Services

Precision over breadth.

Three focused services, each delivering a specific security outcome.

01

Penetration Testing

Find your weaknesses before someone else does.

A penetration test is a controlled, authorised attempt to exploit vulnerabilities in your systems, applications, or networks — conducted to give you an accurate picture of what an attacker could realistically achieve. At PredX, our penetration tests follow established methodologies (OWASP, PTES, NIST SP 800-115) and are scoped carefully to match your objectives, your environment, and your risk appetite. We don't produce automated scan reports dressed up as penetration tests. Every engagement involves manual exploitation attempts, business-logic analysis, and findings that reflect the actual skill and persistence of a real adversary. Our reports deliver both technical detail for your engineers and an executive-level summary that supports informed board-level decisions.

What's Included

External network penetration testing
Internal network penetration testing
Web application penetration testing
API security testing
Social engineering assessment (on request)
Physical security review (on request)
Detailed technical findings report
Executive summary for leadership
Remediation guidance per finding
Post-remediation retest (one cycle)

Applicable Frameworks

ISO 27001 PCI-DSS SOC 2 NIST CSF OWASP Top 10

Delivery

Remote-first · On-site on request
02

Vulnerability Assessment

A full inventory of your exposure — systematically ranked.

A vulnerability assessment provides a systematic review of your infrastructure, applications, and configurations to identify, classify, and prioritise security weaknesses. Unlike a penetration test, the objective is breadth and completeness — building an accurate inventory of your entire attack surface and ranking exposure by exploitability and business impact. PredX combines automated scanning with manual validation to eliminate false positives and ensure every finding reflects a genuine risk. We apply CVSS scoring and contextualise findings against your specific environment, so your security team knows exactly what to fix first — and your leadership team understands the business-level exposure without needing to interpret raw scan output.

What's Included

Automated vulnerability scanning (authenticated & unauthenticated)
Manual validation of all critical and high findings
False positive elimination
CVSS-scored findings with business-context annotations
Risk-ranked remediation roadmap
Configuration review (OS hardening, cloud security posture)
Third-party dependency and open-source component analysis
Executive summary and technical report

Applicable Frameworks

ISO 27001 NIST CSF CIS Controls SOC 2 PCI-DSS

Delivery

Remote-first · On-site on request
03

ISO 27001 Gap Analysis

Know exactly where you stand before the auditors arrive.

ISO 27001 certification is increasingly a requirement — not merely a differentiator — in enterprise sales cycles, regulated sectors, and supply chain risk programmes. A gap analysis provides you with an objective assessment of your current information security management posture against the requirements of ISO/IEC 27001:2022, identifying where you're already compliant, where you have partial controls in place, and where genuine gaps exist that would constitute non-conformities in a formal audit. PredX conducts gap analyses as structured engagements: we review your documentation, interview key stakeholders, and assess your control environment against all Annex A controls. The output is a structured gap register with clear ownership assignments, effort estimates, and a prioritised remediation roadmap that takes you from your current state to audit-readiness.

What's Included

Full review against ISO/IEC 27001:2022 requirements
Annex A controls assessment (all 93 controls)
Documentation and policy review
Stakeholder interviews (key roles)
Gap register with severity ratings
Ownership and effort estimates per gap
Prioritised remediation roadmap
Executive briefing on audit-readiness timeline

Applicable Frameworks

ISO/IEC 27001:2022 ISO 27002 GDPR SOC 2 NIST CSF

Delivery

Remote-first · On-site on request

Ready to see your real exposure?

Start with a 30-minute discovery call. No obligation. No sales pitch.

Book a Discovery Call →