Pentest Compliance Norms

Quality comprehensive pentesting, delivered to scale, and based on industry standardized norms. We utilize pentest norms customized to the client to ensure fast, secure, pentesting in line with compliance and security needs.  

Complete Compliance Frameworks

We use comprehensive pentest frameworks based on industry standards for compliance and security. You get fast, efficient pentesting with full oversight of what we’re testing and why, customized to meet your organization’s specific security and compliance needs. 

Need a TPM Statement or Compliance Report? PentestHero works with SafeHarbour to deliver a full compliance solution.  

OWASP 10

Top 10 Cybersecurity Vulnerabilities

The Open Web Application Security Project top 10 Pentest is essential to many compliance assessments and audits. Our OWASP Top 10 framework includes norms, pentest stages, and a vulnerability database.  

More information…

PCI-DSS

Online Payments Compliance

PCI-DSS Compliance requires a complete pentest as part of your audit. Our full PCI-DSS vulnerabilities and weaknesses database combines with stages and process to ensure your customers are protected.  

ISO27001

Information Security Management System

Our complete ISO27001 pentest framework delivers checklists, ISO norms, weaknesses, and a vulnerabilities database. You get complete oversight and personalization as we help you stay compliant with ISO27001.  

ISO27017

Information Security Management System for Cloud Systems

Our standards for Information Security management for Cloud Systems deliver everything you need to quickly deploy and start pentests, with complete ISO 27017 norms to set scope, define work, and ensure transparency. 

GDPR

General Data Privacy Regulation (EU)

Stay on top of GDPR compliance with regular pentesting. Our GDPR pentest framework is complete with norms, checklists, and a vulnerabilities database to speed up pentest setup and quality control, so you stay compliant.  

DigiD

DigiD Assessment (NL)

Meet DigiD obligations with PentestHero. Our DigiD framework is based on the Logius DigiD Standards Framework v2.1, with everything you need to quickly set up and launch your pentest for ANSIA compliance.  

More information…

NEN 7510

Information Security in Healthcare 

Maintain information security standards with pentests and vulnerability reporting designed for the NEN 7510, for Dutch healthcare organizations. Our NEN 7510 framework is based on the Code for Information Security.

HIPAA

Health Insurance Portability and Accountability Act (US)

Stay compliant with a fully scalable, customizable HIPAA pentest framework. PentestHero uses pentest norms and a vulnerabilities database scaled to your organization, to deliver fast, quality-assured HIPAA compliance.  

SOC-2

Service Organization Control 2

We use standardized benchmarks for security, processing integrity, confidentiality and data-privacy controls. Every assessment is scaled to your organization, and completed by scheduling your next bi-annual pentest.  

ISAE3402

Assurance Reports on Controls for Organizations

PentestHero delivers a full framework for ISAE3402 pentests, with norms for presentation, design and operating effectiveness of controls. We offer solutions for Type 1 and Type 2 reports, fully customized to your organization.

TPM Statement

Need a TPM Statement or Compliance Report? PentestHero works with our partner, SafeHarbour, to deliver a full compliance solution. A Third-Party Memorandum or compliance report is a statement by a third-party, assuring the quality of your pentest services provider. A TPM statement may be necessary to complete your DigiD, ISAE3402, ISO 27001, or ISO 27002 certification. Safeharbour delivers a complete certificate of quality assurance to meet all your compliance needs.  

Need Custom Pentesting? 

Our compliance norms allow us to deliver faster and more efficient service, where you can see our process upfront. At the same time, we’re happy to build a pentest to your organization’s needs. We’ll work with you to set scope, determine assessment standards, and set a timeline as part of the process.  

How secure is your organization?