Not only did we provide successful penetration testing, Evalian now provides a full suite of services for Ningi and has an ongoing engagement with the financial management solutions company.

The Challenge

What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? We wanted to improve our security posture and regulatory compliance and knew that we needed a services provider across outsourced Data Protection Officer, to perform penetration testing and provide support with ISO 27001 and Cyber Essentials certification.

The need was then client accelerated – and we knew in order to work with particular clients and partners, we would have to act quickly on these areas.

How did you go about searching for the solution and services? Initially, our former CTO did some research and identified a few of the best penetration testing companies.

Please describe the reasons you decided to work with us.  The overall package was compelling, and the project methodology, estimated project duration, quote, and follow-up scoping conversation with an ISO consultant were very helpful.

Please describe the reasons you decided to work with us. We touched base with a couple of other companies. We knew we wanted a full suite of services, and spoke to a few other organisations who broke down the costs but we felt that Evalian’s offering was just more comprehensive.

There was also a way in which the information on the services was delivered which was more reassuring to us and more palatable. One of the other companies said, “let’s start with a light one for pen testing, and then do a heavier one later”. But Evalian came in and said right off the bat, with the sort of data we’re handling, we should go in with full testing and be more robust from day one. That just made more sense to us and gave us confidence.

The conversations felt very consultative and everyone seemed really genuine – the vibe I got from Evalian was that due to the size of their teams, they really care about their clients. With some of those bigger companies, there’s more distance between the end user and us. So it was, in effect, a big part to do with the closeness and type of relationship we’d get from the Evalian team.

Did you have any expectations going into the process? To be honest, I didn’t know what I was expecting – as we’d not had penetration testing before, but in reality, I wasn’t expecting the level of comprehensive feedback we got. The level of detail in the pen test reporting, and the type of support we got, I couldn’t speak highly enough. What has really surprised us, is how fast Evalian understood what we needed and the time it has taken to do the amount of work they have done with us.

What has also impressed me is how willing everyone in the Evalian team is to jump on a call on short notice, if I need any information to relay to a partner or client.

In terms of our DPO engagement, our Evalian consultant Emma is fantastic, I probably lean on her more than I should, but it’s a testament to how good she is at explaining everything and supporting us in the process.

For Cyber Essentials Plus, again it was a really straightforward process, the collection of information was good and our consultant was able to roll with the punches when there were a few bumps in the road initially.

We really liked Evalian’s forethought in giving us all the badges we needed for our site and collateral after certification, it was a very slick process and to top it off, we passed the first time which is apparently quite rare!

Solution

The scope

How did you find the scoping process – did you understand what it was you needed or did you need some guidance? We understood most of what was needed, between myself and our CTO. But Lauren, who was project managing the penetration test from the Evalian side, was fast in responding when I had questions and did a great job in clarifying anything during the scoping process.

Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? It was a smooth process throughout. Bearing in mind we had Cyber Essentials Plus going on at the same time, as well as our GDPR and data protection compliance. So with three concurrent services, it had the potential to become confusing and complex.

Evalian did a great job at keeping the services segmented, it was made clear to us throughout with the individual consultants from each separate team, so it wasn’t confusing at all.

The report

How did you find the pen test report, was it easy to understand/did you benefit from someone talking you through it / did you understand the issues and vulnerabilities that needed to be fixed? The penetration testing report was really comprehensive, I’m not a tech expert by any means but it was easily digestible and I was able to understand it. Our tech team were able to digest the report, break it down, make tickets, and create actions and didn’t need further meetings to go back for clarification which shows how effective the report was.

Impact

What impact has the results from working with us had on you/your team? Having gone on that journey from being a “scrappy start-up”, it’s really helped us with our business maturity. In a world today that relies so heavily on data, it really gives us, our partners and our clients, that extra vote of confidence.

Until someone rigorously tests your tech, no one really knows how secure it is, we can say we’ve got good engineers and good technological architecture, but having it fully tested, gives us that seal of approval that we’re doing things right, and shows we’re taking steps to stay ahead of vulnerabilities.

Other services. We have yet to fully start on our ISO 27001 standard. But what I asked for initially, was an ISO 27001 roadmap to give clients and partners a bit of reassurance. Evalian provided an effective, visual roadmap that was very clear. I’m not concerned about going through ISO, after engaging Evalian for other services and having such a positive experience across the board, I have complete confidence that we’ll get to where we want to be, with their support.

We love the velocity and trajectory of everything facilitated by Evalian’s help. We’re so stretched due to being a small team, but we’re a company that once we decide to do something, we like to be able to get it done properly the first time, and within a good timeframe.

Evalian has been so accommodating of this, and able to turn around the processes really quickly, we’ve not had to do anything, everything was arranged with ease and speed and has been taken care of behind the scenes. We look forward to continuing our relationship with the Evalian team as our business grows.