All Collections
Quality Reporting & Compliance
Quality Reporting & Compliance

Intruder's high quality reports are perfect to meet compliance requirements and prove your current cyber security posture to prospects

Daniel Andrew avatar
Written by Daniel Andrew
Updated over a week ago

We know that security reports aren't consumed by security professionals and technical developers exclusively, it's possible you'll be wanting to share them with prospective customers or auditors too.
With that in mind, you'll find a high-level overview on the first page:

And a detailed inventory of all the issues, along with a description of the issue and appropriate remediation advice.

What make our reports so useful?

Our reports include a summary of the checks run, so the reader can clearly see what kind of security testing is in place.

How can this help with my compliance requirements?

Intruder doesn't conduct audits, but our reports can be used to support audits or security standards, where a proof of vulnerability scanning is required. Many of our clients use our reports for a range of standards, including but not limited to:

  • SOC2


  • ISO 27001/27002

  • Cyber Essentials

That said, we would always recommend checking with your auditor, to ensure that our reports satisfies their specific requirements.

It's also worth noting that we integrate with Drata, which can streamline and simplify your compliance process (if that's a concern or need).

What about a penetration test report?

The automated tool produces vulnerability scan reports; if you're after a pentest report, you may need to commission a manual penetration test - which is a bespoke service we offer on an ad-hoc basis to users with an active subscription.

If asked to provide a pentest report by a third party, we always recommend seeking clarification of requirements and expectations first. Reason being, we find that clients aren't always sure of what they need and so "a penetration test" is their default ask, when in actual fact a vulnerability report would suffice.

If they're unsure, you could always sign-up to the tool, run a scan and share the automated report with the third party. Alternatively, we have an article dedicated to explaining the difference between these two tests and another article which covers all the different plans and services we offer.

Did this answer your question?