Central Government departments and certain suppliers are required to carry out testing under the NCSC CHECK scheme to provide a greater level of assurance in the security of their technical systems. In the context of the NCSC CHECK scheme, the term “IT Health Check” means a penetration test (often supported by technical audits, build or configuration reviews) with the following additional requirements:
- It must be carried out by an NCSC approved CHECK company.
- It must be led by an individual holding the CHECK Team Leader (CTL) qualification.
- All testers must hold at least CHECK Team Member qualifications.
- All testers must hold at least SC clearance.
- Upon completion of the test, a copy of the report is sent to NCSC.
CODA can deliver any of the penetration testing services detailed elsewhere on the site under the CHECK scheme, through experienced and appropriate cleared testing teams.
Please note that the NCSC CHECK scheme is completely separate from the similarly named PSN IT Health Check scheme. If you are asked to carry out an “IT Health CHECK” and it’s not clear whether this should fall under the NCSC CHECK scheme, then please get in touch with us and we can review the requirements with you to establish the most appropriate type of security testing.