Back to Top

CHECK IT Health Check

A CESG-approved IT Health Check supports the HMG Security Policy Framework (SPF) mandatory requirement 8, which specifies that all ICT systems that handle, store and process protectively marked information should undergo a formal risk assessment to identify and understand technical risks.

CHECK IT Health Checks are for UK HMG departments handling protectively marked material. They may encompass all of the other types of testing that you will find described on this site, including infrastructure testing, application testing, and laptop security reviews as required by your project.

Note: If your project is not handling protectively marked material, it may be that testing does not need to be under the CHECK scheme.

The CHECK Scheme is run by the UK HMG department CESG. Companies in the scheme are permitted to work on systems processing protectively marked information up to CONFIDENTIAL (SECRET with specific CESG approval.)

Testing under the auspices of CHECK is generally onsite work at client premises. It involves exploring the weaknesses in the design, implementation and configuration of networks, servers and applications. Tests are designed to identify any weaknesses utilising publicly known vulnerabilities and common configuration faults.

A CHECK ITHC may encompass all of the other types of testing that you will find described on this site, including infrastructure testing, application testing, and laptop security reviews. You can read about these specific types of testing elsewhere on the site.

Following the ITHC testing a report will be produced detailing all identified vulnerabilities with associated risk ratings alongside recommendations aimed at reducing or removing risks. Optionally an ITHC may include a follow-up retest of identified issues to validate that any remedial action has been effective.