ISO27001 Pentesting Compliance Requirement

There is bit of a difference between regular network penetration testing and the one performed to achieve ISO27001 certification. In the former, the approach is all about security assurance. While in the later, the reporting style is entirely different.
ISO27001 requires that a detailed internal and external penetration testing shall be performed and the report shall ensure that all the security holes are fixed.

What is required by compliance

Internal VA

  • Internal IT infrastructure

  • Servers and Firewalls

  • Compliance standards

  • Adherence to policies

  • Adherence to procedures

External PT

  • Perimeter scanning

  • Firewall penetration

  • Reconnaissance

  • Scanning and gaining access

  • Blackhat techniques

Additional Testing

  • Adherence to physical security

  • Adherence to logical security

  • Password standards

  • Configuration checks


  • Detailed technical report

  • CISA or CISSP Certified

  • Fixation confirmation

  • Certificate of technical compliance(optional)

Network Penetration Testing





Related links

A typical website penetration testing service comprises of simulation of real life hacking methodologies. It encompasees various security attack vectors and exploitation of potential vulnerabilities

Read More

Our Culture

Valency Networks is a very agile, friendly and fun loving atmosphere and yet we maintain a cutting edge technical vibrant work environment.