Cyber Incident Response (CIR) scheme
Context is one of five companies to be certified by NCSC's Cyber Incident Response (CIR) scheme to help UK organisations respond effectively to cyber security attacks. It is aimed primarily at the public sector and the UK’s critical national infrastructure as well as providing support to other parts of the private sector. The scheme is designed to give access to specialist knowledge and expertise with a high level of trust and quality-assurance.
Cyber Essentials scheme
Context is approved as a certifying body for the Cyber Essentials Scheme. The scheme has been developed by Department for Business, Innovation & Skills (BIS) with support of CESG and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. Through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
Context is a member of CREST, which was created in response to the need for regulated and professional security testers to serve the global information security marketplace. CREST is a standards-based organisation for penetration test suppliers incorporating a best practice technical certification programme for individual consultants. Additionally CREST provides its members with a framework of guidance including standards, methodologies and recommendations aimed at ensuring the very highest standards of leading-edge security testing.
Context is qualified to provide CREST Simulated Target Attack and Response (STAR) services. The assessments are primarily threat intelligence-led penetration tests and are considered to be the most realistic form of assurance service within the sector. STAR assessments allow Context to identify weaknesses that go beyond the technical vulnerabilities typically found in a penetration test, and to assess an organisation’s overall capability to prevent, detect, and respond to a compromise.
Bank of England's CBEST scheme
Context is proud to be one of the first adopters of the CBEST scheme. The Bank of England (BoE) developed CBEST as a framework to deliver controlled, bespoke, intelligence-led cyber security tests. These tests replicate the behaviours of those threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions. CBEST is the first initiative of its type to be led by any of the world’s central banks.
Context was one of the first CPA accredited labs under the 2013 CESG Commercial Product Assurance (CPA) scheme. CPA is essentially a certificated accreditation process for products to be used by government, public sector and any industries requiring UK government accredited networks. CPA certification enables product vendors to sell their products into government and public sector departments, the wider public sector and associated industry for use in communications networks requiring IS2 and IS3 accreditation.
Context is one of only three companies to be approved to provide consultancy and testing services for the CESG Tailored Assurance Service (CTAS). CTAS is designed to provide assurance for a wide range of Government, MOD, Critical National Infrastructure (CNI) and public sector organisations engaged in the procurement of IT systems, products and services. This could range from software, web applications and internal networks to mobile devices, cloud services and wireless systems. The purpose of CTAS is to provide answers to specific assurance questions and concerns posed by the Accreditors, typically at the pre-deployment stage. These questions are addressed by a tailored evaluation performed by a CTAS Company and key results that may impact business are highlighted in an Assessment Statement produced by CESG.
Context is a subscriber to the CESG CHECK Scheme at Green level. The CESG CHECK Scheme is the foundation of a special partnership between the Government and Industry that allows third parties to conduct security tests on Government networks. The scheme sets standards for both the member company and the individual consultant to ensure that the Government client receives a test of the appropriate standard. Whilst the Scheme was intended for Government use, the public sector noticed the benefits of such a scheme and has often requested that any would-be suppliers are CHECK approved. Obviously a Government led scheme will not be absolutely ideal for the private sector and increasingly the CREST scheme is being adopted as the private sector standard.
Context is a PCI Approved Scanning Vendor (PCI ASV) qualified to conduct external vulnerability scanning services to validate compliance with Requirement 11.2 of the Payment Card Industry Data Security Standard (PCI DSS), which outlines the need to run internal and external network vulnerability scans at least quarterly and after any significant change in the network.
PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers and all other entities that store, process or transmit cardholder data (CHD) and/or any sensitive authentication data (SAD).
Context is accredited by the United Kingdom Accreditation Service (UKAS) for our London product test laboratory in accordance with ISO17025:2005, which is the general requirements for the competence of testing and calibration laboratories. Our accreditation supports our participation in the CESG Product Assurance (CPA) scheme for which we are one of only seven laboratories, moreover Context is one of the only laboratories equipped to provide assurance services for all published security characteristics.
ISO9001:2015: Context’s Quality Management System (QMS) is certified by BSI to the international standard ISO9001:2015. ISO9001 is a globally recognized standard for the quality management of businesses and is used by Context to measure the effectiveness of all business processes and procedures used to provide quality and consistency in all of our services and products. Our QMS is also used to ensure our products / services continually improve, remain appropriate and continue to meet our clients’ requirements. The scope of our QMS includes all places of business and our certification includes London, Cheltenham, Bad Nauheim, Essen and Melbourne.
ISO27001:2013: ISO27001:2013 is an international standard used to specify the requirements of an Information Security Management System (ISMS). It is designed to ensure that companies or organizations select and deploy adequate and proportionate security controls. Its scope includes full assessment of existing security policies and procedures and the establishment of a process for continuous improvement of those policies and procedures. The scope of our ISMS includes all places of business and our certification includes London, Cheltenham, Bad Nauheim, Essen and Melbourne.
Context is a member of FIRST - the global Forum for Incident Response and Security Teams. Membership in FIRST is a mark of maturity for an incident response team demonstrating that Context has been assessed against their published criteria and vouched for by sponsors to exceed these. FIRST aims to foster cooperation and coordination in incident prevention, to support rapid reaction and resolution of incidents, and to promote information sharing among members and the community at large.
Certified Cyber Security Consultancy (CCSC) Scheme
Context’s Cyber Advisory Services has been accredited by CESG’s Certified Cyber Security Consultancy (CCSC) Scheme, for Audit & Review Services. Certified Cyber Security Consultancy gives customers independent, expert cyber security advice from a pool of certified professional service providers. Consultancies who become certified have proof that the services they deliver meet the NCSC's standard for high quality, tailored cyber security advice.