Skip to content Accessibility statement
🎉 Welcome to our new look website
We would love to know what you like about it and anything we can improve. Learn more about the redesign and share your feedback.

IT system security reviews

It’s vital to regularly check our IT systems for weak spots to make sure they can’t be exploited by cyber threats.

Security reviews help us improve our system management, help us pinpoint vulnerabilities and find solutions. Ultimately, they help us keep data safe and prevent unauthorised access.

We can arrange a thorough security review of any work-related IT system or software, developed internally or managed on-site. Reviews are carried out by our trusted security experts.

Key features

  • Expert advice: you’ll get guidance from experts on how to protect your systems and keep them safe.
  • Penetration (pen) testing: simulated attacks uncover vulnerabilities across a wide range of scenarios.
  • Code reviews: if you have software, the code will be checked in detail to find potential weaknesses.

Types of reviews available

Our external partners offer a range of penetration testing and security reviews against industry best practices. Reviews can be requested individually or as a combination.

Infrastructure 

  • External testing:
    Checks for vulnerabilities in your publicly accessible systems.
  • Internal testing:
    Examines your internal network for weaknesses.

Configuration

  • Cloud configuration review:
    Checks that your cloud setup meets NCSC cloud principles (ncsc.gov.uk) and industry best practices.
  • Device/host review:
    Checks that your system setups comply with security guidelines from CIS (cisecurity.org), NCSC (ncsc.gov.uk) and the vendor.

Application security 

Wireless security

  • Wireless assessments:
    Reviews your wireless network for security risks.
Available to staff

Staff can request this service.

Internal and third-party systems

Reviews can be requested for work-related systems, whether they're developed in-house or purchased via a third party.

Charges may apply

Security reviews for projects should be funded by your project budget. For non-projects, standard reviews are funded by the University, if there is budget available. Otherwise, charges may apply. Each review is subject to consultation and approval.  

Contact for support

If you're unsure what you need and would like to chat about your options, contact IT Services.

Service commitments

Your responsibilities and policies

The following policies apply to all IT services provided by the University.

Service performance

Availability

  • This service is provided by IT Services in affiliation with external partners.
  • The availability and scope of security reviews depend on our external partners. 

Standards

  • Our service performance and standards have been produced in consultation with our customers. We regularly monitor the delivery, performance and availability of facilities and services.
Feedback and complaints

We appreciate feedback as it helps us review and continually improve our service.