The Penetration Testing Service License allows the following activities to be carried out.

• Determining the cyber security vulnerabilities of a computer or computer system, and demonstrating how such vulnerabilities may be exploited and taken advantage of.
• Determining or testing the organization's ability to identify and respond to cyber security incidents through simulation of attempts to penetrate the cyber security defenses of the computer or computer system.
• Identifying and quantifying the cyber security vulnerabilities of a computer or computer system, indicating vulnerabilities and providing appropriate mitigation procedures required to eliminate vulnerabilities or to reduce vulnerabilities to an acceptable level of risk.
• Utilizing social engineering to assess the level of vulnerability of an organization to cyber security threats.