Context is one of the first four companies to be certified by CESG and CPNI for a new Cyber Incident Response scheme to help UK organisations respond effectively to cyber security attacks.
It is aimed primarily at the public sector and the UK’s critical national infrastructure as well as providing support to other parts of the private sector.
The initiative supports the delivery of the UK Cyber Security Strategy and expands the UK’s cyber incident response capabilities through greater collaboration between the Government and industry. Context is certified by CESG/CPNI to help organisations notified of attacks or interested in getting advice about detection and mitigation. The scheme is designed to give access to specialist knowledge and expertise with a high level of trust and quality-assurance.
Visit the CREST website
Context is a member of the Council of Registered Ethical Security Testers (CREST).
CREST was created in response to the need for regulated and professional security testers to serve the global information security marketplace. CREST’s main aim is to represent the information security testing industry and offer a demonstrable level of assurance as to the competency of organisations and individuals within those approved companies.
CREST is a standards-based organisation for penetration test suppliers incorporating a best practice technical certification programme for individual consultants. Additionally CREST provides its members with a framework of guidance including standards, methodologies and recommendations aimed at ensuring the very highest standards of leading-edge security testing.
Context is one of only three companies to be approved to provide consultancy and testing services for the CESG Tailored Assurance Service (CTAS). CTAS is designed to provide assurance for a wide range of Government, MOD, Critical National Infrastructure (CNI) and public sector organisations engaged in the procurement of IT systems, products and services. This could range from software, web applications and internal networks to mobile devices, cloud services and wireless systems.
The purpose of CTAS is to provide answers to specific assurance questions and concerns posed by the Accreditors, typically at the pre-deployment stage. These questions are addressed by a tailored evaluation performed by a CTAS Company and key results that may impact business are highlighted in an Assessment Statement produced by CESG.
Context is a subscriber to the CESG CHECK Scheme at Green level. The CESG CHECK Scheme is the foundation of a special partnership between the Government and Industry that allows third parties to conduct security tests on Government networks. The scheme sets standards for both the member company and the individual consultant to ensure that the Government client receives a test of the appropriate standard.
Whilst the Scheme was intended for Government use, the public sector noticed the benefits of such a scheme and has often requested that any would-be suppliers are CHECK approved. Obviously a Government led scheme will not be absolutely ideal for the private sector and increasingly the CREST scheme is being adopted as the private sector standard.
Context is an Approved Scanning Vendor (ASV) for the PCI Data Security Standard (PCI DSS). We supply scanning and penetration testing services to companies seeking compliance with the PCI DSS, which was developed by the members of the PCI Security Standards Council (including Visa, MasterCard, JCB, Discover Financial Services and American Express) with the aim of applying consistent data security measures to card payment accounts across the globe.
Context is accredited by the United Kingdom Accreditation Service (UKAS) for our London product test laboratory in accordance with ISO17025:2005, which is the general requirements for the competence of testing and calibration laboratories. Our accreditation supports our participation in the CESG Product Assurance (CPA) scheme for which we are one of only seven laboratories, moreover Context is one of the only laboratories equipped to provide assurance services for all published security characteristics.
ISO9001:2008: Context’s Quality Management System (QMS) is certified by BSI to the international standard ISO9001:2008. ISO9001 is a globally recognized standard for the quality management of businesses and is used by Context to measure the effectiveness of all business processes and procedures used to provide quality and consistency in all of our services and products. Our QMS is also used to ensure our products / services continually improve, remain appropriate and continue to meet our clients’ requirements. The scope of our QMS includes all places of business and our certification includes London, Cheltenham, Düsseldorf and Melbourne.
ISO27001:2005: Context is certified by BSI with ISO 27001 for both its UK offices, at London and Cheltenham as well as Dusseldorf. ISO27001:2005 is the only auditable, international standard used to specify the requirements of an Information Security Management System (ISMS). It is designed to ensure that companies or organizations select and deploy adequate and proportionate security controls. Its scope includes full assessment of existing security policies and procedures and the establishment of a process for continuous improvement of those policies and procedures.
The scope of our ISMS includes all places of business and our certification includes London, Cheltenham, Düsseldorf and Melbourne.