ISO27001 is a very well defined standard with a special clause for vulnerability assessment and penetration testing. It is highly misconstrued when it comes to defining the scope of the VAPT. Quick notes below can guide you with it.
Valency Networks is a top ISO 27001 compliance and auditing company. We are a team of certified auditors for compliance as well as vulnerability assessment. While more technical details on VAPT could be found here, at a high level we perform audits using following techniques.
While it largely depends on the scope (spread of network, number of locations, depth at which the testing is seek), it does not take more than a week in any case. In best case scenarios Valency Networks has demonstrated that only 2 days were sufficient to perform testing and provide results.
We provide reports that are signed by ISO 27001 certified lead auditors. We also provide a service by which we confirm whether the reported vulnerabilities are fixed by you or not. Once fixed, we optionally provide a final report that you can send to your ISO auditors for achieving compliance.
With a very large base of customers where we implemented ISO27001 and GDPR compliance, and having performed network and web vulnerability assessment for them, that makes Valency Networks as a top cyber security firm in the country. Not as a vendor, but in fact we are treated as a cyber security partner by our customers in India and abroad.
Valency Networks is a very agile, friendly and fun loving atmosphere and yet we maintain a cutting edge technical vibrant work environment.