IT Health Check
Advanced Penetration Testing for public sector organisations
An IT Health Check is an annual assessment required for public sector organisations using the governments Public Sector Network (PSN). It examines all aspects of IT security and provides an independent assessment of your organisation's security to ensure that any vulnerabilities or weaknesses are identified and managed accordingly.
It also has a specific focus on security or operational flaws that could potentially create unauthorised access points to the network and place the integrity of PSN at risk, either intentionally or unintentionally.
Why is an IT Health Check important?
IT Health Check certification has been primarily designed as a method of maintaining high levels of security for businesses tasked with storing, handling, and managing particularly sensitive data relating to the public sector. This includes government bodies, educational establishments and healthcare.
If your business operates within the public sector, an IT Health Check is mandatory and organisations will only be granted access to the PSN once they hold an IT Health Check Certification (which requires annual renewal) by an approved assessor.
Benefits of an IT Health Check
At SES we ensure that our IT Health Check meets the necessary criteria for certification, covering aspects such as type and severity of issues identified, a full explanation of vulnerabilities present and recommendations for effective remediation.
Not only does an IT Health Check aim to ensure your compliance, but also provides your organisation with an opportunity to undertake a tailored risk assessment to provide complete reassurance that your networks are safe, secure and difficult to infiltrate.
Government-mandated IT Health Checks are typically unique to each organisation, but provide a comprehensive overview of IT safety and security, identifying room for improvement.
Clients we've helped
Our expertise. Your questions answered
What’s the easiest thing to implement in my office?
There are many controls every organisation should put in place to ensure good defence against cyber threats - from the basics like using anti-virus, email filters and firewalls, to more in-depth activities, like Penetration Testing and Phishing Assessments. One of the basic controls you can implement easily in both your professional and personal lives is good password hygiene. In some cases, your password is often the only thing keeping cyber criminals away from your sensitive information; length is the primary factor when creating a strong password—the longer it is, the more guesses will be needed by hackers to get it right.
Am I investing my Cyber Security budget correctly?
You could take a blanket approach and cover every possibility, but that’s an expensive strategy and your Finance Manager or CFO probably wouldn’t be happy to spend money unnecessarily. Every business faces different threats, so what the organisation in the next office needs to defend against isn’t necessarily what you need to invest in. It’s important to get an understanding of your threat profile and align that with the risks you’re willing to take (or not take). From there, you can decide what you should be investing in.
How do I educate my team to handle cyber threats?
The cyber threat is ever-changing and even with the best technical defences in place, the end-users (i.e. humans) are usually the weakest link. That is not to say that cyber security should only be non-technical, but it is important to have the right balance. Knowing where to start for cyber security generally can be difficult and working out what your team needs to know is a bit overwhelming. Like knowing where to invest your budget, how you train your team also starts with understanding your specific threats.
What do I do when something goes wrong?
Frustratingly, you’ve put in place all these useful security controls, but with the threats changing so often, keeping up can be hard. Therefore, it’s important to have the mindset that, it’s not about if you get breached, it’s about when you get breached and then how you handle it. Having a plan in place will ensure the consequences of a breach don’t undo of all your hard work in developing your organisation and building your reputation.