A penetration test is a manual security assessment of your network, systems, or applications that uses the same techniques and tactics an attacker would use to compromise your systems or data. Using industry-standard techniques from real-world cyber attacks, the tester identifies the vulnerabilities a threat actor would seek to exploit based on the size of your potential attack surface and advises on the steps required to fix them to make your systems more secure. 

SIEM (Security Information and Event Management) is a technology system that powers the management of your logs. Traditionally it's been a hardware appliance, but increasingly it's delivered as a SaaS product. By contrast, the SOC (Security Operations Centre) is the team that uses the SIEM tool to keep you secure.

The SOC will use their insight and intelligence to program the SIEM tool to make sure it's spotting every kind of cyber threat. A good managed SOC also includes security researchers, threat intelligence feeds and works round-the-clock.

Best practices, compliance standards and security professionals all agree that penetration testing should be conducted at least once a year. In addition, extra pentesting should be performed upon significant change or upgrades to your infrastructure. This schedule of security testing is even mandated by certain compliance standards, including PCI DSS.

Managed detection and response (MDR) is a managed IT security service that detects, contains and remediates cyber threats in real time. It protects your data and assets against cyber threats that can evade other security tooling. MDR achieves this by combining SIEM technology with endpoint protection 24/7 SOC monitoring.

ISO 27001 certification, 27001:2022, is an internationally recognised information security management standard of best practices.

As of 2025, the deadline for organisations to transition from ISO 27001:2013 to ISO 27001:2022 is October 31, 2025, after which only the 2022 version will be valid for certification.

ISO 27001 covers several policies and procedures for reviewing legal, physical, and technical controls to determine the extent to which they meet the 10 clauses and 114 generic security controls grouped into 14 sections (called “Annex A”).

ISO 27001 clauses 4 – 10:

• Context of the Organisation (Clause 4)
• Leadership (Clause 5)
• Planning (Clause 6)
• Support (Clause 7)
• Operations (Clause 8)
• Performance evaluation (Clause 9)
• Improvements (Clause 10)

This will cover the following 14 controls:

• Information security policies
• Organisation of information security
• Human resource security
• Asset management
• Access control
• Cryptography
• Physical and environmental security
• Operations security
• Communications security
• System acquisition, development and maintenance
• Supplier relationships
• Information security incident management
• Information security aspects of business continuity
• Compliance

Being ISO 27001 certified demonstrates a commitment to maintaining top levels of security.