The ISO 27001 standard is used as a framework to ensure that a company’s Information Security Management System (ISMS), is safe, robust and secure.
As part of this standard, ISO 27001 objectives states that ‘Information about technical vulnerabilities of information systems being used must be obtained in a timely fashion, the organisations exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.‘
To satisfy this objective, a penetration test should be carried out to identify vulnerabilities in environments within the ISO 27001 scope.