Merge pull request #60 from ministryofjustice/update-security-page

Update to the Secuirty Page.

source/documentation/how-we-handle-security.html.md.erb

@@ -55,9 +55,10 @@ MOJ forms is hosted in MOJ's strategic hosting environment [Cloud Platform](http
 
 **Threat Model** - The team runs threat modelling exercises  either over the whole platform or for a distinct feature and the parts of the platform it interacts with.
 
-**ITSHC** - The platform was tested in 2021 (using the legacy editor and runner), since then ITSHCs are not available through central funding and discussion is ongoing that a more continuous testing based approach is used. Luckily, MOJ Forms does have good coverage for testing in its deployment pipeline and these are being improved as part of the platform improvements.
+**ITSHC** - The platform was formally tested in 2021 (using the legacy editor and runner), since then ITSHCs are not available through central funding with the view that more continuous testing based approach is used. 
+MOJ Forms does have good coverage for testing in its deployment pipeline and routinely (at least quarterly or during a feature development cycle) tested using tools provided by cyber. 
 
-> Security tooling used include Brakeman, CodeQL and OWASP ZAP after a feature release
+> Security tooling used include Brakeman, CodeQL, Cymulate and OWASP ZAP