A Pen Test Certificate is key to being able to show your customers, clients and prospects that testing has been carried out. Having previously worked on both sides of the table as supplier and client, we understand the benefit in being able to provide independent assurance of your solution to other parties. Passing a detailed technical penetration test report to auditors or clients is not always possible due to client data, out of scope systems, or other sensitive information which it contains.
Through conversations with our clients and building on our personal experiences and we have created an assurance certificate which we deliver as standard in our reporting package.
We strongly believe that industry good practice is the minimum baseline which all solutions should meet and we also wanted to avoid creating a certification program with its own bespoke criteria. It therefore made sense to provide assurance against good practice and transparency as how the testing was carried out and the outcome.
The certificate contains the test details, including scope, dates and deliverables. We provide a high level reference to our testing approach and a table showing vulnerabilities covered and their outcome.
In tandem with our detailed testing methodologies we believe this will provide assurance in the majority of situations. As auditors and clients may ask for further assurance, please do not hesitate to talk to us and we will ensure the reporting meets you needs.