Cyber Incident Response (CIR) scheme
Context is one of five companies to be certified by NCSC's Cyber Incident Response (CIR) scheme to help UK organisations respond effectively to cyber security attacks. It is aimed primarily at the public sector and the UK’s critical national infrastructure as well as providing support to other parts of the private sector. The scheme is designed to give access to specialist knowledge and expertise with a high level of trust and quality-assurance.
Cyber Essentials scheme
Context is approved as a certifying body for the Cyber Essentials Scheme. The scheme has been developed by Department for Business, Innovation & Skills (BIS) with support of CESG and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. Through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
Context is a member of CREST, which was created in response to the need for regulated and professional security testers to serve the global information security marketplace. CREST is a standards-based organisation for penetration test suppliers incorporating a best practice technical certification programme for individual consultants. Additionally CREST provides its members with a framework of guidance including standards, methodologies and recommendations aimed at ensuring the very highest standards of leading-edge security testing.
Context is qualified to provide CREST Simulated Target Attack and Response (STAR) services. The assessments are primarily threat intelligence-led penetration tests and are considered to be the most realistic form of assurance service within the sector. STAR assessments allow Context to identify weaknesses that go beyond the technical vulnerabilities typically found in a penetration test, and to assess an organisation’s overall capability to prevent, detect, and respond to a compromise.
Context is furthermore CREST accredited for the supply of Simulated Targeted Attack (STAR) Threat Intelligence services.
Bank of England's CBEST scheme
Context is proud to be one of the first adopters of the CBEST scheme. The Bank of England (BoE) developed CBEST as a framework to deliver controlled, bespoke, intelligence-led cyber security tests. These tests replicate the behaviours of those threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions. CBEST is the first initiative of its type to be led by any of the world’s central banks.
Context is a subscriber to the CESG CHECK Scheme at Green level. The CESG CHECK Scheme is the foundation of a special partnership between the Government and Industry that allows third parties to conduct security tests on Government networks. The scheme sets standards for both the member company and the individual consultant to ensure that the Government client receives a test of the appropriate standard. Whilst the Scheme was intended for Government use, the public sector noticed the benefits of such a scheme and has often requested that any would-be suppliers are CHECK approved. Obviously a Government led scheme will not be absolutely ideal for the private sector and increasingly the CREST scheme is being adopted as the private sector standard.
ISO9001:2015: Context’s Quality Management System (QMS) is certified by BSI to the international standard ISO9001:2015. ISO9001 is a globally recognized standard for the quality management of businesses and is used by Context to measure the effectiveness of all business processes and procedures used to provide quality and consistency in all of our services and products. Our QMS is also used to ensure our products / services continually improve, remain appropriate and continue to meet our clients’ requirements. The scope of our QMS includes all places of business and our certification includes London, Cheltenham, Bad Nauheim, Essen and Melbourne.
ISO27001:2013: ISO27001:2013 is an international standard used to specify the requirements of an Information Security Management System (ISMS). It is designed to ensure that companies or organizations select and deploy adequate and proportionate security controls. Its scope includes full assessment of existing security policies and procedures and the establishment of a process for continuous improvement of those policies and procedures. The scope of our ISMS includes all places of business and our certification includes London, Cheltenham, Bad Nauheim, Essen and Melbourne.
Context is a member of FIRST - the global Forum for Incident Response and Security Teams. Membership in FIRST is a mark of maturity for an incident response team demonstrating that Context has been assessed against their published criteria and vouched for by sponsors to exceed these. FIRST aims to foster cooperation and coordination in incident prevention, to support rapid reaction and resolution of incidents, and to promote information sharing among members and the community at large.