What do I get from an ITHC provider?

• Security vetted testers who have been evaluated against stringent trust and integrity requirements.
• Defined point of contact for quality assurance and management of your commissioned task.
• Testing methodologies approved by the NCSC, which specify:
  • Mandate that any testing undertaken cannot cause damage to the systems they are testing.
  • Quality audit controls are applied to a defined standard.
  • No residual artefacts created because of the test remain in the client environment. Additionally, in case any of these get overlooked, a full breakdown of the indicators of compromise that might occur in the logs and monitoring systems is provided to the company.
  • Any residual changes which cannot be reversed are notified to enable post-testing recovery.
  • Systems under test are returned to their original state.
  • Testing assignments are conducted impartially and deliver technical results, including recommendations which have regard to value for money.
  • Any conflicts of interest are managed effectively and disclosed with full transparency.
  • Any recommendations associated with additional products or services where we have a commercial interest are objective and reflect the full range of options in the market.
  • Testing proposals focus on efficiency and value for money.
  • Reporting quality is of an assured standard independently audited by the National Technical Authority so that you can trust the accuracy.
  • You have access to NCSC as the national authority directly should you have concerns about our service quality.