CHECK Penetration Testing 

National Cyber Security Centre (NCSC)-assured penetration testing

Pen Test Partners is an NCSC-assured CHECK-accredited company, authorised to deliver penetration testing for public sector and CNI systems.  

CHECK exists because some environments need more than a standard penetration test. They need testing carried out by appropriately cleared, qualified testers, using an assured methodology, with reporting that meets the expectations of the National Cyber Security Centre. 

For government departments, public sector organisations, and operators of CNI, CHECK provides a trusted route to independent security assurance. 

What is CHECK penetration testing? 

CHECK is the NCSC’s assurance scheme for authorised penetration testing of public sector and CNI systems and networks.  

It gives buyers confidence that the company carrying out the work has been assessed by the NCSC, and that the testers involved meet defined professional standards and clearance requirements. 

A CHECK test is not just a vulnerability scan. It is a structured, manual security assessment carried out by approved professionals. The aim is to identify exploitable weaknesses, explain the real risk they create, and provide practical remediation advice that can be acted upon. 

CHECK Team Leaders must hold a UK Cyber Security Council Security Testing Title at Principal level or higher, while CHECK Team Members must hold the Practitioner level. Both must hold a minimum of SC clearance.  

When do you need CHECK? 

CHECK is most relevant where systems are sensitive, regulated, government-facing, or part of critical national infrastructure. We have outlined this in a handy blog post.

Central government 

Government departments often require CHECK testing for systems that process sensitive government information. CHECK gives assurance that the test is being carried out by a provider recognised by the NCSC. 

Wider public sector 

Local authorities, NHS bodies, arm’s-length bodies, and other public sector organisations may use CHECK where they need a higher level of confidence in the provider, methodology, and reporting. 

Critical National Infrastructure 

Operators in sectors such as energy, transport, water, communications, and finance may need CHECK testing where systems support nationally important services. 

Suppliers to government and CNI 

Private sector suppliers may also need CHECK testing when they provide systems, services, or infrastructure into government or critical national infrastructure environments. 

What CHECK gives you 

CHECK gives buyers a higher level of assurance around the people, process, and output of a penetration test. 

NCSC-assured delivery 

CHECK companies are approved by the NCSC to carry out authorised penetration tests under the scheme.  

Cleared and qualified testers 

CHECK testing is carried out by people who meet defined professional standards and hold the required security clearance for CHECK work.  

A recognised methodology 

CHECK engagements follow the NCSC’s scheme requirements, including expectations around scoping, testing, reporting, and professional conduct.

Actionable reporting 

The output should help technical teams understand what was found, why it matters, how it was evidenced, and what needs to be fixed. 

Independent assurance 

CHECK reports may be reviewed by the NCSC as part of its ongoing assurance of the scheme. This helps maintain consistency and quality across approved providers.  

Why choose us for CHECK? 

We understand complex environments 

CHECK work often involves more than standard enterprise infrastructure. Public sector and CNI environments can include legacy systems, operational technology, segmented networks, cloud platforms, secure environments, and strict availability requirements. 

Our testers are used to working in complex environments where security findings need to be technically accurate, operationally realistic, and clearly explained. 

We focus on real risk 

A good CHECK test should not leave you with a long list of scanner output. It should explain what can actually be exploited, what the impact would be, and what needs to happen next. 

We focus on evidence, context, and remediation. That means fewer vague findings and more useful outcomes. 

We work safely 

Testing sensitive systems requires care. We agree boundaries before testing starts, communicate clearly during the engagement, and escalate serious findings quickly. 

The aim is to give you meaningful assurance without creating unnecessary operational risk. 

We support remediation 

The value of a penetration test is not just in finding vulnerabilities. It is in helping you reduce risk. 

We provide practical remediation guidance and remain available to support your team after the report has been delivered. 

CHECK penetration testing services 

Our CHECK testing can cover: 

• Application penetration testing 
• External infrastructure testing 
• Internal infrastructure testing 
• Cloud environments 
• Build and configuration reviews 
• Remote access services 
• Segmentation and boundary testing 
• Operational technology and CNI environments 
• Retesting and remediation validation 

The exact scope will depend on your environment, classification, procurement route, and assurance requirements. 

Frequently asked questions