Nettitude is proud to be one of a handful of UK companies that is approved by NCSC to conduct IT Health Check (ITHC).

Our team of NCSC CHECK Consultants have had to be trained in the most rigorous of security testing procedures and have successfully passed both infrastructure and application tracks. In addition, all of Nettitude’s CHECK team leaders and CHECK members hold a minimum of SC clearance, and are permitted to work on systems that hold protectively marked data.

Request a free quote


The NCSC IT Health CHECK (ITHC) or CHECK scheme was developed by the UK Government’s information assurance division. This body (known as NCSC or the National Cyber Security Centre) is responsible for enhancing the availability and quality of the IT Health Check services that are provided to the Government in line with Her Majesty’s Government (HMG) policy.

Nettitude has a team of certified CHECK testers for your project

Penetration Testing companies belonging to the IT Health CHECK scheme are measured against high standards set by NCSC. Therefore public sector customers can be assured that they will receive a high quality service if the work is carried out under the terms and conditions of CHECK.

The CHECK certification has relevance to private sector companies as well HMG and Center for the Protection of National Infrastructure (CPNI) bodies.

Due to the fact that NCSC has set the bar high for entrance in to the CHECK program, it ensures that organisations operating within the framework practise the highest levels of quality in all aspects of the security testing lifecycle.

Nettitude’s CHECK security testing service provides service assurance:

  • Strong and consistent methodology.
  • Thorough scoping (ensuring that the assessment is 100% tailored to your needs).
  • Industry leading testing services.
  • Strong communication, during the test and at the time of debrief.
  • Some of the best reporting and remediation advice available in the industry.
  • Guidance on risk; thorough consideration of impact, threat, vulnerability and likelihood.
  • Appropriate insurance and indemnity for all security testing engagements throughout the world.

Scoping is fundamental to successful ‘IT Health CHECK’ testing

NCSC require that CHECK companies develop a test strategy, test plan and a series of test scripts for use on  a NCSC IT Health Check.


  • Attempts should be made to gain access to the target node.
  • Attempt to gain credentials for the target node.
  • Attempt to deny or disrupt service to the node (if appropriate and with the agreement of the client.


  • Attempt to gain extra privileges for assumed or gained identities.
  • Attempt to defeat auditing and detection schemes.
  • Attempt to defeat other security mechanisms (e.g. access controls).


  • Attempt to move to other network nodes (with appropriate permission).
  • Attempt to move to other networks (with appropriate permission).
  • Attempt to prove access to key data owned by the customer (detailed provided from NCSC’s Service Provision Guidelines).

Each scoping exercise is customised to our client’s individual requirements. Nettitude recognises the importance of getting scoping right, and consequently has a whole phase of their methodology dedicated to this exercise.

Nettitude’s Reports and Debrief Information

All of our testing services are led by industry recognised security consultants. During the debrief phase, Nettitude provides guidance on risk through both quantitative and qualitative reviews of vulnerability.

In addition, Nettitude provides risk treatment and remediation guidance on how to improve the environment. This dialogue includes information about topology and architecture as well as some of the emerging security technologies that are able to help secure an organisation’s information assets.

Nettitude has a range of sample reports that can be made available for customers interested in security testing services. These include documents that cover Infrastructure and web application testing all the way through to standalone client, server and remote desktop tests for organisations that are looking at Bring Your Own (BYO) computing strategies.