2025

Scope of the 2025 Assessment

The 2025 penetration testing engagement included:

• Authenticated web application testing of the Self-Service application

• Unauthenticated web application testing of the Nano and Service Manager applications

• Assessment from the perspective of:

  • Unauthenticated internet users

  • Standard authenticated users

Testing was performed remotely across multiple phases between September and November 2025, in line with recognised penetration testing methodologies .

Assessment Outcomes

The independent assessment provided:

• An objective evaluation of application security strengths and weaknesses

• A prioritised list of identified findings

• Practical remediation guidance aligned with security best practices

All identified findings were reviewed and addressed promptly. At the conclusion of the assessment and retesting cycle:

• No critical, high, or medium-severity findings remained

• One low-severity finding and two informational items were recorded

• The overall final severity rating was assessed as Low

These results demonstrate the effectiveness of our secure development practices and our commitment to timely remediation.