FCA Penetration Testing Services

Firms that are authorised and regulated by the FCA (Financial Conduct Authority) must adhere to certain technical standards, as set out in the FCA Handbook.

As part of their obligations to maintaining the operational resilience of their systems, Article 18 Security and limits to access (Article 17(1) of Directive 2014/65/EU) requires investment firms to “annually undertake penetration tests and vulnerability scans to simulate cyber-attacks”.

However, even if your firm is not authorised and regulated by the FCA, penetration testing should still be part of your cyber risk management programme.

The financial services sector is consistently one of the most attacked in the world, so determining where and how you are vulnerable to attack is paramount.

What are vulnerability scanning and penetration testing?

Vulnerability scanning and penetration testing are two types of security test that can help organisations address weaknesses in their technical and organisational defences.

• Vulnerability scanning is an automated process that identifies common cyber security weaknesses.

    Learn more about vulnerability scanning

• Penetration testing is a more thorough approach. It is a form of ‘ethical hacking’ in which professional security testers apply the tools and techniques used by criminals to identify security flaws that could be exploited, without harming the systems themselves.

    Learn more about penetration testing

Why does your firm need them?

Cyber security vulnerabilities are commonplace – in fact, it is unusual for an organisation to have none. New vulnerabilities are discovered every day, and previously patched ones can be reintroduced by system reconfigurations.

Identifying these vulnerabilities and understanding how vulnerable they render your organisation and its data are critical to ensure security and compliance.

A programme of regular testing is an essential component of any risk-based approach to cyber security. It will help you focus your cyber security activities exactly where they are needed, helping you get the most from your security budget while protecting your systems and critical data against compromise.

IT Governance’s vulnerability testing and penetration testing services

Our fixed-price, level 1 testing packages are suitable for any firm that needs to identify the vulnerabilities targeted by cyber attackers. Test results are presented in an easy-to-understand report that is ideal for small and medium-sized organisations, or those with no prior security testing experience.

For organisations that need greater reassurance, our level 2 tests provide more complex assessments that are scoped and tailored to your requirements. They painstakingly identify security vulnerabilities in your hardware, software, systems or web applications, and try to exploit them to help you understand how far an attacker might get.

Click for more information about our penetration testing services and how they can help secure your organisation:

• Cloud configuration penetration tests
• Combined infrastructure and web application penetration testing
• External infrastructure penetration testing
• Internal infrastructure penetration testing
• Remote access penetration testing
• Remote compromise penetration testing
• Simulated phishing attack
• Simulated phishing attack and staff awareness programme
• Social engineering penetration testing
• Vulnerability scanning
• Web application penetration testing
• Wireless network penetration testing

Why choose IT Governance?

CREST (the Council of Registered Ethical Security Testers) is an independent certification and accreditation body that ensures security testers meet a high standard of engagement.

As a CREST-accredited company, IT Governance will provide you with the high level of technical expertise you need to ensure your organisation can manage its cyber security risks in line with its business requirements – whatever its size or budget:

• Our penetration testing team can support your organisation’s cyber security strategy by identifying vulnerabilities in your infrastructure, applications, wireless networks and people.
• Get one-to-one advice from our experts at every stage of the engagement, along with a comprehensive report, an end-of-test debrief and answers to any questions you might have.
• Our reports clearly explain any issues we have identified from both technical and non-technical perspectives, explaining how they affect your business.
• Our UK penetration testing team has been operational since 2010. Our extensive testing experience ensures our clients receive a comprehensive service:
  • We are experienced in a diverse set of testing disciplines (web applications, servers, firewalls, Wi-Fi).
  • Our areas of expertise include standards such as ISO 27001, ISO 27701, ISO 9001 and the PCI DSS (Payment Card Industry Data Security Standard).
  • We have expert knowledge of data protection law, such as the DPA (Data Protection Act) 2018 and GDPR (General Data Protection Regulation).