IT Health Check (ITHC)

Uncover vulnerabilities before attackers do and meet PSN compliance requirements with an IT Health Check.

CRESTCertified Testers

Dynamic Reporting Platform

Free Retest Included

What Is an IT Health Check?

An IT Health Check (ITHC) is a comprehensive security assessment designed to identify real-world vulnerabilities across your infrastructure, networks and applications. It simulates attacker behaviour to reveal risks that automated tools can’t catch, making it a key part of any serious security strategy.

For public sector organisations, an ITHC is also an annual mandatory requirement for connecting to the Public Services Network (PSN) – the UK government’s secure platform for sharing data and services. To maintain or gain PSN connectivity, organisations must undergo regular ITHCs conducted by accredited professionals, as outlined in the official UK government guidance.

Whether you’re a public body needing PSN compliance or a private enterprise seeking deeper assurance, our ITHC service provides the clarity and confidence you need.

What we test

We tailor our ITHC to your environment, combining proactive adversarial testing with depth and flexibility. All vulnerability findings are manually analysed and validated by an experienced tester to ensure accuracy, context and actionable recommendations.

Internal Assessment

Internal testing focuses on the systems, configurations and controls within your private network. It simulates what an attacker could access or exploit if they gained internal access.

At a minimum, our assessment includes:

  • Desktop & Server Configuration
    We review the security of desktop and server builds including services, permissions, and logging to ensure they follow hardening best practices.
  • Patch Management
    We check that operating systems, applications, and firmware are kept up to date to reduce exposure to known vulnerabilities.
  • Remote Access Configuration
    We assess the security of remote access solutions such as Virtual Private Networks (VPNs) and Remote Desktop Protocol (RDP) across both managed devices and Bring Your Own Device (BYOD) setups, ensuring that strong authentication and access controls are properly implemented
  • Mobile & Laptop Builds
    We verify that endpoints used for remote access are securely configured through covering encryption, screen lock policies and device management.
  • Internal Gateways (including PSN)
    We evaluate the configuration of internal security gateways, including PSN gateways, to confirm effective segmentation and traffic filtering.
  • Wireless Network Setup
    We test Wi-Fi networks for encryption strength, isolation of guest access and the potential for unauthorised access to internal systems.

These checks ensure your internal systems are securely configured and properly maintained to reduce the risk of lateral movement and internal compromise.

External Assessment

External testing focuses on systems that are exposed to the internet and could be targeted by attackers without internal access.

Our assessment includes:

  • Internet-Facing Systems
    We assess key services such as Web Servers, Email Infrastructure, Firewalls and perimeter devices. These are tested for vulnerabilities, misconfigurations and exposure that could allow unauthorised access into your organisation.
  • Remote Access Solutions
    We test systems that enable staff to connect remotely, including VPNs, virtual desktops and remote management portals, to ensure secure configuration and strong authentication.
  • Third-Party Connections
    If third-party suppliers connect to your systems from their own networks or offices, we assess the security of those access points as part of the external scope.

This helps ensure that any route into your environment whether public-facing, remote or supplier-based is secure, monitored and properly controlled.

Why Choose Heretek

Heretek blends practical attacker methodology with deep expertise and an approachable, transparent style.

  • CREST-Certified Expertise: Our team is composed of qualified professionals with recognised accreditations and deep technical expertise.
  • Purple Team Philosophy: We don’t just test and report, we collaborate. Our purple team approach bridges the gap between offensive (red team) insight and defensive (blue team) action, helping your internal teams learn, adapt, and improve through every engagement.
  • Independent & Client-Focused: We assess your systems impartially, guided only by your needs and risk profile.
  • Scalable & Flexible: Structured for compliance-driven public sector clients or fast-moving private enterprises alike.
  • Clear & Actionable Reporting: We provide precise, digestible findings and remediation recommendations – no generic output, no jargon.
  • Full Engagement Lifecycle: From scope to retest, we partner with you throughout the process to maximise assurance.

Process Overview

Scoping & Planning

We work with your team to define objectives, agree the scope and confirm technical access and timelines.

Testing

Our certified testers conduct structured manual and automated testing across the agreed attack surfaces.

Live Reporting

Findings are logged in our secure reporting portal as they’re identified, giving you real-time visibility throughout the assessment. At the end, you’ll receive a downloadable report tailored for internal review or compliance purposes. Each finding includes expert remediation guidance to help your team take effective action.

Wash-Up Call & Remediation Advice

Once testing is complete, we’ll host a dedicated wash-up call to review the results, clarify any issues and offer strategic advice to strengthen your security posture.

Free Retest

Our reporting portal allows you to monitor remediation progress in real time. Once fixes are in place, we perform a complimentary retest of the affected areas to confirm they’ve been successfully resolved.

Ready to Secure What Matters?

See your security through an attacker’s eyes then close the gaps before they strike.

Get in touch with Heretek today to get:

  • Industry-leading tools and proven methodologies

  • Comprehensive, actionable results

  • Cost effective and scalable solutions

are you ready to discover your hidden vulnerabilities?

Get in touch and let Heretek assess your systems before it’s too late.

You can’t fix what you don’t check so get in touch today.

  • Industry leading tools and methodologies

  • Comprehensive and detailed results

  • Cost effective and scalable