Free PDF download: Penetration Testing and ISO 27001 – Securing your ISMS

ISO 27001 states that you must identify information security risks within the scope of your ISMS (information security management system).

Penetration testing establishes whether the security in place to protect a network or application against external threats is adequate and functioning correctly.

The threats and vulnerabilities discovered will form a key input of your risk assessment, while the identified remedial action will inform your selection of controls.

This free green paper describes how penetration testing fits into an ISO 27001 ISMS project.


  • The three specific points at which penetration testing should be undertaken;
  • The importance of penetration testing to ISO 27001 risk assessments;
  • How penetration testing can demonstrate compliance with Annex A controls; and
  • Penetration testing’s use in the continual improvement of your ISMS.


SAVE 25%