Last month we blogged about our new ISO 9001 compliance certification which, naturally, we’re extremely proud about.
The desire to become more compliant, as discussed, was brought about – initially – by two principle reasons, external and internal:
Externally, there was a requirement from a couple of our larger clients (ironically, to remain compliant to their own internal processes) to ensure that all of their suppliers are compliant and have appropriate and robust quality management systems. This expedited the process for us.
Internally, however, we’d always wanted to become ISO 9001-compliant. As a small business, there’s always a very long list of things that (in an ideal world) you’d have right away. Although we’re a small business – and we don’t purport to be anything other – we have a big business mindset when it comes to process and compliance. After all, many of our clients are large corporate organisations who need the same level of process from their suppliers as they demand on themselves – so we’re delighted to be able to offer that extra level of protection.
This brings about the point of this whole blog: to talk a little bit about the importance of penetration testing for software businesses. From day one, we’ve always wanted to ensure that our platform and internal systems are as robust and secure as they possibly can be.
We’re all patently aware how important cyber security is, today more than ever.
With an increase of in hacking during the pandemic (read this article here), and as a company processing personal data on behalf of our clients – we need to make sure that we’ve taken every step possible, and this meant paying for a company to undertake a penetration test on our systems…
What is penetration testing?
Pen testing is often called ‘ethical hacking’, which probably needs no further explanation. Suffice to say – a process is undertaken by an external company whereby the company tries to expose and exploit any and all vulnerabilities within a system.
How is it carried out?
When you decide on your penetration test partner, there are a few things that need to be ascertained:
- Which system(s) are being tested
- The pages in the system
- User types within the system
- The objectives of the penetration test
Once the above has been ascertained, including the agreed testing methodology, the penetration tests are carried out.
Penetration testers will replicate threat actors, such as malicious users and pre-meditated hackers in order to detect system vulnerabilities which could result in data breaches and reputational damage for organisations.
Upon completion of the penetration tests, which are recommended to be undertaken for all aspects of the system, organisations will receive a detailed report identifying any and all risks that have bee identified, which gives the organisation an opportunity to put remedial action in place before re-testing. All risks are identified from Critical to Low.