Vulnerability Assessment - What is it and Who needs it?

A vulnerability assessment is a process of identifying existing weaknesses within your network. It can be host-based, network-based, wireless, application, or within your database. Hackers work on an economy of scale and finding a low hanging fruit is the holy grail for an attacker. An unpatched or legacy software on a network can be an open door to the entire organisation and it’s often easy to exploit. Because it's easy to scan and find these vulnerabilities, you must find these before the hackers exploit them and keep on top of your organisation's vulnerability management.

Who needs a Vulnerability Assessment?

Any organisation regardless of their size can benefit from this service but it's generally medium to large enterprises that will benefit the most from a Vulnerability Assessment.

💡Note: Cyber Essentials Plus scheme requires a vulnerability assessment as part of the certification process.

How often do you need a Vulnerability Assessment?

With any new feature or new tool may come to a security hole. By completing a regular assessment you can make sure that your network is protected. Whether it's monthly or quarterly depends on your board’s risk assessment.

What is the process of a Vulnerability Assessment?

The process starts with client engagement and understanding your concerns and requirements. We must first establish the client’s requirements at a higher level. We would discuss any compliance or insurance concerns and what communication is needed (making sure everything within the process is explained in plain English.)

The next step is to scope the assessment. At this stage, we would normally need to talk to your IT staff to scope the project and assess any required permissions. Once the scope is agreed upon we can then move on to the assessment.

During our vulnerability assessment, we are in regular contact and should anything critical be discovered we would work with you immediately to address any concerns. Our final report is delivered into two digestible sections.

Firstly, covering a high-level overview of findings designed to allow senior risk holders to understand the findings and the steps they need to take in order to address our findings. Our second section is a technical detail report, which covers the techniques used and the outcomes of certain techniques along with technical guidance going forward.

How long does a Vulnerability Assessment take?

This highly depends on the size and scope of the project. We’re able to confirm the duration after scoping the project with you.

Will a Vulnerability Assessment affect our normal business operations?

When scoping the project we analyze and plan to avoid any disruptions. We use weekends or evenings if necessary to avoid high traffic hours. There will not be any disruptions unless we advise you in advance and both parties are agreed on that.

💡Note: Outsourced IT management/contractors are not necessarily responsible for the infrastructure’s security. Our objectives and tooling are different, and we work hand in hand with IT specialists to address the security side of their operation.

Interested in learning more about Remote Vulnerability Assessments? Book a free consultation to discuss your needs today.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of Cyber Resilience Centre for Greater Manchester (CRCGM) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. CRCGM provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

CRCGM does not accept any responsibility for any loss which may arise from reliance on information or materials published on this website. CRCGM is not responsible for the content of external internet sites that link to this site or which are linked from it.


Cyber Resilience Centre GM, Manchester Technology Centre, Oxford Rd, Manchester, M1 7ED

0161 706 0940

Registered in England & Wales No.12309263.



  • LinkedIn
  • Twitter
Greater Manchester Logo Light.png

© 2021 - The Cyber Resilience Centre for Greater Manchester