The CHECK Service was devised to supplement the Information Assurance services provided by the Communications Electronic Security Group (CESG) who are the UK Government's National Technical Authority for Information Assurance. IT Security Health Checks on Government systems used only to be performed by CESG. However, in 1999, due to the increasing demand for these assessments, CESG created the CHECK Service so as to form partnerships with IT Security Companies and share this work with the private sector.
Portcullis was one of a few companies selected by the CESG to join the "CHECK" Service at its inception and has retained it's "green light" status ever since. The CHECK Service has enhanced both the availability and quality of IT Health Check Services being offered to government departments in accordance with HMG security policy. This 'badge of excellence' is now widely recognised in both government and commercial circles as the mark of a reputable Security Testing provider. Clients engaging these "green light" companies are assured that they have selected a provider with a highly qualified, appropriately experienced Team who will provide the very best quality service.
Today Portcullis has an extensive Team of CHECK Team Leaders and CHECK Team Members. Each brings a wealth of knowledge in software, hardware and network engineering together with experience gained from testing a wide range of environments for major central government departments, government agencies and Police forces.
Approach of the CHECK Service
Each assessment performed under the terms and conditions of CHECK will be performed by a Team of Security Cleared (SC) personnel and led by a CHECK Team Leader. He or she will be present throughout the test.
A CHECK Assessment is an IT Security Health Check conducted in accordance with procedures and standards laid down by CESG.
There is no fixed technical specification for a CHECK Assessment so, in the first instance, such an assignment must be properly scoped by an accredited CHECK Team Leader. On acceptance of the scope of work, testing will be conducted by a CHECK Team, consisting of at least one qualified CHECK Team Leader and a number of CHECK Team Members.
A CHECK Assessment may be performed on any unclassified system and is approved for systems classified up to and including Confidential. Systems with higher classification are normally tested by CESG, but such tests may be distributed to third-party organisations at their discretion.
In addition to normal commercial terms, the terms and conditions of the CHECK Service will also be in force. These include, amongst other things, a requirement for a copy of the report to be forwarded to CESG for approval and quality control purposes. This is to ensure that the standards of the CHECK Service are upheld at all times.
Prerequisites
Portcullis will first require the agreement of the client to complete the scoping exercise as this is a chargeable service.
For the scoping exercise to be completed as quickly as possible; the client will be expected to provide detailed technical information about the target system.
Any special requirements that have to be met before testing can commence will be identified during the scoping exercise.