CHECK provider application - company methodology

Created:  27 Oct 2015
Updated:  15 Jan 2018

The methodology that you supply should be a detailed technical description of how your company performs a typical penetration test. We will look at the steps that you perform and the sort of activities that you undertake within each step.

Your methodology document should include technical descriptions that explain why each step is necessary, what the activities undertaken will achieve and how the activities themselves are performed (typically a mention of a tool or technique). We are particularly interested to see how the applicant company adds value over automated scanners, which are often already in use by HMG departments internally.

We are also interested in the wider framework within which a penetration test is performed, such as scoping, working with customer requirements and how CHECK work will be resourced.

Finally, we need to know how you ensure that your CHECK team members will all practice the same methodology and how they will be made aware of updates to the company methodology and the latest vulnerabilities.

Note that high-level sales material is not considered a suitable alternative to a detailed methodology document.

Was this information helpful?

We need your feedback to improve this content.

Yes No