Tried, Tested and Proven

IT Health CHECK Service

The CHECK Service was devised to supplement the Information Assurance services provided by the Communications Electronic Security Group (CESG), the UK Government’s National Technical Authority for Information Assurance.IT Health Check Service and Council of Registered Ethical Security Testers

IT Security Health CHECK Services on Government systems were previously only to be performed by CESG. However, in 1999, due to the increasing demand for these assessments, CESG created the CHECK Service, to form partnerships with IT security companies and share this work with the private sector.

Portcullis was one of a few companies selected by the CESG to join the CHECK Service at its inception and has retained its “green light” status ever since. The CHECK Service has enhanced both the availability and quality of IT Health CHECK Services being offered to government departments in accordance with HMG security policy. This ‘badge of excellence’ is now widely recognised in both government and commercial circles as the mark of a reputable Security Testing provider. Clients engaging these “green light” companies are assured that they have selected a provider with a highly qualified, appropriately experienced team who will provide the very best quality service.

Today, we have an extensive Team of CHECK team leaders and CHECK team members. Each brings with them a wealth of knowledge in software, hardware and network engineering, together with experience gained from testing a wide range of environments for major central government departments, government agencies and police forces.

Approach of the IT Health Check Service

Each assessment performed under the terms and conditions of CHECK will be performed by a team of security cleared (SC) personnel and will be led by a CHECK team leader, who will be present throughout the test.

A CHECK assessment is an IT Security Health CHECK conducted in accordance with procedures and standards laid down by CESG.

There is no fixed technical specification for a CHECK assessment so, in the first instance, such an assignment must be properly scoped by an accredited CHECK Team Leader. On acceptance of the scope of work, testing will be conducted by a CHECK Team, consisting of at least one qualified CHECK team leader and a number of CHECK team members.

A CHECK assessment may be performed on any unclassified system and is approved for systems classified up to and including Confidential. Systems with a higher classification are normally tested by CESG, but such tests may be distributed to third-party organisations at their discretion.

In addition to normal commercial terms, the terms and conditions of the CHECK Service are also adhered to in these assessments. These include, amongst other things, the requirement for a copy of the report to be forwarded to CESG for approval and quality control purposes. This is to ensure that the standards of the CHECK Service are upheld at all times.


Portcullis will first require the agreement of the client to complete the scoping exercise as this is a chargeable service.

For the scoping exercise to be completed as quickly as possible; the client will be expected to provide detailed technical information about the target system.

Any special requirements that must be met before testing can commence, will be identified during the scoping exercise.

Please Note: The CESG IT Health CHECK Service is specified to the United Kingdom only.