This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

Cyber Health Check


Mitigating cyber risks comprehensively

A truly robust cyber security regime is founded on a comprehensive cyber risk assessment programme to identify the gaps in an organisation’s critical risk areas and to determine the right actions to close those gaps. If you are embarking on a cyber security improvement programme, a Cyber Health Check will help you identify your weakest security areas and recommend appropriate measures to mitigate your risks.


Why you need one

“More than 70% of investors are interested in reviewing public company cyber security practices and almost 80% would likely not consider investing in a company with a history of attacks.” [Source: HBGary report]


Ask yourself these questions

  • Does your board receive regular reports on the status of your company’s cyber security governance? If so, how often are the reports received?
  • Have you identified your key information assets and thoroughly assessed their vulnerability to attack?
  • Has responsibility for cyber risk been allocated appropriately? Is it on the risk register?
  • Do you have an effective risk governance structure that your risk tolerance and controls are aligned with?
  • Do you have appropriate information risk policies and adequate cyber insurance?

If you answered ‘no’ to any of the questions, you could suffer considerably from an attack , especially if you are a public sector organisation or handle large volumes of personal data.


Review your cyber security posture

Our Cyber Health Check (G-Cloud service ID: 6954 2611 8858 292) is an independent, high-level, three-phase analysis of your cyber security posture that combines on-site consultancy and audit, remote vulnerability assessments and an online staff survey. We will identify your actual cyber risks, audit the effectiveness of your responses to those risks, analyse your real risk exposure and then create a prioritised action plan for managing those risks in line with your business objectives.

Find out more


What it does

A Cyber Health Check will provide you with a incisive and detailed report describing your current cyber risk status and critical exposures, and will draw on best practice – such as ISO 27001, 10 Steps to Cyber Security and Cyber Essentials – to provide recommendations for reducing your cyber and compliance risk. The report provides feedback in the following four areas:

  • Basic cyber hygiene
  • Cyber governance framework
  • Policies, procedures and technical controls
  • Continuity, recovery and resilience

The difference between a Cyber Health Check and a Cyber Security Audit

A Cyber Security Audit is a one-day consultancy service offering a high-level cyber review of the organisation and its IT estate. It identifies the threats, vulnerabilities and risks the organisation faces, and the impact and likelihood of such risks materialising.

A Cyber Health Check , however, is more exhaustive in scope. Aside from the audit and the technical cyber security controls included in the Cyber Security Audit Service, a Cyber Health Check also conducts vulnerability scans of critical infrastructure IP and website addresses, an internal wireless scan of router security settings, and an online staff questionnaire that determines gaps between corporate cyber security policy and employees’ actual cyber security practices.

A Cyber Security Audit provides a snapshot, or an overview, of an organisation's IT security posture at a particular moment. A Cyber Health Check, however, delves deeper and looks at the policies and procedures that have contributed to that IT security posture. In that sense, a Cyber Health Check is more concerned with the security processes that describe how people and technology interact to determine whether it is contributing to or hampering overall cyber security.



Receive a prioritised action plan

In each of these areas, the health check identifies your actual cyber risks, assesses your responses to those risks, and analyses your risk exposure. This service includes:

  • On-site interviews with key managers;
  • An on-site security assessment;
  • External vulnerability scans;
  • Online staff awareness questionnaires; and
  • High-level analysis and expert recommendations for next steps.

The result is a best-practice action plan to mitigate those risks effectively and in line with your business objectives.

To download a free suite of this service’s brochures, including a service description, sample report and service consultancy pricing, visit the product page.

Find out more


Why choose IT Governance?

IT Governance has more than 15 years’ experience helping organisations get their basic security hygiene right, working with boards and senior managers to identify and manage cyber risks in line with the organisation’s risk appetite and commercial business drivers.

IT Governance is also recognised under the following frameworks:

  • UK government CCS-approved supplier of G Cloud 9 services
  • CREST certified as ethical security testers
  • Certified under Cyber Essentials Plus<, the UK government-backed cyber security certification scheme
  • Certified to ISO 27001:2013, the world’s most recognised cyber security standard


Contact us

For more information on how IT Governance can help with your Cyber Security Audit please contact us by using the methods below.