It is aimed primarily at the public sector and the UK’s critical national infrastructure as well as providing support to other parts of the private sector.
The initiative supports the delivery of the UK Cyber Security Strategy and expands the UK’s cyber incident response capabilities through greater collaboration between the Government and industry. Context is certified by CESG/CPNI to help organisations notified of attacks or interested in getting advice about detection and mitigation. The scheme is designed to give access to specialist knowledge and expertise with a high level of trust and quality-assurance.Learn more about the CIR scheme
Context is a member of CREST, which was created in response to the need for regulated and professional security testers to serve the global information security marketplace. CREST’s main aim is to represent the information security testing industry and offer a demonstrable level of assurance as to the competency of organisations and individuals within those approved companies.
CREST is a standards-based organisation for penetration test suppliers incorporating a best practice technical certification programme for individual consultants. Additionally CREST provides its members with a framework of guidance including standards, methodologies and recommendations aimed at ensuring the very highest standards of leading-edge security testing.
Context is qualified to provide CREST Simulated Target Attack and Response (STAR) services.
The assessments or tests are primarily threat intelligence-led penetration tests and are considered to be the most realistic form of assurance service within the sector.
STAR assessments allow Context to identify weaknesses that go beyond the technical vulnerabilities typically found in a penetration test, and to assess an organisation’s overall capability to prevent, detect, and respond to a compromise.
Context is proud to be one of the first adopters of the CBEST scheme.
The Bank of England (BoE) developed CBEST as a framework to deliver controlled, bespoke, intelligence-led cyber security tests. These tests replicate the behaviours of those threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions. CBEST is the first initiative of its type to be led by any of the world’s central banks.
Context was one of the first CPA accredited labs under the 2013 CESG Commercial Product Assurance (CPA) scheme.
CPA is essentially a certificated accreditation process for
products to be used by government, public sector and any industries requiring
UK government accredited networks. CPA certification enables product vendors to
sell their products into government and public sector departments, the wider
public sector and associated industry for use in communications networks
requiring IS2 and IS3 accreditation.
Context is one of only three companies to be approved to provide consultancy and testing services for the CESG Tailored Assurance Service (CTAS). CTAS is designed to provide assurance for a wide range of Government, MOD, Critical National Infrastructure (CNI) and public sector organisations engaged in the procurement of IT systems, products and services. This could range from software, web applications and internal networks to mobile devices, cloud services and wireless systems.
The purpose of CTAS is to provide answers to specific assurance questions and concerns posed by the Accreditors, typically at the pre-deployment stage. These questions are addressed by a tailored evaluation performed by a CTAS Company and key results that may impact business are highlighted in an Assessment Statement produced by CESG.
Context is a subscriber to the CESG CHECK Scheme at Green level. The CESG CHECK Scheme is the foundation of a special partnership between the Government and Industry that allows third parties to conduct security tests on Government networks. The scheme sets standards for both the member company and the individual consultant to ensure that the Government client receives a test of the appropriate standard.
Whilst the Scheme was intended for Government use, the public sector
noticed the benefits of such a scheme and has often requested that any
would-be suppliers are CHECK approved. Obviously a Government led scheme
will not be absolutely ideal for the private sector and increasingly
the CREST scheme is being adopted as the private sector standard.
Context is an Approved Scanning Vendor (ASV) for the PCI Data Security Standard (PCI DSS). We supply scanning and penetration testing services to companies seeking compliance with the PCI DSS, which was developed by the members of the PCI Security Standards Council (including Visa, MasterCard, JCB, Discover Financial Services and American Express) with the aim of applying consistent data security measures to card payment accounts across the globe.
Context is accredited by the United Kingdom Accreditation Service (UKAS) for our London product test laboratory in accordance with ISO17025:2005, which is the general requirements for the competence of testing and calibration laboratories. Our accreditation supports our participation in the CESG Product Assurance (CPA) scheme for which we are one of only seven laboratories, moreover Context is one of the only laboratories equipped to provide assurance services for all published security characteristics.
ISO9001:2008: Context’s Quality Management System (QMS) is certified by BSI to the international standard ISO9001:2008. ISO9001 is a globally recognized standard for the quality management of businesses and is used by Context to measure the effectiveness of all business processes and procedures used to provide quality and consistency in all of our services and products. Our QMS is also used to ensure our products / services continually improve, remain appropriate and continue to meet our clients’ requirements. The scope of our QMS includes all places of business and our certification includes London, Cheltenham, Düsseldorf and Melbourne.
ISO27001:2013: Context is certified by BSI with ISO 27001 for both its UK offices, at London and Cheltenham as well as Dusseldorf. ISO27001:2013 is the only auditable, international standard used to specify the requirements of an Information Security Management System (ISMS). It is designed to ensure that companies or organizations select and deploy adequate and proportionate security controls. Its scope includes full assessment of existing security policies and procedures and the establishment of a process for continuous improvement of those policies and procedures.
The scope of our ISMS includes all places of business and our certification includes London, Cheltenham, Düsseldorf and Melbourne.
Context is approved as a certifying body for the Cyber Essentials Scheme. The scheme has been developed by Department for Business, Innovation & Skills (BIS) with support of CESG and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. Through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
Context is a member of FIRST - the global Forum for Incident Response and Security Teams.
Membership in FIRST is a mark of maturity for an incident response team demonstrating that Context has been assessed against their published criteria and vouched for by sponsors to exceed these.
FIRST aims to foster cooperation and coordination in incident prevention, to support rapid reaction and resolution of incidents, and to promote information sharing among members and the community at large.