Cyber security assessment

Evaluate, analyse and improve your cyber security – to meet audit and compliance needs.

You are under increasing pressure to demonstrate the effectiveness of your cyber security - partners and funding bodies, for example, may want to see cyber security assessment reports, while internally you are keen to do all you can to mitigate risks.

That’s why we offer the cyber security assessment service: a tailored, cost-effective process to help you meet audit and compliance needs.

The service helps you to evaluate, analyse and improve your security posture, on a one-off or ongoing basis, according to your needs.

All work is carried out by our in-house cyber security experts ­– who are experienced, trained and certified.

And because it’s a tailored service, we are able to scope the work to your exact requirements. That makes it cost-effective for you.

How does the cyber security assessment help me?

This service helps you to:

Evaluate your readiness against real-world attacks

As part of the service, we assess how vulnerable you are to cyber attacks. The evaluation has two elements:

  • A vulnerability assessment analyses your network for known issues ­–­ ­giving consistent, repeatable data on security holes and information on weaknesses. The assessment takes the form of a series of tailored, tests for misconfigurations, security patches and cryptographic flaws – which we also confirm by manual analysis.
  • A configuration analysis audits the security controls you already have in place – against, for example, known best practices or standards.

Analyse the cyber security risks you face

Armed with data from your vulnerability assessment and configuration analysis, we prioritise security issues according to risk – allowing you to focus your efforts on areas critical to you.

This risk analysis helps you understand the potential impacts to your organisation – and the range of approaches you could take to remain resistant to cyber attacks.

Take steps to harden your security

Using information from these assessments and analysis, we propose ways to secure your network – such as configuration improvements, processes and security controls – to help you make informed decisions on what to do next.

We can also let you know about areas of residual business risk that you may wish to mitigate, including legal or insurance issues.

Improve your posture on a regular basis

Because this is a repeatable process, we can conduct regular assessments – for example, on a yearly basis – helping you show how your security improves progressively against a baseline.

Regular assessment will also catch any new flaws in security, for example from new services or lapsed testing.

Why Jisc?

  • We offer a very competitive member-only rate compared to commercial equivalents 
  • Our expertise lies in testing and analysing the systems and infrastructure unique to our members in education and research
  • We feed back our threat findings to the sector, for the benefit of the whole community
  • In collaboration with the SOC and CSIRT teams who manage security across the Janet network, our sector specific threat intelligence is always current and industry leading
  • We understand the security challenges facing education and research, from the annual influx of new students, to networks across different campuses, devolved IT departments and legacy systems and software
  • Our security experts can offer workshops as part of an engagement to upskill your internal staff and enhance your testing and security capability for the future

Case study: Northern Ireland High-Performance Computing (NI-HPC) Centre

With cyber security incidents globally increasing in frequency and severity, Queen’s University Belfast had already done a lot to bolster security. But HPCs continue to be a particularly high-risk target and staff at the NI-HPC Centre wanted to do a deep dive focused specifically on the centre’s security posture. Find out how Queen's benefitted from our cyber security assessment service.

Read the full case study (pdf).

Member story: Coleg Y Cymoedd

Find out how taking part in a cyber security assessment highlighted the pressures Coleg Y Cymoedd's IT team were under and identified areas for improvement. At a senior leadership level, cyber security is now firmly on the agenda and the CSA has helped to inform their strategic plan.

Now, with a comprehensive plan in place, the team are upskilling and educating learners and staff at all levels across the college about the importance of effective cyber security.

Read the full story.

Support and advice

As part of this service, we can also offer support and advice for the following, related services:

  • Cyber security essentials, our service for organisations who need a cyber essentials certificate

Get started with cyber security assessment

To find out more, contact your relationship manager or email


This service is available to all Janet Network-connected institutions.

Use of this service is subject to adherence to the:

How to buy

Jisc have been appointed as an approved supplier on the Crown Commercial Services dynamic purchasing system (DPS). The benefit for our members in purchasing through the DPS is that it allows public sector buyers to procure an extensive variety of cyber security services from a range of pre-qualified suppliers.

Visit the Crown Commercial Service (CCS) website for more information. The ‘how to buy’ section gives full details for registering as a buyer and navigating through the process.

NB: The Jisc cyber security assessment service is not listed on the NCSC approved list as we are CREST accredited for our penetration testing service, a key component for a cyber security assessment.

The CCS run regular webinars for customers explaining what and how to buy from the new cyber security DPS. See upcoming webinar sessions.

Service level description


Please ensure your organisation understands and adheres to the security policy.

Hours of service

The service is available during the business day.

The business day is defined as Monday to Friday. It excludes 24-31 December, all English public holidays and also the Tuesday following the August public holiday.

Service description

A service providing organisations with a cyber security assessment.

Your responsibilities

You are responsible on an ongoing basis for:

  • Ensuring that Jisc has up to date contact details of a suitable representative from within your organisation and any changes in responsibility promptly notified
  • Ensuring the list of authorised users is maintained where automated testing is employed.


Charges will be determined during the discussions of the requirements between you and Jisc.

Request for service

Request this service by contacting the service desk on tel: 0300 300 2212 or via email:

Service delivery time

You will be contacted to discuss requirements within three business days of receipt of a request for assistance.

Terms and conditions

Please ensure your organisation understands and adheres to the terms and conditions.


If you are experiencing an issue with the service, and wish to escalate the issue please contact us via the service desk on tel: 0300 300 2212 or via email:

Cyber Essentials drop-in clinic

If you're working towards Cyber Essentials or Cyber Essentials Plus at your UK organisation or would benefit from further guidance, join one of our free online sessions: cyber essentials drop-in clinic.

ISO certification

This service is included within the scope of our ISO9001 and ISO27001 certificates.

Read more about International Organisation for Standardisation (ISO) standards and view Jisc certificates.

ISO 9001-2015 UKAS logo

ISO/IEC 27001 UKAS logo