS1 – Parts 1 & 2 Technical Risk Assessment
  • CESG Infosec Standard IS2 – Risk Management and Accreditation of Information Systems
  • CESG INFOSEC Standard IS3 – Connecting Business Domains
  • ISO / IEC 27001 and ISO / IEC 27002

CESG’s CHECK scheme

Was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. In the absence of other standards, CHECK has become the de-facto standard for penetration testing in the UK. This is mainly on account of its rigorous certification process. Whilst good it only concentrates on infrastructure testing and not application. 

CESG guidance states that CHECK consultants are only required when the assessment is for HMG or related parties, on systems that carry protectively marked information of a classification level of RESTRICTED or higher.

As a CHECK service provider we are permitted to work on systems processing information with a protective marking up to and including Confidential (and also SECRET with prior approval from CESG).  You can also be assured that all members of our CHECK team hold a minimum of Security Check (SC) clearance.

CREST (Council of Registered Ethical Security Testers)

Was created in response to the need for regulated and professional security testers to serve the global information security marketplace. CREST’s main aim is to represent the information security testing industry and offer a demonstrable level of assurance as to the competency of organisations and individuals within those approved companies. 

CREST is a standards-based organisation for penetration test suppliers incorporating a best practice technical certification programme for individual consultants. Additionally CREST provides its members with a framework of guidance including standards, methodologies and recommendations aimed at ensuring the very highest standards of leading-edge security testing. 

CREST is also the only scheme in the U.K that can provide assurances of suitable application testing skills.

CESG have acknowledged CREST as an appropriate scheme to validate the quality of security testers and their organisations for performing testing on systems up to impact level 2 (PROTECT). See Infosec standard 1 Appendix D2 for details or the CESG website.

If you would like to know how to procure an ITHC (CHECK Test) or obtain a quote, e-mail info@activityim.com