METCLOUD Pen Testing is a penetration testing service that assesses the security of an organisation's IT systems by attempting to breach security controls using the same tools and techniques an adversary might use. The service follows a structured process: **Scoping:** The technical team defines the boundaries of the organisation's IT estate and determines the applicable types of testing to identify vulnerabilities. **Testing:** A technical point of contact is maintained on call during testing to address critical issues as they arise, such as network misconfigurations. The scope may be adjusted if additional systems are identified during testing. **Reporting:** A detailed report is produced documenting identified security issues, associated risk levels, recommended remediation methods, and improvements for internal vulnerability assessment processes. **Severity Rating:** Vulnerabilities are scored using the Common Vulnerability Scoring System (CVSS) to provide a numerical measure of risk, informing decisions on whether additional mitigating controls are required. **Follow-up:** The pen test report is reviewed by the organisation's vulnerability team, with pen testers providing recommendations for addressing newly detected vulnerabilities based on severity. The service is conducted by testers holding accreditations recognised by the NCSC, including CREST, Tiger Scheme, and CHECK.