Security specialists

ThreatLabs specializes in security assessments providing valuable insights into vulnerabilities and weaknesses as well as actionable advice to increase the security posture of IT assets and environments.

ISO/IEC 27001:2022

An Information Security Management System (ISMS) can be audited for design, existence, and operating effectiveness, but its true effectiveness is demonstrated in practice. A penetration test provides evidence that systems, applications, and infrastructure are regularly tested for vulnerabilities and modern attack techniques.

Questions or request a quote?

Within ISO/IEC 27001:2022, pentesting supports organizations in identifying risks, validating technical security controls, and continuously improving the ISMS.

Relevant Annex A controls include, among others:

  • A.5.35Independent review of information security
  • A.8.8Management of technical vulnerabilities
  • A.8.29Security testing in development and acceptance

The depth and frequency of penetration testing are determined by the organization's information security policy and risk profile.