Vulnerability Management

Vulnerability Management

The Vulnerability assessment and information service helps detect and manage internal and external vulnerabilities within your IT estate, helping you to manage your security risks, compliance and quality. The service is available as a single supplier framework agreement through Khipu Networks.

About the service

JISC procured the Vulnerability Assessment Service on behalf of the UK education and research sector, awarding a single supplier framework agreement with Khipu Networks. Following a rigorous OJEU competitive tender process, Khipu were selected to provide the following services:

  1. Vulnerability assessment: Provides automated, predetermined security vulnerability assessments of your IT assets.
  2. Vulnerability management: Produces reports which verify IT assets against new vulnerabilities and provide measurable information on improved IT security.
  3. Vulnerability information: Keeps track of announcements, vulnerabilities and patches in your IT infrastructure.

Key features and benefits

Improved security

The service meets the highest security standards and is ISO9001 and ISO27001 certified. It helps your organisation to detect vulnerabilities such as Heartbleed and Shellshock.

Tailored service

The service is specifically tailored to meet the needs of the UK education and research sector and offers you the flexibility to scan your own networks and generate bespoke reports on known security vulnerabilities specific to your systems. These might include user owned devices and network enabled devices such as routers, printers, telephones and webcams.

Easy installation

This solution can be integrated into your organisation’s existing infrastructure easily, to significantly increase your broader security defences. Its service tools integrate well with other IT security functions and installations e.g. firewalls, ticket systems and SIEM.


The service automatically verifies whether your IT security policies are followed and implemented through compliance and secure configuration modelling. By identifying and resolving vulnerabilities on your network, the service helps your organisation reduce the risk of information security breaches and associated costs.

Saved purchasing time

Jisc selected Khipu Networks following a rigorous OJEU competitive tender process, saving you time and money so you don’t have to undertake your own procurement exercise.

Service packages

These services are combined into four different packages. The first three are provided as managed services and the fourth is a self-managed approach where Khipu Networks provide maintenance and support.

  1. PCI-DSS scan – Scanning of named public-facing IP addresses for PCI compliance with self-assessment or PCI-DSS ASV Cert through a centrally hosted solution
  2. External and URL scan – Scanning public-facing IP addresses and website URLS through a centrally hosted solution.
  3. Internal scan – Scanning of internal assets through a deployed device/ sensor or tunnelled connection.
  4. Supported appliance – Includes all other packages except PCI-DSS ASV using a deployed appliance supported by Khipu networks.

To discuss which of these four packages will best meet your organisation’s requirements for vulnerability assessment, management and information, contact Khipu now by email or call 0345 272 0900.