IT Health Check (ITHC)

What is an IT Health Check (ITHC)?

It is a way of reporting on an organisation’s cybersecurity. It provides assurance to our customers that our system is set up correctly. Penetration testing will be performed to seek out vulnerabilities within our systems and report on any findings. 

Why is it important?

If an organisation’s system does not follow the correct policies or have the appropriate configuration they can become vulnerable to attacks.

These threats can be internal and external. It is very likely that organisations will have to deal with an attack whether it was targeted or not. It’s important to be proactive and try to find flaws in your system before a malicious hacker does. 

An ITHC can identify weak areas which require security improvements, it can highlight vulnerabilities and even suggest best practices to resolve those issues.

Invotra’s Approach

Selecting the appropriate third party 

Invotra follow our internal policies and standards which are in place to assist us in selecting an appropriate supplier. We will only select a third party to conduct our ITHC if they can provide high quality testing services for our organisation.

We look for the following accreditation’s in our trusted suppliers:

• Certified under the government’s NCSC (National Cyber Security Centre) CHECK scheme for penetration testing
• ISO27001:2013 
• ISO9001:2015

Scope

The scope will be agreed between us and the carefully selected third party conducting the tests. The scope is created by Invotra’s Security Team, it will specify the areas of the business that will be put under test and to what extent they will be exposed. The scope will also include areas which are not to be included in the test. 

The scope will be communicated securely between Invotra and the supplier. 

Frequency 

An ITHC will be conducted by a third party annually. The scope of the test will vary each year as the requirements and needs of the business change. 

Reporting

The outcome of the ITHC will be communicated securely between the supplier and Invotra. A summary of the findings may be requested by our customers and a redacted version shared to satisfy our partnership agreement. 

Internally, the findings will be discussed and analysed by the security team and any actions that we find need to rectified immediately will be resolved as a priority and our customers informed.

All ITHC reports will be encrypted and stored securely. Only authorised staff will have access to view.