0% found this document useful (0 votes)

2K views368 pages

Empanel Org 2021

This document lists 33 organizations that are empaneled by CERT-In (India's computer emergency response team) to conduct information security audits. Each organization is listed with their contact details including address, phone number, website, and primary contact person and their email. The list is maintained and updated by CERT-In as organizations are added or removed from the empaneled list.

Uploaded by

Harish Hash

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

2K views368 pages

Empanel Org 2021

Uploaded by

Harish Hash

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 368

EMPANELLED INFORMATION SECURITY AUDITING ORGANISATIONS by CERT-In

The List of IT Security Auditing Orgnisations, as given below, is up-to-date valid list of CERT-In
Empanelled Information Security Auditing Orgnisations. This list is updated by us as soon as there is
any change in it.

1. M/s AAA Technologies Ltd

278-280, F-Wing, Solaris-1,

Saki Vihar Road, Opp. L&T Gate No. 6,
Powai, Andheri (East),
Mumbai – 400072.
Website URL : http://www.aaatechnologies.co.in
Ph : 022-28573815 / 16
Fax: 022-40152501
Contact Person : Mr. Anjay Agarwal, Chairman & Managing Director
Mobile : +91 09322265876, 9821087283
E-mail : anjay[at]aaatechnologies.co.in

2. M/s AKS Information Technology Services Pvt Ltd

B-21, Sector-59, Noida - 201309 (Uttar Pradesh)
Website URL: https://www.aksitservices.co.in/
Ph: 0120-4545911
TeleFax : 0120-4243669
Contact Person : Mr. Ashish Kumar Saxena, Managing Director
Mobile : +91-7290058951
E-mail : info.cert[at]aksitservices.co.in

3. M/s AQM Technologies Pvt Ltd.

A 401, Raheja Plaza, LBS Road, Nityanand Nagar, Ghatkopar West,
Mumbai, Maharashtra 400086.
INDIA
Phone number :022 4050 8200
Fax: -
Contact Person: Mr. Sanjay PARIKH
E-mail:sanjay.parikh[at]aqmtechnologies.com
Contact No : +91-8291858027 / 022-40508262

4. M/s Allied Boston Consultants India Pvt. Ltd.

2205, Express Trade Towers-2, B-36, Sector 132,
Noida Expressway, Noida 201301 (U.P.)
Ph : 9891555625, 0120-4113529
Fax: 0120-4113528
Contact Person : Mr. T. Ganguly
E-mail : itsec[at]alliedboston.com

5. M/s A3S Tech & Company

A/95, Kamla Nagar, Delhi-110007

Ph : 9810899624
Fax: 23933429
Contact Person : Sagar Gupta
E-mail :sagar[at]a3stech.co.in
6. M/s Andhra Pradesh Technology Services Ltd
(Govt. of AP Undertaking)

3rd Floor, R&B Building, MG Road, Labbipet,

Vijayawada, Andhra Pradesh 520010
URL: https://www.apts.gov.in/
Land line Phone : 08662468105;
Mobile phone : 9440469194
Fax : N/A
Contact Person : Dr. G Jacob Victor, Executive Director
E-mail : mgr-apcsp-apts[at]ap[dot]gov[dot]in
Alternate Email ID : VictorJacob[dot]G[at]gov[dot]in

7. M/s ANB Solutions Private Limited

901,Kamla Executive Park, Off Andheri-Kurla Road,

J. B. Nagar, Andheri East, Mumbai 400 059
Ph :+91 (22) 4221 5300
Fax:+91 (22) 4221 5303
Contact Person :Preeti Raut
E-mail :preeti.kothari[at]anbglobal.com

8. M/s AGC Networks Limited

Essar House, 11, K. K. Marg, Mahalaxmi,

Mumbai-400034, Maharashtra, India
Ph : +91-9930134826, Landline: +91 022 66601100
Fax:
Contact Person : Mr. Anant N. Bhat
E-mail : anant.bhat[at]agcnetworks.com

9. M/s Accenture Solutions Pvt. Ltd.

Accenture BDC7C, Piritech Park (SEZ), Phase 1,
RMZ Ecospace Internal Rd, Adarsh Palm Retreat, Bellandur,
Bengaluru, Karnataka 560047, India
Ph : 9916011888
Fax:
Contact Person : Prasanna Ramasamy
E-mail : Prasanna.ramasamy[at]accenture.com

10. M/s Amigosec Consulting Private Limited

401, Shatrunjay, Divecha Complex, Edulji Road, Charai,

Thane(w), Maharashtra - 400601
Ph : +91 9819080470
Fax: NA
Contact Person : Mr. Ashish Rao
E-mail : ashish.p.rao[at]synradar.com

11. M/s ANZEN TECHNOLOGIES PVT. LTD.

A-429, Second Floor, A-Wing, Vashi Plaza, Sector 17,

Vashi, Navi Mumbai, 400703
Ph : 09821775814
Fax: NA
Contact Person : Ramesh Tendulkar
E-mail :rtendulkar[at]anzentech.com
12. M/s Attra Infotech Pvt. Ltd
No. 23 & 24, 2nd Floor, AMR Tech Park II,
Hongasandra, Bengaluru – 560068
Ph : 91 80 4197 0900
Fax:
Contact Person :
• Riaz Kakroo - Global Head – Corporate Infosec
riaz.kakroo[at]attra.com.au
9686579832
• Santosh Lohani – Head of practice (cybersecurity)
Santosh.lohani[at]attra.com.au
9741399220

13. M/s Aujas Cybersecurity Limited

#595, 4th Floor, 15th Cross, 24th Main Rd, 1st Phase,
J. P. Nagar, Bengaluru, Karnataka 560078
Ph: +91 9980238005
Fax: NA
Contact Person: Jaykishan Nirmal
E-mail: Jaykishan.Nirmal[at]aujas.com

14. M/s AURISEG CONSULTING PRIVATE LIMITED

NO 666/81, MAVEERAN DURAISWAMY STREET,
POONGA NAGAR, THIRUVALLUR
Ph :+91 99408 64275
landline Phone Number : +91 44 42017437
Fax: NA
Contact Person : M.S SRINIVASAN - DIRECTOR -CONSULTING PRACTICE
E-mail : SRINI.MANI[at]AURISEG.COM

15. M/s BHARAT ELECTRONICS LIMITED

Office of the GM/Software,
BEL Software SBU
Bharat Electronics Limited
Jalahalli, Bengaluru - 560013
Karnataka
Ph :080-22197197, or 080-28383120
Fax:080-28380100
Contact Person : Mr. Ramesh Prabuu V, DGM (Software Marketing), BEL/SW
E-mail : ITSecurityAuditTeam[at]bel.co.in
Mobile : +91 9945193542
Ph : 080-22195714

16. M/s Bharti Airtel Service Limited

Plot# 16, Udyog Vihar-Phase-IV

Sector 18, Gurgaon-122016
Ph : +91-9987891999
Fax:
Contact Person : Amit Chaudhary
E-mail : amit.chaudhary[at]airtel[dot]com
17. M/s BDO India LLP

The Ruby, Level 9, North West Wing, 29, Senapati Bapat Marg,
Dadar West, Mumbai, 400028.
Ph : +91 022 62771600
Fax:+91 022 62771600
Contact Person : Mr. Ashish Gangrade / Mr. Nipun Jaswal
E-mail : AshishGangrade[at]bdo.in / nipunjaswal[at]bdo.in

18. M/s Centre for Development of Advanced Computing (C - DAC)

Plot No. 6 & 7, Hardware Park,
Sy No. 1/1, Srisailam Highway,
Pahadi Shareef Via Keshavagiri (Post), Hyderabad - 501510
Ph : +919441233972, +917382303598
Fax: NA
Contact Person : Ch A S Murty
E-mail : cswan[at]cdac.in, chasmurty[at]cdac.in

19. M/s Crossbow Labs LLP

Unit 406, Brigade IRV Center, Nallurhalli,
Whitefield, Bangalore
Karnataka 560066,
India
Ph : +91 80 470 91427
Fax:No Fax
Contact Person : Mr. Rosan Thomas
E-mail :cert[at]crossbowlabs.com

20. M/s CyberQ Consulting Pvt Ltd.

J-1917, Chittaranjan Park, New Delhi - 110019
Ph : 7982895613/7042081393
Fax:NA
Contact Person : Mr. Debopriyo Kar / Mr. Rajiv Malhotra
E-mail :debopriyo.kar[at]cyberqindia.com
shikha.yadav[at]cyberqindia.com
ankita.chatterjee[at]cyberqindia.com

21. M/s CyRAAC Services Private Limited

2nd Floor, Napa Prime, 7/24, 11th Main Road,
4th Block East, Jayanagar,
Bengaluru - 560011
Ph : +919886210050
Fax:
Contact Person : Mr. Murari Shanker
E-mail : ms[at]cyraacs.com

22. M/s Codec Networks Pvt Ltd

B-136, Surajmal Vihar, Delhi 110092

Ph : +91 9971676124, +91 9911738718
Fax: N.A
Contact Person : Mr. Piyush Mittal
E-mail : amittal[at]codecnetworks[dot]com; piyush[at]codecnetworks[dot]com
23. M/s Cyber Security Works Pvt. Ltd.

No.6, 3rd Floor, A-Block, IITM Research Park

Taramani, Chennai – 600 113
Ph : +91-44-42089337
Fax: NA
Contact Person : Mr. Ram Swaroop M
E-mail : ram[at]cybersecurityworks.com

24. M/s CEREIV Advisory LLP

Chembakam Building, Koratty Infopark, Thrissur Dt, Kerala - 680 308

Ph : 9745767949
Fax: -
Contact Person : Mridul Menon
E-mail : mridul[at]cereiv.com

25. M/s ControlCase International Pvt. Ltd.

Corporate Center, Level 3, Andheri-Kurla Road, Marol,

Andheri (East), Mumbai 400059, Maharashtra.
Ph :+91 22 6647 1800
Fax: +91 22 6647 1810
Contact Person : Mr. Satya Rane
E-mail : certinaudit[at]controlcase.com

26. M/s CyberSRC Consultancy LLP

Unit no 605, 6th floor, World Trade Tower,

Sector 16 Noida - Uttar Pradesh 201301
Ph :+91 8800377255, +91 120 4160448
Fax: NA
Contact Person : Vikram Taneja, CEO
E-mail :vikram[at]cybersrcc.com , info[at]cybersrcc.com

27. M/s Dr CBS Cyber Security Services LLP

113, Suraj Nagar East, Civil Lines, Jaipur, Rajasthan-302006

Ph : 0141-2229475, +91- 9414035622, 9828877777
Fax:
Contact Person : Dr C B Sharma IPS Retd.
E-mail : contact[at]drcbscyber.com, drcbscyber[at]gmail.com

28. M/s Deloitte Touche Tohmatsu India LLP

7th Floor, Building 10, Tower B, DLF Cyber City Complex,
DLF City Phase II, Gurgaon, Haryana, India
Ph : +91 9811663776
Fax: 0124-6792012
Contact Person : Mr. Gautam Kapoor
E-mail : gkapoor[at]deloitte.com

29. M/s Deccan Infotech (P) Ltd.

13, Jakkasandra block. 7th cross.

Koramangala. Bengaluru - 560034
Ph : 080 - 2553 0819
Fax: ---
Contact Person : Mr. Dilip Hariharan
E-mail : dilip[at]deccaninfotech.in
30. M/s eSec Forte Technologies Pvt. Ltd.

Postal address:311, Jwala Mill Road, Udyog Vihar - Phase 4,

Gurugram, Haryana, 122015, India
Ph : +91 9871699555
Fax: +91 0124 4264666
Contact Person : Kunal Bajaj
E-mail : kunal[at]esecforte.com

31. M/s Ernst & Young LLP

14th Floor, The Ruby 29, Senapati Bapat Marg Dadar (West)
Mumbai, Maharashtra – 400028
Phone: 022-61920000
Mobile: 9971797544
Fax: NA
Contact Person : Mr. Venkatesh Kulkarni, Associate Partner – Consulting
E-mail : venkatesh.kulkarni [at]in.ey.com

32. M/s ESSENTIAL INFOSEC PRIVATE LIMITED

Corporate address (Mailing Address):

1st Floor, Plot No. 16, Near SBI BANK Behind Sultanpur Metro Station, New Delhi 110030
Registered Address:
Flat No. 304, Plot No. 2, Shivam Palace, Mamdapur-Neral, Tal. Karjat, Dist. Raigad,
Raigarh MH 410101
Ph: 011 4065 6797
Mob: +91 79855 34793
Fax:
Contact Person: Pawan Srivastav, Director
E-mail: cert[at]essentialinfosec.com

33. M/s FIS Global Business Solutions India Pvt. Ltd.

402, I Park, Plot No. 15, Phase IV, Gurugram, Haryana 122016
Ph : +919811865050
Contact Person : Karthick Perumal
E-mail : Karthick.Perumal[at]fisglobal.com

34. M/s GRM Technologies Private Limited

Postal address: Corporate address:No-9, 2nd floor Shoba Homes, West Tambaram, Chennai-
600045,India.
Registered office address: 2/127,Mani Sethupattu, Sriperumbudur Taluk, Kancheepuram
District, Tamil Nadu-601 301, India.
Ph :+91-9042000525, +91-44-22261489, +91-94873 88551
Fax:NA
Contact Person : Mr. Babu G / Mr. Ashok Kumar
E-mail : babug[at]grmtechnologies.com/ashok[at]grmtechnologies.com

35. M/s Grant Thornton India LLP

L 41, Connaught Circus, Outer Circle,
New Delhi. PIN - 110 001
Ph : 0124-4628000 (Ext. 277)
Fax: +91 124 462 8001
Contact Person : Mr. Akshay Garkel, Partner Cyber
Mobile: +91 9820208515
E-mail : Akshay.Garkel[at]IN.GT.COM and cyber[at]IN.GT.COM
36. M/s G.D.Apte & Co.
GDA House, Plot No. 85, Right Bhusari Colony,
Paud road, Pune 411038
Ph : 020 6680 7200
Fax: 020 2528 0275
Contact Person : Prakash P. Kulkarni
E-mail : prakash.kulkarni[at]gdaca.com

37. M/s HackIT Technology And Advisory Services

64/2453, 2nd Floor,
JVC Tower, Kaloor-Kadavanthara Road
Kaloor PO, Cochin, Kerala, India
PIN - 682 017
Ph : (+91) 484 4044 234
Fax: NA
Contact Person: Akash Joseph Thomas
E-mail: akash[at]hackit.co

38. M/s Hewlett Packard Enterprise India Pvt Ltd.

#24, Salarpuria Arena, Hosur Main Road, Adugodi, Bangalore-560030, India

Ph : 9945611299
Fax:NA
Contact Person : Malligarjunan Easwaran
Swamy Patil
Suhas Nayak
E-mail : malligarjunan.e[at]hpe.com
swamy.patil[at]hpe.com
suhas.nayak[at]hpe.com

39. M/s ITORIZIN TECHNOLOGY SOLUTIONS PVT LTD

8/14, SHAHID NAGAR, GROUND FLOOR. WING “A”.

KOLKATA – 700078. West Bengal, India
Ph : 9883019472
Fax: NIL
Contact Person : Sangeeta Ganguly
E-mail : g.sangeeta[at]itorizin[dot]in / connect[at]itorizin[dot]in

40. M/s Information Security Management Office (ISMO)

Department of Information Technology, Electronics & Communication, Haryana,

SCO 109-110, First Floor, Sector-17-B, Chandigarh – 160017

Ph : +91 7042824602, +91 9417362127
Fax: N/A
Contact Person : Sh. Sudipta Choudhury and Sh. Amit Kumar Beniwal
E-mail : sudipta.ditech[at]hry.gov.in, amit.beniwal[at]haryanaismo.gov.in

41. M/s Innovador Infotech Private Limited

1128, Ahmamau, Beside Lucknow Treat Restaurant,
Near Sultanpur Road Roundabout, Shaheed Path,
Arjunganj, Lucknow- 226002 (Uttar Pradesh)
Ph : +91-8896605755
Fax: NA
Contact Person : Rahul Mishra
E-mail : rahul[at]innovadorinfotech.com
42. M/s ISECURION Technology & Consulting PVT LTD
2nd floor, #670, 6th Main Road, RBI Layout, J.P. Nagar 7th Phase, opp. Elita Promenade,
Bengaluru, Karnataka 560078
Ph : 8861201570
Fax:
Contact Person : Manjunath NG
E-mail : manjunath[at]isecurion.com

43. M/s KPMG Assurance and Consulting Services LLP

DLF Building No. 10, 8th Floor, Tower C,
DLF Cyber City, Phase 2,
Gurgaon, Haryana-122002
Ph : +91 9810081050
Fax: +91 124 254 9101
Contact Person : Mr. Atul Gupta (Partner, Cyber Security)
E-mail : atulgupta[at]kpmg.com

44. M/s Kochar Consultants Private Limited

302, Swapnabhoomi A Wing,

S.K. Bole Road, Nr Portuguese Church,
Dadar (W), Mumbai 400028.
Ph : 24229490 / 24379537 / 9819846198 / 9869402694
Fax: 24378212
Contact Person : Mr. Pranay Kochar
E-mail : pranay[at]kocharconsultants.com

45. M/s KRATIKAL TECH PRIVATE LIMITED

A-130, SECOND FLOOR, SECTOR 63, NOIDA - 201301
Ph : 7042292081, 9651506036
Fax: N/A
Contact Person : PAVAN KUMAR
E-mail :PAVAN[at]KRATIKAL.COM

46. M/s MapleCloud Technologies

B4/102-C, Keshavpuram, Delhi - 110035
Ph : +91-9739995151 / +91-8178803636
Fax:
Contact Person : Yogendra Rajput
E-mail : yogendra.rajput[at]maplecloudtechnologies.com
: yogendra.rajput[at]mcts.in

47. M/s MOBITRAIL

Office No 205, Triumph Estate, Near Express Zone, Goregaon East, Mumbai 400063
Phone No: +91 9867386146
Fax: 022-28782751
Contact Person: Vikas Kedia
E-mail: [email protected]

48. M/s Mahindra Special Services Group

(Division of Mahindra Defence Systems Limited)
Mahindra Towers, P.K Kurne Chowk,
Dr. G.M Bhosale Marg, Worli,
Mumbai - 400018, India
Ph: +91 8652848222
Fax: NA
Contact Person: Mr. Chandrasekhar Konangi
E-mail : chandrasekhar.konangi[at]mahindrassg.com
49. M/s Maverick Quality Advisory Services Private Limited
123 RADHEY SHYAM PARK P.O SAHIBABAD
Ghaziabad, U.P, INDIA – 201005
Ph :9871991928
Contact Person : Mr. Ashok Vardhan,Director
E-mail :ashok[at]mqasglobal.com

50. Madhya Pradesh Agency for Promotion of Information Technology (MAP_IT)

(A Regt. Society of Department of Science & Technology, Government of Madhya Pradesh)

47-A , State IT Center, Arera Hills,
Bhopal, Madhya Pradesh- 462011
Ph: 0755-2518713, 0755-2518702
Fax: 0755-2579824
Contact person : Mr. Vinay Pandey
Mobile:+91-0755-2518710
Email: vinay[dot]pandey[at]mapit [dot] gov [dot] in

51. M/s Mirox Cyber Security & Technology Pvt Ltd

4th Floor Nila Technopark Kariyavttom PO 695581
Trivandrum, Kerala
Phone +91 471 4016888 / +91 471 4000545
Mobile 9995199499, 9995799499
Contact Person : Mr. Rajesh Babu
Mobile: 9995799499
Email- rb[at]miroxindia.com/rbmirox2000[at]gmail.com

52. M/s Net Square Solutions Private Limited

1, SanjivBaug baug, Near Parimal Crossing, Paldi,
Ahmedabad - 380007, Gujarat
Fax : +91 7926651051
Contact Person : Ms. Pradnya Karad
Email: pradnya[at]net-square.com
Mobile: +91 7767955575

53. M/s Network Intelligence India Pvt. Ltd.

2nd Floor, 204, Ecospace IT Park,
Off Old Nagardas Road, Andheri-E, Mumbai-400069.
Ph :+919820049549
Fax: NA
Contact Person : Mr. Kanwal Kumar Mookhey
E-mail :kkmookhey[at]niiconsulting.com

54. M/s Nangia & Co LLP

A-109, Sector 136, Noida (Delhi-NCR) - 201304
Ph : +91 98203 65305
Fax: +91 120 259 8010
Contact Person : Shrikrishna Dikshit
E-mail : shrikrishna.dikshit[at]nangia.com, poonam.kaura[at]nangia.com

55. M/s Netmagic IT Services Pvt. Ltd.

Lighthall 'C' Wing, Hiranandani Business Park, Saki Vihar Road,
Chandivali, Andheri (East) Mumbai 400 072
Ph :02240099099
Fax:02240099101
Contact Person : Mr. Yadavendra Awasthi
E-mail : yadu[at]netmagicsolutions.com
56. M/s Netrika Consulting India Pvt. Ltd.
Plot no.2, Industrial Estate, Udyog Vihar, Phase-IV,
Gurugram, Haryana, India. PIN: 122015
Ph : +91-124-4883000
Fax: N/A
Contact Person : Sanjay Kaushik & Rajesh Kumar
E-mail : sanjay[at]netrika.com; rajesh.kumar[at]netrika.com

57. M/s Netsentries Infosec Solutions Private Limited

No.5, 4th Floor, Wing II
Jyothirmaya Building, Infopark SEZ Phase-II,
Brahmapuram P.O. Cochin 682303
Ph :+91 8884909578
Fax: NA
Contact Person : Sudheer Elayadath
E-mail : Sudheer[at]netsentries.com

58. M/s NG TECHASSURANCE PRIVATE LIMITED

Shop No. F-07 (107), First Floor, Atlanta Shopping Mall,

Althan Bhimrad Road, Surat, Gujarat - 395017
Ph : +91 98989-51269
Fax: NA
Contact Person : Mr. Gaurav Goyal
E-mail : admin[at]ngtech.co.in

59. M/s Lucideus Technologies Pvt. Ltd

A-1/20, Basement, Safdarjung Enclave, New Delhi- 110029

Ph : +91 9717083090
Contact Person : Hitesh Butani
E-mail : [email protected]

60. M/s Oxygen Consulting Services Private Limited

COSMOS, E/701, Magarpatta City, Hadapsar, Pune 411028

Ph :+91 9890302009, +91 9370288368, +91 02048620461
Fax:
Contact Person : Mr. Sanjiv Agarwala
E-mail : sanjiv.agarwala[at]o2csv.com
ska262001[at]yahoo.co.in

61. M/s Panacea InfoSec Pvt. Ltd.

226, Pocket A2, Sector 17, Dwarka, New Delhi - 110075

Ph : +91 11 49403170
Fax: NA
Primary Contact Person : Apurva K Malviya, Global Business Head
E-mail : apurva[at]panaceainfosec.com
Mobile: +91-9650028323/ +91 9205786094
Secondary Contact Person : Chandani Mishra, AVP IT Security
E-mail : cg[at]panaceainfosec.com
Mobile: +91-8929768061

62. M/s Peneto Labs Pvt Ltd

Level 8 & 9, Olympia Teknos, No - 28, SIDCO Industrial Estate, Guindy, Chennai 600032
Ph :+91 8861913615 / +91 44 4065 2770
Fax:NA
Contact Person : Parthiban J
E-mail :Parthiban[at]penetolabs.com
63. M/s Paladion Networks Pvt. Ltd.
Shilpa Vidya, 49 1st Main, 3rd Phase
JP Nagar, Bangalore - 560078
Ph : +91-80-42543444
Fax: +91-80-41208929
Contact Person : Mr. Balaji Venkatasubramanian
E-mail : balaji.v[at]paladion.net

64. M/s Payatu Technologies Pvt Ltd

502,5th Floor, Tej House,
5 MG Road, Camp, Pune-411001
Ph : +91-20-41207726
Fax: NA
Contact Person : Mr. Pranshu Jaiswal
E-mail : cert[at]payatu.com

65. M/s Price water house Coopers Pvt. Ltd.

7th & 8th Floor, Tower B, Building 8,
DLF Cyber City, Gurgaon, Haryana -122002
Ph : [91] 9811299662
Fax: [91] (124) 462 0620
Contact Person : Mr.Rahul Aggarwal
E-mail : rahul2.aggarwal[at]pwc.com

66. M/s Protiviti India Member Private Limited

GTB Nagar, Lalbaug, Everard Nagar,
Sion, Mumbai, Maharashtra 400022
Ph :022 6626 3333
Contact Person : Mr. Sandeep Gupta (Managing Director)
E-mail :Sandeep.Gupta[at]protivitiglobal.in
Phone: +91-9702730000

67. M/s PRIME INFOSERV LLP

60, SIBACHAL ROAD, BIRATI, KOLKATA 700051

Ph : 033- 40085677, Mobile no.- +91 9830017040
Fax:
Contact Person : Sushobhan Mukherjee
E-mail : smukherjee[at]primeinfoserv[dot]com, info[at]primeinfoerv[dot]com

68. M/s Qseap Infotech Pvt. Ltd.

Unit No.105, Building No.03, Sector No.03,
Millennium Business Park, Mahape(MIDC),
Maharashtra- 400710, India
Ph :9987655544
Fax:NA
Contact Person : Mr. Abhijit Doke
E-mail :certin[at]qseap.com

69. M/s QRC Assurance and Solutions Private Limited

Office No 508, Plot No 8, Ellora Fiesta, Sector -11,

Sanpada, Navi Mumbai, Maharashtra, India, 400705
Ph : +91-9920256566
Fax: NA
Contact Person : Kalpesh Vyas
E-mail : kalpesh.vyas[at]qrcsolutionz[dot]com
70. M/s QA InfoTech Software Services Private Limited
A-8, Sector 68, Noida, Uttar Pradesh, 201309
Ph : +91-120-6101-805 / 806
Fax:
Contact Person : Mr Rajesh Sharma (Co-Founder and Chief Information Officer)
E-mail : rajesh[at]qainfotech.com

71. M/s Risk Quotient Consultancy Private Limited

Unit 9, Building No:02, Sector 3, Plot No:1,
Millennium Business Park, Mahape, Navi Mumbai 400701
Ph :9821340198
Fax:NA
Contact Person : Ms.Deepanjali Kunthe
E-mail :deepanjali.kunthe[at]rqsolutions.com

72. M/s RSM Astute Consulting Pvt. Ltd.

301-307, A Wing, Technopolis Knowledge Park,
Mahakali Caves Road, Andheri (East),
Mumbai – 400093
Tel: 91-22- 6108 5555
Contact Person :Mr. Anup Nair
E-mail : anup.nair[at]rsmindia.in
Mobile No. +91 8828428080
Website : www.rsmindia.in

73. M/s RNR Consulting Private Limited

E-16/169, Sector-8, Rohini, Delhi 110085

Ph : +91 9999132873 , +91 9971214199
Fax: N/A
Contact Person : Nitish Goyal , Practice Head – Information and Cyber Security
E-mail : nitish[at]consultrnr[dot]com

74. M/s SecureLayer7 Technologies Private Limited

Plot No. 28, Vyankatesh Nagar, Beside Totala Hospital,

Jalna Road, Aurangabad, MH 431001
Ph : +91-844-844-0533
Fax: NA
Contact Person : Mr. Sandeep Kamble
E-mail : cert[at]securelayer7.net

75. M/s SecurEyes Techno Services Pvt. Ltd.

4th Floor, Delta Block, Sigma Soft Tech Park,

Whitefield Main Road, Varathur, Bangalore - 560066
Phone Number: +91 9449035102/ 080-41264078
Fax:NA
Contact Person : Ms. Uma Pendyala
E-mail :umap[at]secureyes.net

76. M/s Security Brigade InfoSec Pvt. Ltd.

3rd Floor, Kohinoor Estate, Lower Parel,

Mumbai - 400013
Ph : +919004041456
Fax: -
Contact Person : Mr. Jamila Pittalwala
E-mail : certin[at]securitybrigade.com
77. M/s Sysman Computers

312, Sundram, Rani Laxmi Chowk,

Sion Circle, Mumbai 400022
Ph : 99672-48000 / 99672-47000 / 022-2407-3814
website : www.sysman.in
Contact Person : Dr. Rakesh M Goyal, Director
E-mail : rakesh[at]sysman.in, �ससमैन@�ससमैन.भारत

78. STQC Directorate, Ministry of Electronics and IT, Govt. of India

Electronics Niketan, 6 C G O Complex, Lodhi Road, New Delhi-110003

Ph :011 24301816, 24301382
Fax:011 24363083
Contact Person : Mr. Gautam Prasad
E-mail : gprasad[at]stqc.gov.in; headits[at]stqc.gov.in

79. M/s Sattrix Information Security Pvt. Ltd.

28, Damubhai Colony, Nr. Anjali Cross Road, Bhatta,

Paldi, Ahmedabad-380007.
Ph : +91 9825077151
Fax:
Contact Person : Bhavik Patel
E-mail : bhavik.patel[at]sattrix[dot]com

80. M/s Suma Soft Private Limited

Suma Center, 2nd Floor,

Opp. Himali Society, Erandawane,
Pune, Maharashtra – 411 004.
Tel: +91.20.4013 0700, +91.20.4013 0400
Fax: +91.20.2543 8108
Contact Person : Mr. Milind Dharmadhikari,
Practice Head - IT Risk & Security Management Services
E-mail :milind.dharmadhikari[at]sumasoft.net / infosec[at]sumasoft.net
Mobile - +91-98700 06480

81. M/s SISA Information Security Private Limited

No. 79, Road Number 9, KIADB IT PARK,

Arebinnamangala Village, Jala Hobli
Bengaluru, Karnataka, India - 562149
Ph : +91-7042027487
Fax: N/A
Contact Person : Mr. Bharat Malik
E-mail : warlabs[at]sisainfosec.com

82. M/s Sequretek IT Solutions Pvt. Ltd.

304, Satellite Silver, Andheri Kurla Road, Marol,

Andheri East, Mumbai, INDIA - 400 097
Ph : 022-40227034
Fax: 022-40227034
Contact Person : Anup Saha ([email protected])
E-mail : info[at]sequretek.com (Official)
83. M/s Siemens Limited

Birla Aurora Towers, Level 21, Plot 1080, Dr. Annie Basant Road,
Worli, Mumbai - 400030
Ph : +91 22 39677640
Fax: NA
Contact Person : Amitava Mukherjee
E-mail :Amitava.Mukherjee[at]siemens.com

84. M/s Software Technology Parks Of India

1st Floor, Plate B, Office Block-1,

East Kidwai Nagar, New Delhi-110023
Website URL: http://www.stpi.in
Ph :+91-11-24628081
Fax:+91-11-20815076
Contact Person : Mr.Paritosh Dandriyal, Director
E-mail :paritosh[at]stpi[dot]in

85. M/s Sumeru Software Solutions Private Limited

1st Floor "Samvit", Near The Art of Living International Center,

21st KM Kanakapura Main Road,
Udayapura, Bangalore – 560082
Karnataka, India
Ph : +91 6364357139
Fax: +91 80-4121 1434
Contact Person : Asish Kumar Behera
E-mail : cert-in[at]sumerusolutions.com

86. M/s SWADESH SYSTEM PVT.LTD.

504,5th Floor, 58, Sahyog Building, Nehru Place, New Delhi-110019

Ph :011-45621761
Fax:011-45621761
Contact Person : Mr. Rohit Jain
Contact No.: 9911117635
E-mail :rohit[at]swadeshsystem.in

87. M/s Security Spoc LLP

Postal address: Level 18 Tower A, Building No. 5 DLF Cyber City Phase III, Gurgaon, Haryana,
122002 India
Ph : +918448866878, 01294900303
Fax: NA
Contact Person : Dutt Kumar
E-mail : dkumar[at]securityspoc.com
Website: https://securityspoc.com

88. M/s TAC InfoSec Private Limited

C203, 4th Floor, World Tech Tower

Phase-8B, Mohali-160055
Ph : 9876200821, 9988850821
Contact Person : Mr. Trishneet Arora, Founder and CEO
E-mail :ceo[at]tacsecurity.co.in
89. M/s Tata Communications Ltd

Tower 4, 4th to 8th Floor, Equinox Business Park,

LBS Marg, Kurla (W), Mumbai 400070
Ph : +91 22 66592000
Contact Person : Mr.Ratnajit Bhattacharjee - DGM-GRC Product/Services
Mr.Saikat Sen - DGM Cyber Security Products
E-mail : Ratnajit.Bhattacharjee[at]tatacommunications.com,
Saikat.Sen[at]tatacommunications.com
Mobile : 9810093811, 7259308444

90. M/s Talakunchi Networks Pvt Ltd

Postal address: 505, Topiwala Centre,

Off S.V. Road, Goregaon West, Mumbai 400104
Phone: +91-9920099782
Contact Person : Vishal Shah
E-mail: certin[at]talakunchi.com

91. M/s Tata Advanced Systems Ltd.

Cyber & Physical Security Division

Postal address: Office No. 15, 6th floor, Tower 1,
Stellar IT Park, C-25, Sector-62 Noida, Uttar Pradesh, India. PIN - 201307
Fax: 0120 4847459
Contact Person : Argha Bose - (Head , Cyber Security Practice)
Email: argha.bose[at]tataadvancedsystems[dot]com
Mobile no.: 7028007432

92. M/s TUV-SUD south Asia Pvt. ltd

Solitaire, 4th Floor, ITI Road,

Aundh, Pune – 411007
Maharashtra
Ph : +91 20 6684 1212
Fax:
Contact Person :Amit Kadam
E-mail :Amit.VKadam[at]tuvsud.com Phone:+91 9607964483
Mr. Vaibhav.Pulekar
E-mail :Vaibhav.Pulekar[at]tuvsud.com Phone: + 91-9819955909
Mr. Sivakumar Radhakrishnan,
E-mail :Sivakumar.R[at]tuvsud.com Phone: + 91-9819955909

93. M/s Tata Power Delhi Distribution Ltd

Tata Power Delhi Distribution Ltd, NDPL House,

Hudson Lane, New Delhi - 110009
Ph :01166112222
Fax:01127468042
Contact Person :Aamir Hussain Khan
E-mail :aamir.hussain[at]tatapower-ddl.com

94. M/s Varutra Consulting Varutra Consulting Private Limited

Postal address: Varutra Consulting Pvt. Ltd.,

West Wing, II Floor, Marigold Premises, Marisoft III,
Kalyaninagar ,411014 Pune ,Maharashatra, India.
Ph : +91 8408891911
Fax: NA
Contact Person : Shrushti Sarode
E-mail :shrushti.sarode[at]infosharesystems.com
95. M/s Xiarch Solutions Private Limited

352, 2nd Floor, Tarun Enclave,

Pitampura, New Delhi-110034, India
Ph :011-45510033
Fax:011-66173033
Contact Person : Mr. Utsav Mittal, Principal Consultant
E-mail : utsav[at]xiarch.com, cert[at]xiarch.com

96. M/s Yoganandh & Ram LLP

G-1, Shree Vishnu Apartments, 12, Twelfth Cross Street,

Dhandeeswaram Nagar, Velachery, Chennai - 600042
Ph : 044-22432030
Fax: Nil
Contact Person : Mr. Manoj Kumar Jain
E-mail : manoj[at]yandr.in / isaudit[at]yandr.in
Mobile : 9940156515 / 98415 82933
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s AAA Technologies Ltd

1. Name & location of the empanelled Information Security Auditing Organization :

AAA Technologies Limited,

Mumbai, Delhi, Bangalore, Lucknow, Chennai, Pune

2. Carrying out Information Security Audits since : 2000

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
• Mobile App Security Testing (Y/N) : Yes
• ERP Audit (Y/N) : Yes
• Payment Gateway Audit (Y/N) : Yes
• Compliance Audit as per Government of : Yes
India Guidelines (Y/N)
• Source Code Review (Y/N) : Yes
• Cyber Security and CSOC Audit (Y/N) : Yes
• Cloud Security Audit (Y/N) : Yes
• Swift Audit (Y/N) : Yes
• Concurrent / Continuous Audit (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 400+
PSU : 100+
Private : 25+
Total Nos. of Information Security Audits done : 525+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 150+

Web-application security audit : 400
Wireless security audit : 30+
Compliance audits (ISO 27001, PCI, etc.) : 60+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 5+
BS7799 / ISO27001 LAs : 30+
CISAs : 20+
DISAs / ISAs : 5+
Any other information security qualification : 35+
Total Nos. of Technical Personnel : 75+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related

No. <organization> Information Security to Information security
1) Anjay Agarwal 20 25 ISMS LA, CISA, ISA,
CEH, ECSA, LPT,
COBIT Certified
Assessor
2) Venugopal M. 19 18 ISMS LA, ISA, CEH
Dhoot
3) Ruchi Agarwal 16 16 ISMS LA
4) D.K.Agarwal 17 18 CISA

5) Vidhan Srivastav 16 16 CISSP, ISMS LA

6) Sudhir Lad 9 19 CISA

7) Ravi Naidu 10 13 ISMS LA, CEH

8) Harpreet Singh 7 7 CEH

Dhanjal
9) Bharati Vane 7 7 CEH

10) Rahul Verma 7 8 ISMS LA, CEH

11) Raja Yadav 6 7 ISMA LA, CEH

12) Atul Raj 6 7 ISMS LA, CEH

13) Vishnuvardhan 4 6 ISMS LA

Selvaraj
14) 4 6 ISMA LA
Ajay Gautam
15) 4 6 ISMS LA
Mohit Sharma
16) 3 6 ISO 27001
Animesh Mishra
17) 3 6 CEH
Priyanka Awari
18) 3 6 CEH
SuyogGhag
19) Ashvini Anand 3 6 CEH
Yendhe
20) Hiren Shah 3 16 CEH, ISO 27001

21) Rohit Kumar 2 5 CEH

22) Shweta Singhal 2 5 CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Audit for a Government Organisation above Rs. 5 Crores

Information Security Audit including SAP Audit for a Municipal Corporation for above Rs. 4.5
Crore
Consultancy for Implementing ISO 27001 for 17 Data Centers across India including
Vulnerability Assessment and Penetration Testing for Rs. 54.57 Lakhs

9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

Commercial
i. NetSparker
ii. Core Impact
iii. Nessus Pro
iv. Nipper
v. Burp Suite
vi. Idea

Freeware

i. Nmap
ii. DOMTOOLS - DNS-interrogation tools
iii. Nikto - This tool scans for web-application vulnerabilities
iv. Firewalk - Traceroute-like ACL & network inspection/mapping
v. Hping – TCP ping utilitiy
vi. Dsniff - Passively monitor a network for interesting data (passwords, e-mail, files, etc.).
facilitate the interception of network traffic normally unavailable to an attacker
vii. HTTrack - Website Copier
viii. Tools from FoundStone - Variety of free security-tools
ix. SQL Tools - MS SQL related tools
x. John - John The Ripper, Password-cracking utility
xi. Paros - Web proxy for web application testing
xii. Wikto - Web server vulnerability assessment tool
xiii. Back Track
xiv. Meta Sploit
xv. Ethereal - GUI for packet sniffing. Can analysetcpdump-compatible logs
xvi. NetCat - Swiss Army-knife, very useful
xvii. Hping2 - TCP/IP packet analyzer/assembler, packet forgery, useful for ACL inspection
xviii. Brutus – password cracking for web applications, telnet, etc.
xix. WebSleuth - web-app auditing tool
xx. HTTPrint – detect web server and version
xxi. OpenVas
xxii. W3af
xxiii. Owasp Mantra
xxiv. Wire Shark
xxv. Ettercap
xxvi. Social Engineering Tool Kit
xxvii. Exploit database
xxviii. Aircrack-Ng
xxix. Hydra
xxx. Directory Buster
xxxi. SQL Map
xxxii. SSL Strip
xxxiii. Hamster
xxxiv. Grimwepa
xxxv. CAIN & Able
xxxvi. Rips
xxxvii. Iron Wasp
xxxviii. Fiddler
xxxix. Tamper Data

Proprietary

i. AAA - Used for Finger Printing and identifying open ports, services and misconfiguration
ii. Own developed scripts for Operating System
iii. Own developed scripts for Database Audit

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by <AAA Technologies Limited> on <23-10-2020>

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s BHARAT ELECTRONICS LIMITED

1. Name & location of the empanelled Information Security Auditing Organization :

BHARAT ELECTRONICS LIMITED

Registered & Corporate Office
Outer Ring Road, Nagavara
Bangalore – 560045, Karnataka

Representing all its 9 units at Bangalore, Ghaziabad, Pune,

Machlipatnam, Chennai, Panchkula, Navi Mumbai, Kotdwara, Hyderabad
and 2 Central Research Laboratories at Bangalore and Ghaziabad.

2. Carrying out Information Security Audits since : August 2015

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) : Yes
• Web-application security audit (Y/N) : Yes
• Web-server security audit(Y/N) : Yes
• Wireless security audit (Y/N) : No
• Mobile application security audit(Y/N) : Yes
• Stand-Alone application security audit(Y/N) : Yes
• Device security audit (Y/N) : Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes;
Gap analysis w.r.t ISO 27001
• Secure SDLC Review (Y/N) : Yes
• Secure Code Review (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months:

(Reporting period: Oct 2019 to Sep 2020)

Govt. : -8-
PSU : -17-
Private : -Nil-
Total Nos. of Information Security Audits done : -25-

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
(Reporting period: Oct 2019 to Sep 2020)

Network security audit : -Nil-

Web-application security audit : -17-
Web-server security audit : -4-
Wireless security audit : Nil-
Stand-Alone application security audit : -1-
Device security audit : -1-
Mobile application security audit : -2-
Compliance audits (ISO 27001, PCI, etc.) : -Nil-

6. Technical manpower deployed for information security audits :

CISSPs : -1-
BS7799 / ISO27001 LAs : -11-
CISAs : -Nil-
DISAs / ISAs : -Nil-
Any other information security qualification : -15-
M.Tech (Information Security) :<number of> : -2-
M.Tech (Cyber Security) : <number of> : -3-
M.Tech (Cyber Law & Information Security) : <number of>: -1-
NPT :<number of> : -2-
CEH :<number of> : -9-
CCNSP :<number of> : -2-
CHFI :<number of> : -1-
CSA :<number of> : -1-
ACE :<number of> : -1-
Total Nos. of Technical Personnel : -27-

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Technical Personnel’s Working with Information Security related Total

No Name the qualifications (CISSP/ISMS LA / experience in
. organization CISM/ CISA/ ISA etc., state as information
since (month applicable) security
& year) related
activities
(years)
PMP, ISMS LA, CCNSP, Trained on
1. Ms. Shylaja K Sep, 1999 17+
CCISO & CISSP
M.Tech (Software Systems), PMP,
2. Ms. Bhagya Lakshmi A N Oct, 2004 6+
ISMS LA, NPT, Trained on CISSP
3. Ms. Poornima M Nov, 2009 M.Tech (Cyber Security), CEH 4+
4. Ms. Swathi M D Sep, 2010 CEH 5+
Advanced Certification in Cyber
5. Ms. Akshatha S Dec, 2018 2+
Forensics
6. Mr. Deepak D Nov, 2012 NPT, CEH 5+
7. Mr. Kunal Mohan Sadalkar Aug, 2011 M.Tech (Information Security) 9+
M.Tech (Information Security), CHFI
8. Mr. Neeraj Kumar Dec, 2014 9+
V8, ACE
9. Mr. Jagan Mohan Rao B Apr, 1999 PMP, Trained on CISSP 9+
10. Mr. Antony Benedict Raja G Jun, 2010 CEH 6+
11. Mr. Tarun Jain Oct, 2010 CISSP 6+
M.Tech (Cyber Security), ISMS LA,
12. Mr. SandeepGadhvi Jan, 2019 CEH, DIAT Certified Information 2+
Assurance Professional(DIAT CIAP)
M.Tech (Cyber Law & Information
13. Mr. Viplav Feb, 2019 2+
Security)
Mr. ManojTyagi Dec, 2010 M.S. (Software Systems), ISMS 4+
14.
Internal Auditor, ISMS LA, PMP
15. Mr. GauravKataria July 2007 M.Tech (Cyber Security), 11+
ISMS LA, CEH v10
16. Ms. KarunaShri Dec 2010 ISMS Internal Auditor 4+
17. Mr. Neeraj Kumar Singh Dec 2010 CEH v10, ISMS Internal Auditor 4+
18. Ms. Reshu Rani Sep 2017 CEH v10 3.5+
19. Mr. SagarVerma Oct 2017 CEH v10, ISMS Internal Auditor 3+
20. Mr. Akshit Singh Oct 2018 CEH v10 2.5+
21. Mr. Rajesh Kumar Udumu Jun, 2006 CEH, CNDA 5+
22. Mr. Vaman A Naik Mar, 1986 ISMS LA 7+
23. Mr. Praveen Kumar H T Jun, 2001 ISMS LA, CCNSP 15+
24. Ms. Madhavi M Jan, 2005 PMP, ISMS LA 4+
25. Mr. Mrityunjaya P Hegde Feb, 2010 PMP, ISMS LA 5+
26. Mr. Srinivas T Dec, 1993 ISMS LA 9+
27. Mr. DeeprajShukla Jun, 2009 ISMS LA 5+
28. Ms. Padmapriya T Sep, 2011 PMP, ISMS LA 3+

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Security Audit of NC3I Application – comprising of web application and standalone

applications to acquire, store, process, integrate, correlate and display the tactical data in real
time. The audit was conducted remotely through Team Viewer.This a high value project for the
Indian Defence Customer.

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Freeware Commercial Proprietary

Wireshark/ TCPDump Ettercap Dsniff Nessus Pro NSAT

Kali Linux Ferret Lynis Nexpose Scripts
Nmap/ Zenmap Hamster NSLookup Metasploit Pro
Sqlmap IP scanner Netcat Burpsuite
Nikto Yersinia OmegaDB Acunetix
Hydra Ethereal OpenZap HP WebInspect
John the Ripper Echo Mirage OpenVAS HP Fortify
Putty WebScarab Hping IBM Appscan
Whois Tor’s Hammer Fiddler Maxpatrol
Scapy W3af SSLTest Codenomicon
Pyloris Sparta HTTPMaster beSTORM
LOIC Directory Buster Curl IDAPro
CSRF Tester SMTP Ping WireEdit NetSparker
Ollydbg Hash-Identifier Process Hacker
MBSA Cisco Auditor Armitage
TestSSLServer SysInternals Open SSL
Suite
Python / Powershell Santoku Linux Browser Plugins
Scripts
Qualys SSL Genymotion MobSF

10. Outsourcing of Project to External Information Security Auditors / Experts : No

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes

New York Singapore Srilanka

Bharat Electronics Limited Bharat Electronics Limited Bharat Electronics Limited
53, Hilton Avenue 06-01, PSL Industrial Building No. 385, 1st Floor
Garden City 156, Maopherson Road Landmark Building, Galle
New York – 11530, USA Singapore – 348 528 Road
Colombo – 03, Srilanka
Oman Myanmar Vietnam
Bharat Electronics Limited Bharat Electronics Limited Bharat Electronics Limited
No. 0402Z214, 2nd Floor No. 53, The Strand Square 10th Floor, TNR Power
Building No.4 Level 2, Unit #. 209, Hanoi
Knowledge Oasis Muscat Strand Road, PabedanTsp, Vietnam
(KOM) Yangaon, Myanmar
PO Box 200, Postal Code 123,
AI Rusayl, Sultanate of Oman

*Information as provided by Bharat Electronics Limited on 23-10-2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s CyRAAC Services Private Limited

1. Name & location of the empanelled Information Security Auditing Organization:

CYRAAC SERVICES PRIVATE LIMITED

2. Carrying out Information Security Audits since : 2017

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) - Y

• Web-application security audit (Y/N) - Y
• Wireless security audit (Y/N) - Y
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) - Y
• Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) - Y
• ICS/OT Audits (Y/N) - Y
• Cloud security Audits (Y/N) - Y

4. Information Security Audits carried out in last 12 Months:

Govt. : 6
PSU : 2
Private : 151
Total Nos. of Information Security Audits done : 159

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit: 70

6. Technical manpower deployed for informationsecurity audits: 14

CISSPs: 1
BS7799 / ISO27001 LA: 4
CISAs: 2
DISAs / ISAs: 0
Any other information security qualification:
Offensive Security Certified Professional - 1
Certified Ethical Hacker - 5
Certified Information Security Manager – 1
CBCP - 1 Total Nos. of Technical Personnel: 14

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Information Systems Audits for a Bank

Scope:
• Audit against requirements and circulars - RBI Cyber Security Framework, Gopalakrishna
Committee Recommendations
• Audit against Storage of Payments Systems Data
• e-Sign Audit
• Audit against UIDAI requirements
• Vulnerability Assessment and Penetration Testing
• Red Team Assessment
• Application Security Assessment
• Cloud Security Audit
• Data Privacy
• Security Operations Audit
Locations: India

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):

Tool User
Nessus Professional Infrastructure Scanning
Burp Suite Penetration Testing / Web Application Scanning
Metasploit Penetration Testing
Charles Infrastructure Scanning
Nikto Penetration Testing
SQLmap Penetration Testing / DB Scanner
W3AF Web Application Scanning
AirCrack-ng Infrastructure Scanning
Netcat Multipurpose Tool
TCPDUMP Infrastructure Scanning / Sniffer
Wireshark Infrastructure Scanning / Sniffer
Kismet Infrastructure Scanning
Tool User
WebScarab Web Application Scanning
OpenSSL Toolkit Infrastructure scanning
Fiddler / Firebug Web Application Scanning
SQLNinja Penetration Testing / DB Scanner
Nirsoft Suite Multipurpose Toolset
Sysinternals Suite Multipurpose Toolset
Frida Mobile Application Penetration testing
Drozer Mobile Application Penetration testing
QARK Mobile Application Penetration testing
MobSF Mobile Application Penetration testing
SuperAndroidAnalyzer Mobile Application Scanning
Postman API Penetration Testing
FuzzAPI API Scanning
Astra API Penetration Testing
Fortify SCA Secure Code Review
PMD Secure Code Review
Checkstyle Secure Code Review
FingBugs Secure Code Review
Source meter Secure Code Review
SonarQube Secure Code Review
VCG Secure Code Review
Prowler Cloud Configuration Review
Scout Suite Cloud Configuration Review
Custom Scripts Multipurpose

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

11. *Information as provided by CYRAAC SERVICES PRIVATE LIMITEDon 01 July 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

Madhya Pradesh Agency for Promotion of Information Technology (MAP_IT)

1. Name & location of the empanelled Information Security Auditing Organization :

Madhya Pradesh Agency for Promotion of Information Technology (MAP_IT)

47/A State IT Center, Arera Hills Bhopal, Madhya Pradesh- 462011

2. Carrying out Information Security Audits since : January 2013

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Y

• Web-application security audit (Y/N) : Y
• Wireless security audit (Y/N) : N
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : N
• Information Security Testing : Y
• Software Vulnerability Assessment : Y
• Penetration Testing : Y
• Information security policy review and assessment against best
security practices : Y

4. Information Security Audits carried out in last 12 Months :

Govt. : 221
PSU : 0
Private : 0
Total Nos. of Information Security Audits done : 116

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 0

Web-application security audit : 221
Wireless security audit : 0
Compliance audits (ISO 27001, PCI, etc.) : 0

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 LAs : 5
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification :
CISA : 1
CIISA : 1
CCIE-Security : 1
EC-Council ECIH : 1
EC-Council CeH : 3
Total Nos. of Technical Personnel : 7

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. MAP_IT Information Security Information security
1 Ambar Pande 5 years 10 1.2 years ISMS LA
Months
2 Vineet Tiwari 1 year 11 1.2 years ISMS LA
Months
3 Priyank Soni 6 years 6 10 years ISMS LA, CEHv10,
Months CISA(Exam)
4 Vasundhara 4 Years 7 6 years CIISA, CEHv10
Raghuwanshi Months
5 Viral Tripathi 4 Years 11 14 years CCIE-Security
Month
6 Rajesh Kushwaha 7 Years 5 7 years ISMS LA, CCNA-
Month Security IINS, Fortinet
Network Security
Expert
7 Sourabh Singh 11 Months 9 years Nessus VM,ISMA LA,
Rathore ECIH, CEHv8

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

MP Power Transmission Company Limited

Project consists of 7 different modules which were audited in different phases
Complexity: Medium
Location: Jabalpur
Volume:7 Modules
No. of Static Pages in the application: 745
No. of Dynamic Pages in the application:680
Project Value: Not Available

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial Tools:

• Micro Focus Webinspect (19.2.0 )

• Burp Suite Professional (v 2020.9.2)
• Netsparker Professional (version 5.5.1.26518)
• Acunetix (10.5)

Freeware Tools:

• Kali Linux Framework

• OWASP-ZAP
• Nmap,
• Nikto, Metasploit,Vega ,Nessus

10. Outsourcing of Project to External Information Security Auditors / Experts : No

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Madhya Pradesh Agency for Promotion of Information Technology

(MAP_IT) on23-Oct 2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Maverick Quality Advisory Services Private Limited

1. Name & location of the empanelled Information Security Auditing Organization:

MAVERICK QUALITY ADVISORY SERVICES PRIVATE LIMITED

123 RADHEY SHYAM PARK P.O SAHIBABAD
GHAZIABAD, U.P, INDIA – 201005

2. Carrying out Information Security Audits since : 2005

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) : Yes
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N) : No
• ICS/OT Audits (Y/N) : Yes
• Cloud security Audits (Y/N) : Yes
• Physical Access Controls & Security testing (Y/N) : Yes
• Software Vulnerability Assessment (Y/N) : Yes
• Penetration Testing (Y/N) : Yes
• Information Security Testing (Y/N) : Yes
• Business Continuity Planning / Disaster Recovery Audit (Y/N) : Yes
• Mobile Application Security Audit(Y/N) : Yes
• Window Application Security Audit(Y/N) : Yes
• Secure Source Code Review(Y/N) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 294
PSU : 22
Private : 84
Total Nos. of Information Security Audits done (In last 12 months) :400

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 10

Web-application security audit : 360
Mobile Application Security Audit : 23
Window Application Security Audit : 1
Secure Source Code Review : 6
Penetration Testing : 370
Compliance audits (ISO 27001) : 28+

6. Technical manpower deployed for informationsecurity audits :

CISSPs :1
BS7799 / ISO27001 LAs :11
CISAs : CISA(2) + CISM(4)
Any other information security qualification : 9(CEH)
Total Nos. of Technical Personnel : 21

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related

No. Employee <organization> Information Security to Information security
1 Anand Sarup >9 years >23 years CISA,CISM,ISMS LA
2 Ashok >16years >15years ISMS LA
3 Vinit >16years >17years ISMS LA
4 Manish Gupta >7 Years >10 Years CISA, CISM, ISO
31000, ISO 27001
5 Raj >16years >10 years ISMS LA, CISM
6 Ashish >6 Years >4 Years CEH, CISM
7 Alok Kumar >5 Years >4 Years CEH
8 Chandra Kishor >3 Years >3 Years CEH
9 Sanjeev Gupta >6 years >8 years ISMS LA
10 G. Meenakshi >8 Years >11 Years ISMS LA
11 Harish >10 years >19years CISSP, MCSE,
SYMANTAC Certified,
RSA Certified
12 Pushkal >3 Years >6 Years ISMS LA
13 Col. Sunil >6 Years >10 Years ISMS LA
14 Padmanabhan >5 Years >7 Years ISMS LA
15 Nirupama >2 Years >1 Year ISMS LA
16 Ashutosh <2 Years <2 Years CEH
17 Manoj <2 Years <2 Years CEH
18 Rajat <1 Year <2 Years CEH
19 Martand Pratap <1 Year <1 Year CEH
20 Rajat <1 Year <1 Year CEH
21 Priyanshu <1 Year <1 Year CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Carrying out Web-Application Security audit for a Government Organization with value > INR 40
Lacs

Carried out Network Security Audit and Web-Application Security audit for a Private
Organization with value > INR 20 Lacs

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

SNo Tool Name Type Purpose

1 Burp Suite Commercial Web application auditing
2 Nessus Commercial Vulnerability Scanner
3 Nmap Free Port/service scanner
4 Metasploit Free Exploitation Tool
5 Netcat Free Network Testing
6 Ethereal Free Wireless Penetration Testing
7 SSLProxy Free Web Application Testing
8 STunnel Free Web Application Testing
9 VisualCodeGrepper Free Source Code Review
10 Nikto Open Source Web Application testing
11 Wireshark Open Source Packet Analyzer
12 SQLMap Open Source SQL Injection Exploitation
13 Kali-Linux Open Source OS containing open source tools
14 OWASP ZAP Open Source Web application auditing
15 MobSF Open Source Mobile Application Pen Test
16 apktool Open Source Mobile Application Pen Test
17 Procmon Open Source Process Monitor Tool
18 Echo Mirage Open Source Network Proxy
19 Postman Open Source Web services and API Testing Tool
20 Drozer Open Source Mobile Application Pen Test
21 SonarQube Open Source Source Code Review
10. Outsourcing of Project to External Information Security Auditors / Experts : No
( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Maverick Quality Advisory Services Private Limited on Jun 30 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s RSM Astute Consulting Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization :

RSM Astute Consulting Pvt. Ltd. (www.rsmindia.in)

Headquarters (Mumbai):
301-307, A Wing, Technopolis Knowledge Park,
Mahakali Caves Road, Andheri (East),
Mumbai – 400093
Tel: (+91-22) 6108 5555
Bangalore Office:
3rd floor, B Wing, Jubilee Building,
45, Museum Road, Bengaluru-560025

2. Carrying out Information Security Audits since : 2011

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Y

• Web-application security audit (Y/N) : Y
• Wireless security audit (Y/N) : Y
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y
• IT General Controls : Y
• IT Policy Compilation : Y
• Vulnerability Assessment & Penetration Testing : Y
• IT Infrastructure Audit : Y
• Review of Applications Implementation : Y
(Both Pre & Post Implementation)
• End Point Security Review : Y
• Application Security Review : Y
• Secure Code Review : Y

4. Information Security Audits carried out in last 12 Months :

Govt. : 1
PSU : 5
Private : 48
Total Nos. of Information Security Audits done : 54

5. Number of audits in last 12 months , category-wise

• Network security audit : 7

• Web-application security audit : 12
• Mobile Application Security Audit : 4
• Wireless security audit : 3
• Compliance audits (ISO 27001, PCI, etc.) : 5
• IT General Controls : 38
• Vulnerability Assessment & Penetration Testing : 12
• IT Infrastructure Audit : 2
• Review of Applications Implementation : 4
(Both Pre & Post Implementation)
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) 1

6. Technical manpower deployed for information security audits :

CISSPs : 2
BS7799 / ISO27001 LAs : 18
CISAs : 5
DISAs / ISAs : 8
CEH : 10
CCNA : 2
Total Nos. of Technical Personnel : 45
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations:

S. Name of Duration Experience Qualifications related to

No. Employee with RSM in Information security
Astute Information
Consulting Security
B.E, Master – IT, CISA, CISP,
CISSP, CIISA, SAP-Net Weaver
1 Anup Nair > 4 years 18 years Security Certification, IS0 22301
Lead Implementor, ISO 27001
LA, ESCA
B.Tech, IIT Madras, Diploma in
2 K Chandrasekaran >15 Years >3 Years Industrial Management(PGDIM),
ISO 27001 LA
3 Suman Ganguly < 1 year 16 years BE, MBA, CISA, ISO 27001
DME (Diploma in Mechanical
Engineering)
4 G. Satish >15 Years >3 Years
Certified Lead Auditor for ISO
27001, ISO 9001, ISO 45001
5 Mahadevi Garu > 6 years 12 years CA, CISA, ISO 27001 LA
6 Yogendra Joshi < 3 years 23 years B.E, CISA
7 Sachin Pandhare < 4 years 12 years PGDBM, ISO 27001 LA
M.S Computer Science, CEH,
8 Rahul Kshirsagar <1 years 10 years
CNSS
BE, CISA, CRISC, CEH, ISO
9 Rishi Awasthi < 3 years 8 years
27001 LA
CA, CISA, CISSP, CRISC, SAP
10 Parag Sanghvi < 6 years < 6 years
(FI), ISO 27001 LA
11 Shyam Sundaran < 1 year < 5 years MBA, CISA
12 Nitin Bhamare < 1 year < 6 years BE, CEH
13 Pragati Satra < 3 years < 3 years B.E, CISA, ISO27001 LA
Microsoft Certified System
14 Shailesh Mahale >15 years >25 years
Engineer, CCNA, CEH
15 Anjan Hajra >7 years >17 years DOEACC, CCNA, ITIL
MBA (IT), Diploma in Hardware &
16 Satish Suvarna > 11 years >17 years
Networking
B Nutan Kumar
Reddy
17 < 1 year 7 years ICWA/CMA, CISA

Ramya Sagri CA, Diploma in IT, Certified

Acharya Internal Auditor, IT Auditor,
18 < 1 year >18 years
Certified Fraud examiner, SOS
Internal controls

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Clients Details

World’s leading IT & ITES Company Information Security and Cyber Security
Services for their 3 delivery centers in
Mumbai, Pune and UK. The Project value was
Rs. 2.63 Crores

India’s leading Scheduled Bank Review of application security, API security

and mobile application security assessment
for one of the largest Scheduled Banks. The
assessment coverage was for 150 applications
of the Bank: The scope involved:

Application Security Assessment

VAPT
Mobile Application Security Assessment
API Security Assessment
The Project value was Rs.35,04,600/-
India’s leading Private Bank Review of Third Party Risk Management and
determine Information Security maturity
levels for the following domains

• Business Objectives, Governance and

Policy
• Data Protection
• Security Risk Management
• Access Management
• Organization and Resources
• Incident Response
• Third-Party/Vendor Management
• Security Architecture
• Infrastructure Resiliency
• Security Awareness and Training
The Project value was Rs.33,00,000/-

India’s leading Oil Company System review of core ERP system (i.e. SAP),
business cycles and IT Audits. The scope
covered 26 audits across Pan India.
The Project value was Rs.22,50,000/-

The scope involved conducting enterprise

Leading Indian consumer electrical equipment wide Cyber Security Assessment for all their
manufacturing company critical systems and assisting in establishing
Information Security Framework along with
policies and procedures.

The Project value was Rs. 23,25,000/-

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

• Nessus Professional
• Kali Linux
• Nmap
• NetCat, NPing, HPing
• OpenSSL
• Wireshark
• Metasploit
• SQLMap
• Appscan
• Burp Suite Pro
• Owasp ZAP
• Nipper, Nipper-ng
• Checkmarx Static Code Analyzer.
• Python, PowerShell
• MobSF
• Magisk
• APKtool
• Echo Mirage

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No :No
(If yes, kindly provide oversight arrangement (MoU, contract etc.)

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No : Yes

(RSM Astute Consulting Private Limited is an independent member firm of RSM International
located at 50 Cannon Street, London, EC4N 6JJ – United Kingdom. RSM International is the 6th
largest audit, tax and consulting network globally and has presence in 120 countries. Each
member entity in respective country is a separate and independently owned entity)

12. Whether organization is a subsidiary of any foreign based organization? : Yes/No : No

13. Locations of Overseas Headquarters/Offices, if any : Yes/No : N/A

*Information as provided by RSM Astute Consulting Pvt. Ltd on August18, 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Sysman Computers

1. Name & location of the empanelled Information Security Auditing Organization :

Sysman Computers
312, Sundram, Rani Laxmi Chowk, Sion Circle, Mumbai 400022
Contact : Dr. Rakesh M Goyal, Director
Website : www.sysman.in
Phone – 99672-48000 / 99672-47000 / 022-2407-3814
Email – [email protected] / �ससमैन@�ससमैन.भारत

2. Carrying out Information Security Audits since : 1991

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) - YES

• Web-application security audit (Y/N) - YES
• Mobile-application security audit (Y/N) - YES
• Wireless security audit (Y/N) - YES
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) - YES
• Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) - YES
• ICS/OT Audits (Y/N) - YES
• Cloud security Audits (Y/N) - YES
• Main business application audit - YES
• Cyber Forensics - YES
• IT GRC Consulting - YES
• Techno-legal compliance/consulting - YES
• Audit of Certifying Authorities/e-sign/RA/ASP - YES
• Audit of UIDAI AUA / KUA / ASA / KSA - YES
• Data Privacy Audits - YES

4. Information Security Audits carried out in last 12 Months :

Govt. : <number of> : 03

PSU : <number of> : 15
Private : <number of> : 69
Total Nos. of Information Security Audits done : 87

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit: <number of> : 08

Web-application security audit: <number of> : 27
Mobile-application security audit: <number of> : 02
Wireless security audit: <number of> : 01
Compliance audits (ISO 27001, PCI, RBI): <number of> : 18
Cyber Forensics : <number of> : 05
IT GRC Consulting/Audit : <number of> : 05
Audit of CA/e-sign/RA/ASP : <number of> : 15
Audit of UIDAI AUA / KUA / ASA / KSA : <number of> : 04
ISNP/GICSI audits : <number of> : 02
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : 02
ICS/OT Audits: <number of> : 02
Cloud security Audits: <number of> : 01

6. Technical manpower deployed for information security audits :

CISSPs : <number of> : 01

BS7799 / ISO27001 LAs : <number of> : 05
CISAs : <number of> : 04
DISAs / ISAs : <number of> : 01
Any other information security qualification: <number of> : 04
Total Nos. of Technical Personnel : : 08

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. Sysman Information Information security
Security
1 Dr. Rakesh M Feb 1985 30 years PhD, CISA, CISM, CCNA,
Goyal CFE, CCCI
2 Vaibhav Banjan May 2007 18 years CISA, DISA
3 Anand Tanksali April 2010 14 years CCNA, CCSA
4 Winod P Karve Sep 1999 22 years CISA, ISO27001 LA
5 Mohammad Khalid March 2011 11 years CCNA, ISO27001 LA
6 Pallavi Goyal April 2010 10 years ISO27001 LA, CCNA,CEH
7 Ankur Goyal March 2012 12 years ISO27001 LA
8 Kiran Chugh June 2015 13 years CISA, CISSP, ISO27001
LA

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

1. IT Infrastructure with 150 servers, 2500+ nodes, 120 switches, 30 routers

spread over 50 locations all over India alongwith matching DR site.
2. Application audit with 32 modules used by 6000 people
3. e-governance Web-application with 23 modules exposed to world
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Mostly used - Nmap. Superscan, Nessus, Metasploit, Kali, SecurityForest, sqlmap,

MBSA, Belarc, w3af, GFI, Aircrack, Nikto, Kismet, NetStumbler, WebSecurify, Burp
Suite, Temper data, N-stalker, ZAP, Secure Auditor, Web developer toolbar. (others
depending upon requirement). Finally Manual exploitation.

10. Outsourcing of Project to External Information Security Auditors / Experts : NO

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

No. No outsourcing of assignment is done. But engagement of external known

experts along with Sysman team is done, based on special skills required for any
specific assignment.

For this, we have (a) Confidentiality and Non Disclosure Agreement; (b) adherence
to IT Security and other Policies and (c) clear cut scope of work, with clear
knowledge of client.

11. Whether organization has any Foreign Tie-Ups? : NO

If yes, give details : NA

12. Whether organization is a subsidiary of any foreign based organization? : NO

If yes, give details : NA

13. Locations of Overseas Headquarters/Offices, if any :

We are pure Desi organisation. There is no overseas HQ or office or branch.

*Information as provided by Sysman Computers on 29 June 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Mirox Cyber Security & Technology Pvt Ltd

1. Name & location of the empanelled Information Security Auditing Organization :

Name : - Mirox Cyber Security & Technology Pvt Ltd

Location: - 4th Floor Nila Technopark Trivandrum 695581 Kerala India
Phone +91 471 4016888
Phone +91 471 4000545
Mobile+91 9995199499,
Mobile +91 9995799499
Email- [email protected]
Email- [email protected]
Email- [email protected]

2. Carrying out Information Security Audits since : 2010

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : YES
• Application VAPT - (Vulnerability Assessment & Penetration Testing) : YES
• Network VAPT - (Vulnerability Assessment & Penetration Testing) : YES
• Mobile Application VAPT - (Vulnerability Assessment & Penetration Testing) : YES
• IOT Security Testing : YES
• Social Engineering Test : YES
• Secure Code Review : YES
• Host Security Assessments : YES
• Database Security Audit & Assessment : YES
• Device Security Audit & Assessment : YES
• Telecom Security Audit & Assessment : YES
• SCADA VAPT : YES
• Electronic Security Audit : YES
• Risk Assessments : YES
• ERP Security Audit & Assessment : YES
• Infrastructure Security Audit : YES
• Big Data Security Audit & Assessment : YES
• Cyber forensic Analysis : Yes
• Security Architecture Review : Yes
• Data Center Security Audit & Assessment : Yes
• Cloud Applications VAPT : Yes
• Threat Assessment : Yes
• SOC - Security Operation Center Audit & Assessment : Yes
• Managed Security Service : Yes
• Automotive Security Audit : Yes
• AI - Artificial Intelligence Security Audit : Yes
• ML- MACHINE LOG AUDIT : Yes
• Satellite Communication Device & System Audit : Yes
• Data Localization Security Audit : Yes
• Ransomware Rescue Analysis & Forensic Investigation : YES
• SOAR - Security Orchestration, Automation and Response Audit & Review : YES

4. Information Security Audits carried out in last 12 Months :

Govt. : 63
PSU : 7
Private : 90
Total Nos. of Information Security Audits done : 160
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

6. Technical manpower deployed for information security audits :

CISSPs : 1
BS7799 / ISO27001 LAs : 3
CISAs : 2
DISAs / ISAs : 2
Core Technical Security Experts : 10
Any other information security qualification : 6
Total Nos. of Technical Personnel : 18

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. <organization> Information Security Information security
1 Rajesh Babu 10 14+ CEH/Security Expert
Certified/CISO/Risk
Assessment
2. Lalit 1 16+ Lead Auditor ISO
27001:2005 , - ISO
22301:2012 , - ISO
9001:2015
(Information Security
Management System)

3. Harish V 4.5 4.5 + CEH, Security Certified

4. Amal TK 2 2+ Security Certified
5. Ananthulal 1 1+ CEH, Security Certified
6 Anas SA 2 2+ M.SC Cyber Security
7 Pradeep KK 1 15 + Lead Auditor for ISO
27001, Lead Auditor
for ISO 9001,Qualified
Auditor for ISO 14001,
CSQP
8 Manoj VN 1 15 + Lead auditor for Quality
Management System
(ISO 9001)Lead auditor
for EMS Qualified
auditor for OHSAS (
Safety & Security)
9 Nandu 1 2+ Electronic Security
Certified
10 Vishnu 1 1 CEH, Security Certified
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

• Done the largest Infrastructure Security Audit and Assessment more than 16000
machines plus Enterprise UTM/IDS/IPS/SIEM/ Routers and other related IP based
devices etc...for an US Based company and Kerala State Government SECWAN network
5000 plus.
• Done The Security Testing for World's 3rd largest image and video content portal for an
UK based Enterprise. Its owned and stock more than 100 millions video and image
contents.
• Done the Infrastructure SOAR Platform audit for largest Retail based network

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

S.No. Tools Opensource/Licensed

1 Acunetix Licensed
2 Nessus Licensed
3 SE-SMSer Opensource
4 acccheck opensource
5 ace-voip opensource
6 Amap opensource
7 arp-scan opensource
8 Automater opensource
9 bing-ip2hosts opensource
10 braa opensource
11 CaseFile opensource
12 CDPSnarf opensource
13 cisco-torch opensource
14 Cookie Cadger opensource
15 copy-router-config opensource
16 DMitry opensource
17 dnmap opensource
18 dnsenum opensource
19 dnsmap opensource
20 DNSRecon opensource
21 dnstracer opensource
22 dnswalk opensource
23 DotDotPwn opensource
24 enum4linux opensource
25 enumIAX opensource
26 EyeWitness opensource
27 Faraday opensource
28 Fierce opensource
29 Firewalk opensource
30 fragroute opensource
31 fragrouter opensource
32 Ghost Phisher opensource
33 GoLismero opensource
34 goofile opensource
35 hping3 opensource
36 ident-user-enum opensource
37 InSpy opensource
38 InTrace opensource
39 iSMTP opensource
40 lbd opensource
41 Maltego Teeth opensource
42 masscan opensource
43 Metagoofil opensource
44 Miranda opensource
45 nbtscan-unixwiz opensource
46 Nmap opensource
47 ntop opensource
48 OSRFramework opensource
49 p0f opensource
50 Parsero opensource
51 Recon-ng opensource
52 SET opensource
53 SMBMap opensource
54 smtp-user-enum opensource
55 snmp-check opensource
56 SPARTA opensource
57 sslcaudit opensource
58 SSLsplit opensource
59 sslstrip opensource
60 SSLyze opensource
61 Sublist3r opensource
62 THC-IPV6 opensource
63 theHarvester opensource
64 TLSSLed opensource
65 twofi opensource
66 URLCrazy opensource
67 Wireshark opensource
68 WOL-E opensource
69 Xplico opensource
70 BBQSQL opensource
71 BED opensource
72 cisco-auditing-tool opensource
73 cisco-global-exploiter opensource
74 cisco-ocs opensource
75 cisco-torch opensource
76 copy-router-config opensource
77 DBPwAudit opensource
78 Doona opensource
79 DotDotPwn opensource
80 HexorBase opensource
81 Inguma opensource
82 jSQL opensource
83 Lynis opensource
84 Nmap opensource
85 ohrwurm opensource
86 openvas opensource
87 Oscanner opensource
88 Powerfuzzer opensource
89 sfuzz opensource
90 SidGuesser opensource
91 SIPArmyKnife opensource
92 sqlmap opensource
93 Sqlninja opensource
94 sqlsus opensource
95 tnscmd10g opensource
96 unix-privesc-check opensource
97 Yersinia opensource
98 Armitage opensource
99 Backdoor Factory opensource
100 BeEF opensource
101 Commix opensource
102 crackle opensource
103 exploitdb opensource
104 jboss-autopwn opensource
105 Linux Exploit Suggester opensource
106 Maltego Teeth opensource
107 Metasploit Framework opensource
108 MSFPC opensource
109 RouterSploit opensource
110 Airbase-ng opensource
111 Aircrack-ng opensource
112 Airdecap-ng and Airdecloak-ng opensource
113 Aireplay-ng opensource
114 Airmon-ng opensource
115 Airodump-ng opensource
116 airodump-ng-oui-update opensource
117 Airolib-ng opensource
118 Airserv-ng opensource
119 Airtun-ng opensource
120 Asleap opensource
121 Besside-ng opensource
122 Bluelog opensource
123 BlueMaho opensource
124 Bluepot opensource
125 BlueRanger opensource
126 Bluesnarfer opensource
127 Bully opensource
128 coWPAtty opensource
129 crackle opensource
130 eapmd5pass opensource
131 Easside-ng opensource
132 Fern Wifi Cracker opensource
133 FreeRADIUS-WPE opensource
134 Ghost Phisher opensource
135 GISKismet opensource
136 Gqrx opensource
137 gr-scan opensource
138 hostapd-wpe opensource
139 ivstools opensource
140 kalibrate-rtl opensource
141 KillerBee opensource
142 Kismet opensource
143 makeivs-ng opensource
144 mdk3 opensource
145 mfcuk opensource
146 mfoc opensource
147 mfterm opensource
148 Multimon-NG opensource
149 Packetforge-ng opensource
150 PixieWPS opensource
151 Pyrit opensource
152 Reaver opensource
153 redfang opensource
154 RTLSDR Scanner opensource
155 Spooftooph opensource
156 Tkiptun-ng opensource
157 Wesside-ng opensource
158 Wifi Honey opensource
159 wifiphisher opensource
160 Wifitap opensource
161 Wifite opensource
162 wpaclean opensource
163 apache-users opensource
164 Arachni opensource
165 BBQSQL opensource
166 BlindElephant opensource
167 CutyCapt opensource
168 DAVTest opensource
169 deblaze opensource
170 DIRB opensource
171 DirBuster opensource
172 fimap opensource
173 FunkLoad opensource
174 Gobuster opensource
175 Grabber opensource
176 hURL opensource
177 jboss-autopwn opensource
178 joomscan opensource
179 jSQL opensource
180 Maltego Teeth opensource
181 PadBuster opensource
182 Paros opensource
183 Parsero opensource
184 plecost opensource
185 Powerfuzzer opensource
186 ProxyStrike opensource
187 Recon-ng opensource
188 Skipfish opensource
189 sqlmap opensource
190 Sqlninja opensource
191 sqlsus opensource
192 ua-tester opensource
193 Uniscan opensource
194 Vega opensource
195 w3af opensource
196 WebScarab opensource
197 Webshag opensource
198 WebSlayer opensource
199 WebSploit opensource
200 Wfuzz opensource
201 WPScan opensource
202 XSSer opensource
203 Burpsuite Commercial
204 Google Nogotofail Opensource
205 ImmuniWeb Opensource
205 zaproxy opensource

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Mirox Cyber Security & Technology on 26-10-2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s AQM Technologies Pvt Ltd.

1. Name & location of the empanelled Information Security Auditing Organization:

AQM Technologies Pvt Ltd.

Mumbai, India

2. Carrying out Information Security Audits since:

Year 2001 - (erstwhile AUDITime Information Systems Ltd.)

Year 2018 (AQM Technologies Pvt. Ltd.)

3. Capability to audit, category wise (add more if required)

Network security audit (Y/N): Y

Web-application security audit (Y/N): Y
Wireless security audit (Y/N): Y
Compliance audits (ISO 27001, PCI, etc.) (Y/N): Y
Cyber Security & CSOC Audits Y
Cloud & DC, DR, BCM (ISO 22301) Audits Y
Source Code Reviews Y
IT Application / ERP Audits Y
IT Security & Infrastructure Audits Y
Vulnerability Assessments & Pen Testing (Mobile/WebApps) Y
Third Party / Outsourcing / Vendor Audits Y
Functional Audits (BFSI/CBS/ Treasury / GL/ Recon) Audits Y
SWIFT / ATMs/ Switch/ API/ Payment Gateway Audits Y
Data& Technical Migration & Pre / Post Implementation Audits Y
IT M&A / Due Diligence Audits Y
Concurrent Audits – DC, Application, ITGC & Security Audits Y
Assurance of IT Audits Y
AUA/ KUA Audits Y

4. Information Security Audits carried out in last 12 Months:

Govt. : 12
PSU : 5
Private : 17
Total Nos. of Information Security Audits done : 34

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them):

Category Number
Network security audit 21
Website /Web application security audit 73
Cyber Security / Compliance Audit 9
Application audit 5
Mobile Application Audit 29
Source Code Review 1
Server Configuration Audit 9
Server VAPT 4
Database Audit 4
Data Migration Audit 2

6. Technical manpower deployed for informationsecurity audits:

Technical Number
Competence
CISSPs: 1
BS7799 / ISO27001 4
LAs:
CISAs : 7 (Certified)
+2 (Certification
Pending)
DISAs / ISAs : 0

Any other information security qualification:

CISM, CISE, CFE, CEH, ECSA, CHFI, CCNA, CND CISC, CDAC (PG-DITISS), M.Sc(Forensic
sciences), CDCP, CDPO, Diploma in Cyber Law, CDAC (ITSS), Networking, Win Ad &
Linux, Cloud Star Certified, CPSE

Total Nos. of Technical Personnel:24

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required): Refer Annexure.
S. Name of Duration with Experience in Qualifications related
No. Employee <organization> Information Security to Information security

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value:

1. Bandhan Bank -
1. APIs/ Middleware, Mobile Banking & Mobile based payment systems
2. Application Security, ATM switch audits
3. Vulnerability Assessments & Pen testing
4. Cyber security framework, BioMetric Authentication, Network Infra
5. NACH, SFMS, RTGS, NEFT, Corporate Internet Banking, Debit Cards System
6. Active Directory, OS & Databases
7. Network & Security Device
8. Configuration Review
9. Third Party (vendor Audits)
[security audits across multiple platforms, different regions with GRUH Finance
integrated with Bandhan Bank systems – Appls, Databases, APIs, Network,
Infra and Third Party audits] –
approx. Appl/ API/ Infra counts: ~ 200
Value : INR < 25 lacs

2. UCO Bank –
1. Penetration testing
2. Vulnerability Assessments
3. Source Code Audits
3. [VA & PT across multiple platforms including UPI systems, type of testing –
Black box / Grey box / White box) including source code audits – includes
mobile, App – web / thick client / standalone]
4. Periodic Testing / Quarterly / Half yearly –[multi year]
5. approx. Appl/ Source Code Audits/ Infra counts:> 450
Value : INR < 20 Lacs [periodic]
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Tool Name Purpose

Acunetix Web Application VA
Burp suite Web App, Mobile App, API VAPT,
SoapUI API VAPT
CheckMarkx Source Code Review & Web App PT
Nessus Server VA, Network VA, Cloud VA
Qualys Server VA, Network VA, Cloud VA
Python scripts (proprietary) Server/Network/Web application VAPT
Logcat Mobile Application VAPT

Other Tools
Mobile application VAPT, Web Application VAPT, Server VAPT,
Kali Linux
Network + WiFI VAPT.
JD-GUI / DEX2JAR/
Mobile Application VAPT
APKTOOL/ Drozer/ MOBSF
POSTMAN Web services and API Testing automated tool
Wireshark Network protocol analyser

Ettercap network sniffing / intercepting / logger for ethernet LANs

OWASP Zed Attack Proxy/

Web application security scanning
SQLMap/ Iron Wasp/ Nikto
SSL Qualys server lab SSL Scanner
Internet security services checks/ assessment (e.g.: anti-
NetCraft / NMAP fraud and anti-phishing services and PCI scanning, Port
scanning)
Metasploit Framework /
Exploit code development framework for Pentesting
Netcat
EchoMirage Thick Client VA & PT
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No: NO
( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes/No:NO

12. Whether organization is a subsidiary of any foreign based organization:Yes/ No: NO

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any: Yes/No:NA

* Information as provided by AQM Technologies Pvt Ltd. On 26th Oct 2020.

Back
ANNEXURE

ANNEXURE - Details of Team:Details of technical manpower deployed for information security audits

S Name Email & Phone Durat Experie Qualification and Certification

. ion nce in
N with Informa
o. AQM tion
Securit
y
1. Madhav Madhav.Bhadra@aqmtech 19 19 CA, CISA
Bhadra nologies.com Years Years
2. Ritesh Ritesh.Kotecha@aqmtech 14 14 CA, CISA
Kotecha nologies.com years years
3. Dhruti Patel dhruti.patel@aqmtechnol 16 16 ICWA, CISA, ISO 20000
ogies.com Years Years
4. Sanjay sanjay.parikh@aqmtechn 4 19 CISA, CISM (certification pending),
Jitendra ologies.com Years Years CDPO, PGDM (Computers), ITIL v3
Parikh IT Service Management,
Certification in Business Analytics
5. Rasika Manoj rasika.patil@aqmtechnolo 4 4 Years ME (Computer Science), B.Sc, CISA,
Patil gies.com Years CISM, MCSE
6. Ruchika ruchika.agrawal@aqmtec 3Year 3Years B. Tech (Information Technology),
CDAC (PG-DITISS), ECSA
Agrawal hnologies.com s
7. Mahesh mahesh.harkulkar@aqmt 2 2 Years B.E. (Computer Engineering), CDAC
(PG-DITIS), CEH v10
Vaman echnologies.com Years
Harkulkar
8. Akash Bharat akash.chavan@aqmtechn 2 2 Years B.E. (Electronics and
Telecommunication), PG-DITISS,
Chavan ologies.com Years
CDAC, CEH v10
9. Chaitanya S. chaitanya.anant@aqmtec 2 2 Years B.E., CDAC, CEH, CIH V2
Anant hnologies.com Years
10. Nimesh Nimesh.Kacha@aqmtechn 2 2 Years B.Sc. (Computer Science), CEH,
DIPLOMA IN CYBER LAW,
Kacha ologies.com Years
ISO 27001 LA
11. Ankit Sharma Ankit.Sharma@aqmtechn 2 2 Years B. Sc (IT), CEH, ECSA, CHFI, ISO
27001 LA
ologies.com Years
12. Devender devender.tinwal@aqmtec 1.5 1.5 CISA (Certification Pending),
Tinwal hnologies.com Years Year
13. KajolMogra Kajol.Mogra@aqmtechnol 1.5 1.5 B.Sc., Masters in Forensic Science,
CEH v10
ogies.com Years Year
14. Vaibhav Mali Vaibhav.Mali@aqmtechno 1 12 BSc (Computer Science), MBA,
logies.com Year Years ITILv4, , PRINCEv2, CCNA, MCSE, ,
MCTS & MCP, JNCIA
15. Durgesh P. Durgesh.Badgujar@aqmt 1.5 1.5 CDAC, CEH v10
Badgujar echnolohies.com Year Years
16. Ravindra A Ravindra.A@aqmtechnolo <1 12 BE, MBA, Dip in Ind. Mgmt,
Chartered Engineer, CISA, CDPSE,
gies.com year Years
ISO 27001 LA, ISO22301-BCMS LI,
ISO27701 PIMS LI, CDCP, CSA Star
Certification Auditor, Risk &
Compliance Mgmt Professional,
Project Mgmt Professional.
17. Nakul Nakul.Dhamale@aqmtech 1 1 Year B.E E&TC(2016), CDAC (PG-
Dhamale nologies.com Year DITISS), CEH v10
18. Rohit rohit.gondane@aqmtechn <1 1 Year B.E (IT), CEH v10
Gondane ologies.com year
19. Govind govind.boddepalli@aqmte <1 4Years CEH v10, CHFI, LPT
Boddepalli chnologies.com year
20. Sridhar sridhar.pulivarthy@aqmte <1 18 CISA, CISSP, CRISC, ZED Certified
Consultant, CFE, PfMP, CCSE, PMP,
Pulivarthy chnologies.com> year years
ITIL Practitioner, ITIL Expert V3,
PRINCE2® Foundation Certification
Training, ISO 20000 Lead Auditor,
ISO 27001 Lead Auditor, ISO 9001
Lead Auditor, CMMi Assessor
(Internal), SSCA, SCNA, Rational
Tools Expert (ClearCase Admin &
ClearQuest Admin), Oracle Certified
Professional (OCP)
21. Gargi Gargi.Kulkarni@aqmtechn 1 1 Year CCNA, CEH v10
Vidyadhar ologies.com Year
Kulkarni
22. Saurabh Saurabh.Jadhav@aqmtec 1 1 Year
BE, CDAC PG-DITISS, CEH v10
Jadhav hnologies.com Year
23. usha.nanduri@aqmtechno 1 7 Years CISA –(Certification Pending)IS0
27001:2013 - Certified Internal
logies.com> Year
Auditor, CSM - Certified Scrum
Master -Agile, CSQA ,CSTE -
Usha Nanduri Certified Software Quality Analyst,
Test Engineer, Six Sigma Green Belt
Certification, Project Management
Professional (PMP)- PMI -PMP
Trained, SOX and IT Audits - ISACA
Trained
24. shankar.vela@aqmtechno >1 3.5
Shankar Vela B.Tech, CEH v10
logies.com years

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Centre for Development of Advanced Computing (C - DAC)

1. Name & location of the empanelled Information Security Auditing Organization :

Centre for Development of Advanced Computing (C - DAC),

Plot No. 6 & 7, Hardware Park,
Sy No. 1/1, Srisailam Highway,
Pahadi Shareef Via Keshavagiri (Post), Hyderabad - 501510

2. Carrying out Information Security Audits since : 2014

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, eSign, UIDAI,
SOC1/SOC2/SOC3 etc.) (Y/N) : Yes
• Finance Sector Audits (Swift, ATMs, API, Payment Gateway, eSign, UIDAI Compliance
etc.) (Y/N) : Yes
• ICS/OT Audits (IEC27001/27017/27018/27701/NCSC Cyber essentials) (Y/N) : Yes
• Cloud security Audits (IEC62443, NERCCH, NIST/NIS/CSCCAP) (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 320
PSU : 20
Private : 38
Total Nos. of Information Security Audits done : 340

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 11

Web-application security audit : 346
Wireless security audit : 10
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 22
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : 15
ICS/OT Audits : 2
Cloud security Audits : 2
Webservices security Audit : 50
Mobile Application security audit : 50
Source Code Application security audit : 05

6. Technical manpower deployed for information security audits :

CISSPs : 02
BS7799 / ISO27001 LAs : 05
CISAs : 0
DISAs / ISAs/CERT/SANS Certified Professionals : 20
Any other information security qualification: Refer table below
Total Nos. of Technical Personnel : 50
(including R&D team)

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related to

No. Employee <organization> Information Information security
Security
1 Murthy.Ch.A.S May, 1999 18+ • ISMS LA
• SANS - GAWN
• SANS - GXPN
• CERT-CC Certified Incident
Handling, Forensics Analysis and
Network Security in CMU, USA
2 Eswari PRL Feb 2000 19+ • CERT-CC Certified Incident
Handling, Forensics Analysis and
Network Security in CMU, USA
• GREM
3 Indraveni.K July 2005 14+ • SANS GWAPT
• SANS Advanced Web Application
Penetration Testing and ethical
hacking
• ISMS LA
4 Tatikayala Sai Gopal Feb 2007 12 • GIAC Security Essentials (GSEC)
5 Jyostna G Mar 2006 13 • GMOB
6 Mahesh Patil Aug-04 15 • GREM, ECSA, CEH7
7 Sandeep Romana Sep-07 12 • CISSP
8 Tyeb Noushad Oct-2008 13 • CCNA, ITL, ECSA
9 Nandeeshwar B 2008 11 • CEH , EC-Council
• ECSA
• ISMS LA
10 M K Chaitanya Sep 2006 18 PG Diploma
11 Rakesh T 2006 13  CISS
 (ISC2)
ISMS-LA, Indian Institute of Quality
Management, STQC
12 Varun Jain 2008 10 ECSA, CISP (STQC)
13 Satish Babu 2012 7 CISP (STQC)
14 Amit Kr Singh 2012 7 M.Tech
15 Tarun Kumar 2012 7 CISP (STQC)
16 Rishabh Chauhan 2017 2 PGDITSS
17 Shivam Mishra 2018 1 PGDITSS
18 Ritesh Dwivedi 2018 1 PGDITSS
19 Navdeep Singh Chahal 2010 9 ECSA, CISP
20 Harpreet Singh 2013 6+ -
21 Sukhmeet Singh 2016 5+ -
22 Chetan Soni 2012 8 -
23 Daveet Singh 2012 7+ CISP, RHCE
24 U V Sudharshan 2018 2 -
25 Danish Inamdar 2018 3 -
26 G Prashant 2018 2 -
27 Anupam Chanda 2009 10 ECSA, STQC-CISP, SANS FOR-408,
SANS FOR-508
28 Kousik Maiti 2014 5 ECSA,RHCSA, Cellbrite CCO, Cellebrite
CCPA, SANS FOR-585, MOBILedit
Certified
29 Aniruddha Datta 2014 5 CCNA, Pursuing CHFI, Cellbrite CCO,
Cellbrite CCPA, MOBILedit Certified
30 Sourav Mitra 2014 5 CHFI, Win 10 Forensics (Access Data),
Mac Forensics (BlackBag), SANS LEG -
523

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value.

Slno Organization Scope of Auditing Volume

1 Kochi Metro • Web applications VAPT • Web applications - 6

Rail • VAPT of Network • Network infrastructure - 15
Corporation infrastructure • Traffic Analysis - 1
Network, • Traffic Analysis
Cochin

2 NERLDC, • Web applications VAPT • Web applications - 10

POSOCO • VAPT of Network • Network infrastructure -
infrastructure o Servers - 34
Shillong and o Desktops/Laptops/Work
Guwahati Stations - 77
o Routers - 03
o Switches (L2, L3) - 02
o Firewalls - 09
o Wireless Access Points,
ACLs, CCTV - 02
• Penetration Testing - 10
3 ONGC, Delhi • Review of policy and • Network devices - 204
procedure • Web applications - 10
• Vulnerability assessment and
Penetration testing for both
DC and DR
• Email system security
assessment
• Paperless office system
“DISHA” security assessment

• Active Directory security

assessment
• Web Application security
testing
• Configuration review for both
DC and DR
• Review of network and
security architecture for both
DC and DR
• Review of Data center
infrastructure for both DC and
DR
• Risk matrix
4 State Bank of • Web applications • Web applications ~ 10
India • Mobile applications • Mobile applications ~ 6
• Comprehensive Security • CSR Review ~ 40 applications
Review
5 Damodar 4 years projects • Web applications ~ 50
Valley • Network infra ~ 200
Corporation • ISMS Consultancy • OT systems ~ 150
Ltd, Kolkatta • VAPT of IT and OT Systems

6 APEPDCL 3 years • Web applications ~ 30

• Network devices ~ 275
• ISMS Consultancy
• VAPT of IT Systems
7 NPCI • Comprehensive Security • Web applications ~ 15
review • Network devices ~ 30
8 IFTAS • Comprehensive Security • Policy gap assessment
review • Risk assessment
• Threat analysis
9 SRLDC, • Web applications • Web applications ~ 6
POSOCO, • Network Infra • Network components ~ 57
Bangalore • VAPT Intra and extranet

10 Bank of • Threat Assessment • Servers - 20

Maharashtra • SOC and SIEM Analysis
• Malware analysis
11 Goa Shipyard • Web applications • Switches - 20
Limited • Network Infra • Firewalls - 2
• VAPT Intra and extra net • Servers - 12
• Workstations - 50
12 Centre for e- • VAPT of Web Applications • Web applications ~ 300
Governance

16 CISF Chennai • VAPT of Network • Workstations – 39

Infrastructure • Routers – 03
17 Novatrice • VAPT of web applications and • Web Applications ~10
Technologies webservices • Webservices ~10

18 DRDL • Technical Consultancy • Consultancy Services for

Hyderabad services for the maintenance, DRONA Project
performance and security of • Consultancy Services for DNET
the Network Systems at DRDL Project
• Consultancy Services for BOSS
Project
19 Dept. of • VAPT of Web and Mobile • Web Applications – 02
Registration Application • Mobile Applications – 01
and Stamp (including webservices)
Revenue

20 DRDO, New • Training Programme • Provided Security Training of

Delhi ISOs

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial

Freeware Commercial

1. Arachni 16. Httprint 1. Acunetix

2. OWASP ZAP 17. Curl 2. Burpsuite Professional
3. Nmap 18. Tcpdump 3. Nessus
4. Nikto 19. Fimap 4. Core Impact
5. Netcat 20. SwfScan 5. BeStorm
6. W3af 21. Hydra 6. HCL AppScan
7. Wapiti 22. John the Ripper 7. Splunk
8. Sqlmap 23. Ssltest 8. Nipper
9. Zapproxy 24. Sslstrip 9. Network Miner
10. Skipfish 25. Cain and Abel
11. Backtrack , Kali 26. Brutus
12. Openssl 27. Airmon -ng
13. Dirbuster 28. Hping
14. Wireshark 29. Scapy
15. Loki 30. wsfuzzer

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No

12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes/ No

*Information as provided by C-DAC, Hyderabad on 29.07.2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Crossbow Labs LLP

1. Name & location of the empanelled Information Security Auditing Organization :

Crossbow Labs LLP, Bangalore

2. Carrying out Information Security Audits since : 2014

3. Capability to audit , category wise (add more if required)

• Network security audit (Yes)

• Web-application security audit (Yes)
• Wireless security audit (Yes)
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Yes)
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Yes)
• ICS/OT Audits (Yes)
• Cloud security Audits (Yes)

4. Information Security Audits carried out in last 12 Months :

Govt. : Less than 10

PSU : Less than 10
Private : 100+
Total Nos. of Information Security Audits done : 100+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit:100+

Web-application security audit: 100+
Wireless security audit:Less than 10
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): 100+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.): 100+
ICS/OT Audits: Less than 10
Cloud security Audits: Less than 10

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 4
BS7799 / ISO27001 LAs : 13
CISAs : 2
DISAs / ISAs :
Any other information security qualification: CEH, OSCP, eJPT, PCI QSA, PCI SSF Assessor,
CHFI, CISM, CCENT, CPTE, NSEC, CyberArk Certified Trustee, CNSS
Total Nos. of Technical Personnel : 25

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. Crossbowlabs Information Security Information security
LLP
1 CISA, PCI QSA, ISO
Rosan Thomas 6.5 years 10+ years 27001 LA, CISSP
2 6 years 5
Deepak Umapathy months 11+ years ISO 27001 LA, PCI QSA
3 Suryaji Vinayak CISA, CISSP, PCI QSA,
Bhosale 6.8 years 10+ years ISO 27001 LA
4 Anantharam VK 9 months 20 + years ISO 27001 LA
5 Kirubakaran PCI QSA, ISO 27001
Parkunan 3.7 years 8 years LA, PCI SSF Assessor
6 Sabeena Job 5.9 years 7 + years PCI QSA, ISO 27001
LA, CISM
7 Khaviyaa
Janakiraman 4.4 years 4.4 years CISSP, PCI QSA
8 Mohammed Adam 2.2 years 3.9 years ISO 27001 LA, CHFI
9 Vinayak Agrahari 2.2 years 7 years CEH, OSCP
10 Rajeshwari
Salmani 8 months 2.6 years CEH
11 Saee Bhosale 1.1 years 1.1 years CISSP
12 Amit Roy 10 months 10 months OSCP, CCENT
13 Akhilraj R 10 months 7 years OSCP, CEH
14 Ashish Patil 1.2 years 1.6years CPTE, OSCP
15 G Prashanth 1.9 years 1.9 years CEH, eJPT
16 Ankush Chavan 1.6 years 1.6years ISO 27001 LA
17 Abubacker CEH, CyberArk Certified
Siddique 11 months 3 years Trustee
18 Aditya Sharma 11 months 11 months NSEC, CNSS
19 Mohammed Irfan 2.2 years 4.9 years
20 Jessy Sheen 1.9 years 1.9 years
21 Ajith Kumar 2.7 years 8 + years ISO 27001 LA
22 Gouthem Karthik
Palani 4.6 years 4.6 years ISO 27001 LA
23 Pratik Mehta 4.4 years 7+ years ISO 27001 LA
24 Bala Murali 1.3 years 1.3 years ISO 27001 LA
25 Nivedita Sharma 2.6 years 2.6 years ISO 27001 LA

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

RBI CISA Audits for - Payment Aggregators&Payment Gateways, Prepaid Payment Instruments,
Payment Data Localization
Web Application Security Audit for 17 Applications of an Insurance Organization
Compliance projects for international conglomerates in terms of consulting support, testing,
audit and reporting

9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

Commercial – BurpSuite, Nessus, Metasploit, Exploitpack

Freeware – Kali, Parrot OS
Proprietary – Data Discovery Tool, Compliance Management Tool

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : 2(UAE, US)

*Information as provided by Crossbow Labs on July 01, 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s CyberQ Consulting Pvt Ltd.

1. Name & location of the empanelled Information Security Auditing Organization:

CyberQ Consulting Pvt Ltd.

J-1917, Chittaranjan Park, New Delhi 110019
Email : debopriyo.kar[at]cyberqindia.com
shikha.yadav[at]cyberqindia.com
ankita.chatterjee[at]cyberqindia.com
Correspondence Address:
A 14-15, 3rd Floor,Sector 59, Noida, Uttar Pradesh-201301

2. Carrying out Information Security Audits since : 1997

3. Capability to audit , category wise (add more if required)

• Network security audit : Yes

• Web-application security audit : Yes
• Wireless security audit : Yes
• Compliance audits : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 30
PSU : 16
Private : 35
Total Nos. of Information Security Audits done : 158
(we have completed multiple project for 1 clients)

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 32

Web-application security audit : 118
Wireless security audit : 1
Compliance audits (ISO 27001, PCI, etc.) : 3
Technical manpower deployed for information security audits : 3

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification : CEH, 10
Total Nos. of Technical Personnel : 21

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related

No. Employee CyberQ Information Security to Information security
1 Mr. Pramod 01-11-2012 21 CEH, CISA, ISO 27001
Kumar Pant LI
2 Mr. Debopriyo Kar 01-03-2002 45 CISSP, ISO 27001 LA
3 Mr. Mathew 01-05-2014 14 CISA and ISO 27001
Varghese LA
4 Arup Roy 22-02-2014 38 ISO 20000-1
5 Consultant 1 – 10-05-2014 8 CEH
Application
Security Expert /
PHP Source Code
expert
5 Consultant 2 – 15-09-2013 8 CEH
Network Security
Expert/Aadhar
compliance audit
expert/SCADA
6 Consultant 3 31-07-2019 2 CEH
7 Consultant 4 22-05-2019 2 CEH
8 Consultant 5 25 April 2019 5 ISO 27001 LA1
9 Consultant 6 22-05-19 3 CEH
10 Consultant 7 07-05-13 7 -
11 Consultant 8 03-08-20 4 CEH
12 Consultant 9 08-10-20 2 CEH

Note : The names of consultants can provided upon request to prevent individual identity and
poaching.

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Large Project(In terms of volume): OIL India, Shree Electricals Agra Smart City, ONGC Videsh,
Syndicate Bank
Large Project(In terms of Complexity): Shree Electricals Agra Smart City
Large Project(In terms of Locations): Oil India and NTPC

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):

Is provided on page no. 3 onwards

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

Tools used for Audit:

S/N Name of the Type Description Any Remarks,

tools to be (open/proprietary/third risk/matter if any
used party of concern
if any,
while using
the tool

1 Nessus Proprietary Nessus is a proprietary No Major Tools will

Vulnerability vulnerability scanner developed risk involved be
Scanner by Tenable. Nessus can scan for handled
include: by CyberQ
auditor
• Vulnerabilities that could allow
unauthorized control or access
to sensitive data on a system.
• Misconfiguration (e.g. open
mail relay, missing patches,
etc.).
• Default passwords, a few
common passwords, and
blank/absent passwords on
some system accounts.
Nessus can also call Hydra (an
external tool) to launch a
dictionary attack.
• Denials of service
vulnerabilities
2. Burp Suite Proprietary Burp Suite is a graphical tool for No Major Tools will
testing Web application security. risk involved be
The tool is written in Java and handled
developed by PortSwigger Web by CyberQ
Security. Burp Suite is auditor
combination of

• HTTP Proxy - It operates as a

web proxy server, and sits as
a man-in-the-middle between
the browser and destination
web servers. This allows the
interception, inspection and
modification of the raw traffic
passing in both
directions.[6][7]
• Scanner - A web application
security scanner, used for
performing automated
vulnerability scans of web
applications.
• Intruder - This tool can
perform automated attacks on
web applications. The tool
offers a configurable algorithm
that can generate malicious
HTTP requests.[7] The
intruder tool can test and
detect SQL injections, cross-
site scripting, parameter
manipulation and
vulnerabilities susceptible to
brute-force attacks.[8]
• Spider - A tool for
automatically crawling web
applications. It can be used in
conjunction with manual
mapping techniques to speed
up the process of mapping an
application's content and
functionality.
• Repeater - A simple tool that
can be used to manually test
an application. It can be used
to modify requests to the
server, resend them, and
observe the results.
• Burp Decoder - Free Edition
• Decoder - A tool for
transforming encoded data
into its canonical form, or for
transforming raw data into
various encoded and hashed
forms. It is capable of
intelligently recognizing
several encoding formats
using heuristic techniques.
• Comparer - A tool for
performing a comparison (a
visual "diff") between any two
items of data.
• Extender - Allows the security
tester to load Burp extensions,
to extend Burp's functionality
using the security testers own
or third-party code
(BAppStore)
Sequencer - A tool for analyzing
the quality of randomness in a
sample of data items. It can be
used to test an application's
session tokens or other important
data items that are intended to be
unpredictable, such as anti-CSRF
tokens, password reset tokens,
etc.

3. Metasploit open-source The Metasploit Project is a No Major Tools will

computer security project that risk involved be
provides information about handled
security vulnerabilities and aids in by CyberQ
penetration testing and IDS auditor
signature development. It is
owned by Boston, Massachusetts-
based security company Rapid7.

• Its best-known sub-project is

the open-source Metasploit
Framework, a tool for
developing and executing
exploit code against a remote
target machine. Other
important sub-projects include
the Opcode Database,
shellcode archive and related
research.
4. Kali _Linux Open Source Kali Linux is a Debian-derived No Major Tools will
Linux distribution designed for risk involved be
digital forensics and penetration handled
testing. It is maintained and by CyberQ
funded by Offensive Security. In auditor
addition to Kali Linux, Offensive
Security also maintains the Exploit
Database. This is a platform
where we execute many tool for
Pen Testing.

5 nmap Open Source Nmap is a free and open-source No Major Tools will
network scanner created by risk involved be
Gordon Lyon. Nmap is used to handled
discover hosts and services on a by CyberQ
computer network by sending auditor
packets and analyzing the
responses. Nmap provides a
number of features for probing
computer networks, including host
discovery and service and
operating system detection.

6 Wireshark open-source Wireshark is a free and open- No Major Tools will

source packet analyzer. It is used risk involved be
for network troubleshooting, handled
analysis, software and by CyberQ
communications protocol auditor
development, and education.
Originally named Ethereal, the
project was renamed Wireshark in
May 2006 due to trademark
issues.

7 Windows Windows inbuilt nbtscan :This is a command-line No Major Tools will

tool that scans for open NETBIOS be
inbuilt NET commands nameservers on a local or remote risk involved handled
TCP/IP network, and this is a first by CyberQ
NET step in finding of open shares. It auditor
commands is based on the functionality of
like nbtstat, the standard Windows tool
nbtstat, but it operates on a range
nbtscan
of addresses instead of just one. I
wrote this tool because the
existing tools either didn't do
what I wanted or ran only on the
Windows platforms: mine runs on
just about everything.

Nbtstat: nbtstat allows a refresh

of the NetBIOS name cache and
the names registered with
Windows Internet Name Service
(WINS). Used without
parameters, nbtstat displays help.

8 sqlmap open-source sqlmap is an open source No Major Tools will

software that is used to detect risk involved be
and exploit database handled
vulnerabilities and provides by CyberQ
options for injecting malicious auditor
codes into them. It is a
penetration testing tool that
automates the process of
detecting and exploiting SQL
injection flaws providing its user
interface in the terminal.

9 Nikto open-source Nikto is a free software command- No Major Tools will

line vulnerability scanner that risk involved be
scans webservers for dangerous handled
files/CGIs, outdated server by CyberQ
software and other problems. It auditor
performs generic and server type
specific checks. It also captures
and prints any cookies received.

10 OWASP ZAP open-source OWASP ZAP is an open-source No Major Tools will

web application security scanner. risk involved be
It is intended to be used by both handled
those new to application security by CyberQ
as well as professional penetration auditor
testers. It is one of the most
active Open Web Application
Security Project projects and has
been given Flagship status.

CyberQ Proprietary This is CyberQ Proprietary No Major Tools will

Proprietary Checklist which is based on CIS risk involved be
and NIST guideline. In this handled
Checklist checklist We check system by CyberQ
based on CIS security hardening. auditor
and NIST

guidelines
*Information as provided by CyberQ Consulting Pvt Ltd. on 26th October 2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Deloitte Touche Tohmatsu India LLP

1. Name & location of the empanelled Information Security Auditing Organization :

Deloitte Touche Tohmatsu India Limited Liability Partnership

2. Carrying out Information Security Audits since : Prior to Year 2000

3. Capability to audit , category wise (add more if required)

• Network security audit: Yes

• Web-application security audit: Yes
• Wireless security audit: Yes
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): Yes
• Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) Yes
• ICS/OT Audits (Y/N) - Yes
• Cloud security Audits (Y/N) – Yes

4. Information Security Audits carried out in last 12 Months:

Govt.:10+
PSU:5+
Private:200+
Total Nos. of Information Security Audits done:200+

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit: 3

Web-application security audit: 5
Wireless security audit:1
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): 5
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): 0
ICS/OT Audits: 0
Cloud security Audits: 0

6. Technical manpower deployed for informationsecurity audits :

CISSPs: 25+
BS7799 / ISO27001 LAs: 150+
CISAs: 30+
DISAs / ISAs: 5
Any other information security qualification:CISM: 10+, OSCP: 10+
Total Nos. of Technical Personnel : more then 150

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Sr. No. Name of Employee Duration with Experience in Qualification related to

<organization> Information Information security
Security

1 Achal Gangwani 9+ Years 16+ Years ArcSight ESM Security

Analyst – AESA, CEH, ISO
27001:2005 ISMS Lead
Auditor, ITIL Foundation
Level Certified, CCNA, IBM
Certified System
Administrator, IBM Certified
Associate Developer
2 Shubham Gupta 3+ Years 2+ Years OSCP, CREST CRT
3 Umesh Huddar 3+ Years 4+ Years OSCP, ECSA
4 Eby Mohan 1+ Years 5+ Years CEH
5 Sai Kiran Battaluri 2+ Years 3+ Years CEH, (ISC)2 System
Security Certified
Practitioner
6 Lakshmi Allamsetty 3 Years 20+ Years CISA, CEH, BCMS
7 Pramod Kumar 3+ Years 13+ Years CISSP, CEH, ITIL, ISO
Potharaju 27001 LA
8 Zeel D Chavda 3+ Years 3+ Years CEH
9 Maheshkumar 3+ Years 6+ Years ECSA, ISO27001
Palaniyappan
10 Kapil Bhardwaj 4+ Years 10+ Years CEH, ISO 27001, ITIL,
Prozm Asset Management
Pro, JNCIA

11 G Shanmugaraj 1+ Year 3+ Years CEH

12 Rishi Singh 2 Month 3+ Years CEH
13 Immanuel 6 Month 1+ Years CEH, ECSA
14 Gurdeep Singh 2+ Years 11+ Years CISA, ISO 27001, ITIL v4

15 Harshita Lal 3+ Years 5+ Years ISO L1 27001, ISO BS

10012, ISA-IEC 62443-32,
62443-33
16 Minaj Khan 5+ Years 15+ Years ITIL, ISO 27001, PMP
17 Diksha Garg 2+ Years 3+ Years ISO 27001
18 Divya Sharma 4+ Years 10+ Years ISO 27001, CEH, CISA
19 Pragati Priya 5+ Years 3+ Years ISO 27001
20 Pritam Pattnaik 5+ Years 14+ Years ISO 27001, CCNA, PRINCE
2
21 Shivam Bhardwaj 3+ Years 10+ Years CEH, ISO 27001
22 Deeprag Rana 3+ Years 16+ Years Prince 2, AWS, CDCP, ISO
27001
23 Vedant Singh 3+ Years 3+ Years ISO 27001, IS0 9001, BS
10012
24 Rajesh Kumar 4+ Years 15+ Years CISA, ISO 27001
25 Chirag Barot 4+ Years 12+ Years ITIL
26 Uddin Mohammed 5+ Years 11+ Years CISA, ISO 27001, ISO
20000,CCNA Security
27 Akhil Khanna 3+ Years 12+ Years CEH, ISO 27001, Qualys
Vulnerability Management

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

1. State Data Center Third Party Audit: State Government (Critical), Tamil Nadu, more
than 5 CR

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary): Burp Suite,

Nessus, Web Inspect, HP Fortify, Nikto, Postman

10. Outsourcing of Project to External Information Security Auditors / Experts: No ( If yes,

kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: Not Applicable

12. Whether organization is a subsidiary of any foreign based organization? No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any:M/s Deloitte Touche Tohmatsu India Limited
Liability Partnership, Indiabulls Finance Centre, Tower 3, 27th – 32nd Floor, Senapati Bapat
Marg, Elphinstone Road (West), Mumbai-400013, Maharashtra, India

*Information as provided by DTTILLP on July 01, 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Grant Thornton Bharat LLP

1. Name & location of the empanelled Information Security Auditing Organization:

Grant Thornton Bharat LLP,

L 41, Connaught Circus,
Outer Circle, New Delhi. PIN - 110 001

2. Carrying out Information Security Audits since : 2008

3. Capability to audit, category wise (add more if required)

4. Information Security Audits carried out in last 12 Months :

Govt. : 0
PSU : 2
Private : 156
Total Nos. of Information Security Audits done : 158

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
Network security audit : 25+
Web-application security audit : 30+
Wireless security audit : 4
Compliance audits (ISO 27001, PCI etc.) :
135+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) :
4+
ICS/OT Audits : 2
Cloud security Audits: : 10+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 LAs / LI : 25
CISAs : 7
DISAs / ISAs : 0

Any other information security qualification : 4 OSCP

15 CEH
2 ECSA
4 ISO 22301
1 CISM
6 CCNA
4 SAP
2 DSCI
1 CPISI
7 ITIL
1 GDPR FAS
2 RHCS
Total Nos. of Technical Personnel : 54

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required) : Please refer to Specify
Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Leading IT / ITES GT have examined client’s Facility Level Countries: 16
Service Provider Controls and Client services controls
related system as of date and throughout Facilities
the period and the suitability of the design covered:57
and operating effectiveness of client’s
controls to achieve the related control
objectives. Control areas covered are-

• Physical Security - Entity;

• Physical Security - Restricted Area;
• Human Resource;
• Master Service Agreement Monitoring;
• Data Security and Confidentiality;
• Environmental Controls, Capacity &
Continuity;
• Logical Access;
• Anti-virus;
• Global Telecom Operations;
• Back-up;
• Security Incident Management; and
• • Other client specific control areas

8. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial Tools:

• Nessus
• Burpsuite
• Snappytick

Freeware Tools:

• Metasploit
• Wireshark
• NMAP
• SQLMap
• Nikto
• MobiSF
• Hydra
• Cain and Abel
• John The Ripper

The list of tools mentioned above are indicative

9. Outsourcing of Project to External Information Security Auditors / Experts : : No( If

yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : : Yes

Yes, Grant Thornton Bharat is part of the GT Member Firm network which is spread across the globe
in 140 countries.

12. Whether organization is a subsidiary of any foreign based organization? : : No If

yes, give details

Grant Thornton in India is a member firm within Grant Thornton International (GTIL), global
organization with member firms in over 140 countries. Grant Thornton Bharat LLP (formerly
Grant Thornton India) is registered with limited liability with identity number AAA-7677 and has
its registered office at L-41 Connaught Circus, New Delhi, 110001. References to Grant Thornton
are to Grant Thornton International Ltd (Grant Thornton International) or its member firms.
Grant Thornton International and the member firms are not a worldwide partnership. Services
are delivered independently by the member firms. Member firms carry the Grant Thornton
name, either exclusively or as part of their national practice names and provide assurance, tax
and advisory services to their clients. All member firms share both a common global strategy
and a common global culture focusing on improvement in quality of service delivery, procedures
to monitor quality, and the risk management methodology.

13. Locations of Overseas Headquarters/Offices, if any : : No

*Information as provided by Grant Thornton Bharat LLPon 2ndJuly 2021

Back
10. Annexure 1:

11. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Leading IT / ITES GT have examined client’s Facility Level Countries: 16
Service Provider Controls and Client services controls
related system as of date and throughout Facilities
the period and the suitability of the design covered:57
and operating effectiveness of client’s
controls to achieve the related control
objectives. Control areas covered are-

• Physical Security - Entity;

12. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial Tools:

• Nessus
• Burpsuite
• Snappytick

Freeware Tools:

• Metasploit
• Wireshark
• NMAP
• SQLMap
• Nikto
• MobiSF
• Hydra
• Cain and Abel
• John The Ripper

The list of tools mentioned above are indicative

13. Outsourcing of Project to External Information Security Auditors / Experts : : No( If

yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : : Yes

Yes, Grant Thornton Bharat is part of the GT Member Firm network which is spread across the globe
in 140 countries.

12. Whether organization is a subsidiary of any foreign based organization? : : No If

yes, give details

13. Locations of Overseas Headquarters/Offices, if any : : No

*Information as provided by Grant Thornton Bharat LLPon 2ndJuly 2021

Back
Annexure 1:

Experience in
S. Duration with Qualifications related to
Name of Employee Information
No. GTBLLP Information security
Security
Master’s in information
1 Akshay Garkel 3+ years 19+ years
technology
2 Rohit Bharath Das 3+ years 13+ years CISA, ISO 27001, COBIT 5
3 Jignesh Shah 3+ years 18+ Years CEH, CISA qualified, ISO 27001
Sindhu Shaji
4 2 years 13+ years CISA
Vethody
Pradeep Dhanaji
5 2 years 13+ years ISO 27001 LA, CEH, CCNA
Mahangare
6 Abhijeet Jayaraj 3 years 8 years CEH, OSCP
CEH, Post Graduate Diploma in
Sagar Prakash
7 2.5+ years 6+ years Digital & Cyber Forensics and
Gajara
related laws, CCI (ASCL)
8 Mrinmayee Anerao 3 years 7+ years CEH
CISA,ISO 27001 LA
9 Ankita Sinha 8years 3 years
ISO 22301 BCMS LI

10 Mainul Hasan 7 months 2 years CEH, OSCP, ISO 27001 LA

11 Amit Bedwa 4 years 2.5+ years ISO 27001, ISO 22301

12 Gurpreet Singh 1.5+ years 7+ years CEH, ECSA

13 Aditya Joshi 3.5 Years 1+years CISA

14 Gurpreet Singh Raina 1.5 years 1.5 years ISO27001 LA

ISO 27001:2013 LA, ITIL Version
15 Juhee Sharma 1+ year 1+ year 4 , Fortinet NSE Level 1 and Level
2 certified
ISO 27001:2013 LA,
ISO27001:2013 LI, CCNA, CCNA-
Security, CCSA, Qualys Guard
16 Mohit Gera 11 months 10.5 years
Certified Specialist, Accredited
Certified Engineer (ACE) – Palo
Alto
5 years & 6
17 Steadin Fernandes 6 years ISO 27001:2013
Months
ISO 27001:2013 Lead Auditor,
DSCI Certified Privacy Lead
18 Siddhesh Shirkar 1yr 11months 4yr 11months Assessor (DCPLA), Certified
Payment Card Industry Security
Implementer (CPISI v3.2)
19 Shivani Koul 2 years 2 years ISO 27001:2013 LI
20 Shruthi Nair 2 years 2 years ISO 27001:2013 LI
21 Harsh Awasthi 1 Year 1 Month ISO 27001:2013 LI
22 Armaan Kishan 1 year 1 year ISO 27001:2013 LA
PGD- IT (Symbiosis University),
24 Lalit Sharma 8+ years 9 Years DCPP (DSCI), ITIL (Foundation),
CISA (Q), CISM (Q)
CEH v10 (Oct 2019-2022), AWS
25 Shivani Kamal 2.3 Years 2.3 Years
technical Professional (Lifetime)
ISO27001:2005 LI : OneTrust
Data Mapping Expert,
26 Nitish Mishra 2.8 years 8 years OneTrust Privacy Management
Professional;OneTrust Vendor
Risk Management Expert
27 Ankitha Chinnapolu 5.11 years 8.8 years ITIL, RHCSA, RHCE, CCNA
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s KPMG Assurance and Consulting Services LLP

1. Name & location of the empanelled Information Security Auditing Organization :

KPMG Assurance and Consulting Services LLP

DLF Building No. 10, 8th Floor, Tower C, DLF Cyber City, Phase 2,
Gurgaon, Haryana, 122002

2. Carrying out Information Security Audits since : 1996

3. Capability to audit , category wise (add more if required)

• Network security audit : Yes

• Web-application security audit : Yes
• Wireless security audit : Yes
• Compliance audits (ISO 27001, PCI, etc.) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 15-20
PSU : 15-20
Private : 50-60
Total Nos. of Information Security Audits done : 100

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 60+

Web-application security audit : 70+
Wireless security audit : 25+
Compliance audits (ISO 27001, PCI, etc.) : 35+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 10+
BS7799 / ISO27001 LAs : 30+
CISAs : 55
CEH/OSCP : 131
CCSK/OSCP : 10
CCNA / CCNP/CCIE : 15
CHFI / ECIH : 10
Cloud Security Certification : 110+
Total Nos. of Technical Personnel : 600+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience Qualifications related to

No. Employee <organization> in Information security
Information
Security
1 Sony Anthony 19yrs 25yrs ISO 27001, ISO 22301, ISO
20000
2 Manish 7yrs 18yrs CEH, CCNA, CISA, ISO 22301
Tembhurkar
3 Urmimala 10yrs 14yrs CEH, ISMS-27001:2013, ITIL,
Dasgupta QualysGuard
4 Anupama Atluri 10yrs 14yrs CEH, CCSK, ISO Lead
Implementer, IBM Certified
Pen tester
5 Aditya Tawde 6yrs 13yrs ISO 27001, DSCI –LA
6 Areeb Naqi 4yrs 7yrs OSCP,CEH, ISO 27001 LA,
ECIH
7 Sohil Thanki 7yrs 10yrs CISA, ISO 27001 LA, ISO
23001
8 Rishabh Dangwal 5yrs 8yrs OSCP, CEH
9 Abhishek 5yrs 7yrs CEH, CCSK
Dashora
10 Harsha Bhatt 6yrs 7Yrs OSCP, CCSK, Blockchain
11 Anish Mitra 6Yrs 10Yrs OSCP, CEH,ECSA, CCSK,ITIL,
Qualys Certified Pen tester
12 Roopesh Yadav 11yrs 12yrs DCPLA, ISO 27001, ISO
22301, ISO 20000, ArcSight
ESM Analyst,

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Cyber Security Governance and Assurance program for largest identity management
program in India:
 KPMG is currently working with India’s largest identity management program,to implement
cyber security Governance, Risk and Compliance and Performance framework. KPMG is
conducting periodic security risk assessment, business application reviews and vulnerability
identifications across client’s technology ecosystem.
 KPMG is supporting client in implementation of ISMS framework against ISO 27001 standards
and periodic cyber security maturity reviews threat assessments and BCP/ DR reviews.
 KPMG provides support in cyber incident investigation and forensic analysis. As a part of
engagement, KPMG is involved in proactive identification of the possible cyber fraud
scenarios and highlight the same to the client so that appropriate safeguards and controls
can be established to prevent the incidents.
 KPMG is also engaged with the client for service level monitoring of the contracts for various
ecosystem partners to provide performance assurance services and assisting the
organizations’ performance as per the desired levels.
 KPMG has been providing support in design of Privacy framework design and certification
against standards.The key activity includes of designing a privacy framework to ensure the
sensitive and critical data iswell protected and is being complied to across the ecosystem and
provides continuous oversight support for managing Information Security, Privacy risks in
accordance with its business requirements, laws and regulations.

Cyber Forensics Incident Investigation for Large BFSI Client:

 KPMG performed the cyber forensics incident investigation for a large BFSI India where in
KPMG performed forensics imaging of various servers and endpoints which were suspected to
be a part of data breach. As a part of engagement, KPMG conducted the in-dept analysis of
forensics images to identify the root cause and incident timelines of the data breach.
 KPMG was engaged with the client to review the logs for various security solutions to
understandthe tactics, techniques and procedures used by attacker to compromise the
systems. As a part of the assessment, detail cyber security investigation report was
submitted which also outlines the root cause of incident, security roadmap and
recommendations to mitigate identified gaps to enable Client to further strengthen the
security posture of an organization.
 Value of the engagement is more than INR 1Cr

Cyber Security Audit Program at a Large Energy client:

 PCI Retail Compliance Audit - KPMG is currently evaluating retail outlets of a large energy
sector to meet Cyber Security Domain related controls under PCI Compliance. KPMG would
need to assess around 1000 Retail outlets of the client and ensure they are compliant to
regulatory requirements provided by PCI-DSS.
 Cyber Security Data Analytics - KPMG is currently engaging with the client to provide
accurate data based on the number of Vulnerabilities that the client is exposed to using
Splunk which provides a Platform for the Business stakeholders to make effective decisions in
securing their IT Eco system.
 KPMG is engaging with the client to assess their external facing assets by designing and
implementing a Bug Bounty Program for the client to keep their Infrastructure secure. KPMG
also help client to evaluate, manage and implement security policy and procedure for
thesecurity bug bounty program.
 Value of the engagement is more than INR 1Cr

Security testing across multiple telecom clients in India:

 KPMG has been providing security assessment service to improve the security posture across
4G networks for a telecom operator in India. KPMG performed circle wide node security
assessments. We also assisted clients in security testing of web based and client based
Mobile Apps, including SIM card testing and Telecom solutions like Femtocell and Pico cells.
KPMG helped client to prepare and implement minimum baseline security standards for
various network elements and devices.
 Value of the engagement is more than INR 83.5Lacs

Payments System Security Testing

 KPMG performed payment systems security testing for a large banking client in the MESA
region. As a part of the engagement KPMG reviewed the bank's SWIFT and connected
payment systems from a SWIFT CSP perspective and from a leading industry standards
perspective. KPMG was required to gain an in-depth understanding of the bank's payment
landscape and interconnections of the bank's SWIFT system to various other systems

Security Audit for Nationalized Bank:

 KPMG has been engaged with a leading bank to conduct quarterly security audit of its
applications, vulnerability assessment, external penetration test, IT DR review and review of
policy and process.KPMG conducts periodic security assessment for the bank’s IT systems
and infrastructure covering data centre, DR site, IT Head office, call centres, sample ATM
machines and other sample office network spread across the country.
 The value of engagement is more than INR 50Lakhs.

Security assessment of critical infrastructure organization

 KPMG is working with a power and utility company in India to assess the security controls in
IT and operational technology (OT) systems which are deployed in the Generation plant,
Transmission and Distribution etc. The security assessment include review of device security
configuration, vulnerability assessment, technical security testing and review of OT security
policy and procedures.
 The value of engagement is more than INR 35 Lakhs.

Security Audit of a large BFSI Client

 KPMG is currently working with one of the leading investment bank on the application
security testing services which includes manual security testing of organization’s business
critical applications, internet facing applications, payment applications, privacy applications,
thick client applications and source code review. As part of the application security testing
service KPMG is responsible to manage the overall security testing program of the client from
project initiation to delivery phase. KPMG is also responsible to conduct risk assessment and
documentation of the issues identified and track them to completion with the help of
application developers.
 The overall value of the project is approximately INR 1Cr.

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial

 Acunetix,
 Burp,
 Nessus
 AppScan
 WebInspect

Proprietary

 KRaptor,
 KPMG Brand Protection Tool,
 KPMG SABA,
 KCR Tool
 KPMG Digital Signals Insight Platform
 KPMG Threat intelligence tool

Open source tools

 BackTrack,
 Kali Linux,
 Paros,
 SQLMap,
 nmap,
 Wireshark
10. Outsourcing of Project to External Information Security Auditors / Experts : No
( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by: KPMG Assurance and Consulting Services LLP on 26th October 2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Mahindra Special Services Group

1. Name & location of the empaneled Information Security Auditing Organization :

Mahindra Special Services Group

(Divisionof Mahindra Defence Systems Limited)
Mahindra Towers, P.K Kurne Chowk,
Dr. G.M Bhosale Marg, Worli, Mumbai - 400018, India

2. Carrying out Information Security Audits since : : 2002

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
• Compliance audits(ISO 22301) : Yes
• Mobile Application Security Audit : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 9
PSU : 14
Private : 66
Total Nos. of Information Security Audits done : 89

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 300+

Web-application security audit : 250+
Wireless security audit : 10
Compliance audits (ISO 27001, ISO 22301, ISO 20000, PCI, etc.) : 40+

6. Technical manpower deployed for information security audits :

CISSPs : 0
BS7799 / ISO27001 LAs : 17
CISAs : 4
DISAs / ISAs : 0
Any other information security qualification (CISM, OSCP, CEH, CND) : 40
Total Nos. of Technical Personnel : 60

7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)

Experience
S. Duration with in Qualifications related to
Name of Employee
No. <organization> Information Information security
Security

MS ( Cyber Law & Information

Security);B. Tech. ( Electrical
1 Shailesh Srivastava 11.63 15 Engg.);L.L.B. ISO 27001 LA,
ISO 27001 LI, ISO 22301 LA,
CISM, CDPSE, ITIL

MBA (Fin), B.Com, ADMAS ISO

2 Vipul Mathur 10.56 5
27001 LA; OPQ 32r
3 Anil Govindu 7.90 6 B Sc.(Physics) ISO 27001 LA

B.Com. ISO 27001 LA, CCNA,

4 Chiragali Peerzada 6.05 10
ISO 22301 LI, CEH, CISA

5 B.Com. ISO 27001 LA, ISO

Neeraj Rathi 5.93 15
22301 LI

M.Tech. Electronics &

6 Sunil Sharma 5.28 10 Telecommunication ISO
27001LA

7 MBA (Operation) ISO 27001

Suresh Mishra 4.83 15
LA, OSHAS, ISO 9001

MS, BE, ISO 27001 LA; ISO

8 K Harisaiprasad 3.87 10
9001, ISO 22301 LA, CISA

9 BCA, MCA ISO 27001 LA,ISO

Navin Kumar Pandey 3.25 6
22301 LI ITIL

10 Prashant Tatipamula 1.7 6 BCA, ECSA , CISE

BBA, MBA, Diploma in Labour

11 Praful Mathur 3.17 3
Law ISO 27001 LA

12 B.Tech(Information
Deepak Pandita 3.17 3.5
Technology) CEH

B.Sc., M.Sc. (Computer Sc.)

13 Dinesh Usnale 4 5
CEH

B.Sc. (Physics) ISO 27001 LA,

14 Prakash Salunkhe 2.40 7
ISO 27001 LI

BE (Computers) CCNA (CISCO

15 Rijo Raju 3 3
Certified)

16 Aamir Peerzada 1.73 5 B.Com., MBA ISO 27001 LA

B.E (Instrumentation &

17 Divya Mhatre 1.48 2.10
Control) ISO 27001 LA

18 Shruti Kulkarni 3 5 B.E. (Electronics and TC) CEH

19 Akshay Patil 2.5 3 BCA, MCA CEH

20 Vaibhav Bhagat 2 3.5 CEH

BE (Electronic & Telecomm)

21 Priya Gaikwad 2 3.10
CEH, CND

BE (Computers) CEH, CND,

22 Rohit Hire 2 2
CHFI,CCNA

23 Ganesh Mane 1.10 11 B.Com. MBA OSCP

24 Kamalteja Kasturi 1.10 4.10 MCA B.Sc. CEH

MBA BE (Electronic &

Telecomm) CISA, ISO
25 Prathik Shanbhag 2.2 7
27001:2013 LA, ISO
22301:2012 LA, CEH V8

26 Dipali Bhanushali 1 3 B.Sc. IT ISO 27001 LA, ISO

22301 LI

27 Vaibhav Chavan 1.5 7 B.Sc. CEH

28 Tushar Rasam 1.6 4 B.E in Instrumentation CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with estimated total project value.

• M&M Limited – 15 years for ISO27001 Sustenance and ongoing – 100 plus locations – INR
12 Cr+

• M&M Limited - 3 years for Network and Application Testing – From one location enterprise
wide – INR 3 Cr+

• Bajaj Allianz General Insurance Company – Network and Application Testing – 6 years and
ongoing – 1 location – INR 2 Cr+

• Bajaj Allianz Life Insurance Company – Network & Application Testing – 6 years and
ongoing – 1 location – INR 1 Cr+

• Bajaj Finserv- Consulting for ISO 27001. – Sustenance – 6 years. – 1 location – INR 1 Cr+

• Airport Authority Of India- Consulting for ISO 27001, IS Audit, VA PT( Network and
application) – 3 years- INR 45 L

• Union Bank of India - Consulting For ISO 27001 and ISO 22301 – 6th year in progress – INR
50 L

• SIDBI – ISO27001 – Certification, Surveillance and Sustenance of ISO 27001 – 5th year in
progress – INR 40L+

• PNBM – ISO27001/22301/20000 and VAPT – Sustenance – 4th year in progress – INR 1 Cr

• State bank of India - VA PT( Network and application) – 5 years – INR 2 Cr+

• Lupin Pharma: ISO 27001 Implementation, Certificate, Audits, VAPT – 10th years in a row
– INR 5 Cr+

• National Stock Exchange (Server VAPT , Web Application Security, Configuration Audit ) –
INR 2 Cr+

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

I. Commercial Tools
1. Burp Suite Professional
2. Nessus Professional
3. Netsparker Professional
4. FTK
5. Core Impact

II. Open Source Tools

1. Kali Linux
2. Nmap
3. Wireshark
4. OWASP ZAP
5. Paros
6. Web Scarab
7. Aircrack suite
8. Nikto
9. MBSA
10. L0phtcrack: Password Cracker
11. BackTrack
12. OpenVas
13. W3af
14. Directory Buster
15. SQL Map
16. SSL Strip
17. Tamper Data
18. FOCA

10. Outsourcing of Project to External Information Security Auditors/Experts : No

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Mahindra Defence Systems Limited (Division Mahindra Special Services
Group) on 26th October 2020.

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Net Square Solutions Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

Net Square Solutions Private Limited.

1, SanjivBaug baug, Near Parimal Crossing, Paldi,
Ahmedabad - 380007, Gujarat.

2. Carrying out Information Security Audits since : 2013

3. Capability to audit , category wise (add more if required)

4. Information Security Audits carried out in last 12 Months (Starting from July 2020 till June
2021)

Government:10
PSU:0
Private:51
Total Nos. of Information Security Audits done:61

5. Number of audits in last 12 months, category-wise starting from July 2020 till June 2021
(Organization can add categories based on project handled by them)

Network security audit: 3

Webapplication security audit: 40
Mobile application Security audit: 2
Compliance audits (Security audit and GIGW compliance): 2
Cloud security Audits: 2
Source code review:6
API Security Testing:6

6. Technical manpower deployed for information security audits:

o CISC:2
o CISSPs: 1
o BS7799 / ISO27001 LAs: 1
o CISAs: 1
o CEH andequivalent:11
o CPFA:2
o OSCP:3
o OSCE:1
o NSCE:13
o AWS Certified Cloud Practitioner: 1

Net Square also runs its own certification program called Net Square Certified Expert
(NSCE). Details of this are also available from the contacts provided above.
Nos. of Technical Personnel:75+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related

No. Employee <organization> Information Security to Information
security
1 Saumil Shah 20+ 20+ Master’s degree in
computer science,
CISSP
2 Hiren Shah 20+ 24+ B.Sc. (Physics &
Electronics), F.C.A.,
CISA & CGEIT
3 Rohan Braganza 9.5 10.7 M.Sc., CCNA & CEH
4 Ravi Paghdal 7.3 6.1 BCA, MCA, IBM
Certified IBM DB2
Academic Associate,
Microsoft Technology
Associate, NSCE
5 Jatan Rawal 4.2 5.8 M.Tech, OSCP &
OSCE
6 Rohit Jadhav 5.7 7.7 B.sc (IT), CISC,
CPH, CPFA
7 Jaimin Gohel 3.3 6.2 BCA, MCA, Microsoft
Technology
Associate
8 Aishwarya 4.3 4.3 B.E (CSE), "Certified
Gandhi professional hacker
(CPH), Certified
professional
forensics analyst
(CPFA), Certified
Information Security
Consultant (CISC)"
9 Viral Bhatt 2.9 2.9 BCA, CEH,CPTE, IBM
Enterprise
Application
Development - Q
and A
10 Ayushi Tomar 1.8 1.8 B.Tech, CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Net Square takes its non-disclosure agreement with customers very seriously and
therefore is in no position to share this information. Kindly contact us on the contact
details provided above for customer testimonials.

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Net Square has a proprietary methodology for testing all kinds of IT environment
ranging from network, thick client application, web application, mobile application,
IoT devices etc. For details of the methodology and a list of tools that we use, kindly
contact us as the details provided above

10. Outsourcing of Project to External Information Security Auditors / Experts: (If yes, kindly
provide oversight arrangement (MoU, contract etc.))

YES, this is done based on the requirement of client and fitment of a partner with
whom Net Square has partnership agreements. Since these agreements are governed
by non-Disclosure clauses, we cannot provide such information on a public domain. We
bring in the right partner to the table when we see a need for one

11. Whether the organization has any Foreign Tie-Ups? If yes, give details:

YES, cannot provide details due to non-Disclosure agreements with our foreign
partners.
12. Whether the organization is a subsidiary of any foreign based organization? No
If yes, give details

13. Locations of Overseas Headquarters/Offices, if any:No

*Information as provided by Net Square Solutions Private Limited on <2nd July 2021>

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Paladion Networks Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization :

Paladion Networks Pvt. Ltd.

Shilpa Vidya, 49 1st Main,
3rd Phase JP Nagar,
Bangalore- 560078

2. Carrying out Information Security Audits since : 2000

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : YES

• Web-application security audit (Y/N) : YES
• Wireless security audit (Y/N) : YES
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : YES

4. Information Security Audits carried out in last 12 Months :

Govt. : 7
PSU : 2
Private : more than 100
Total Nos. of Information Security Audits done : more than 300

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 3000+ IP addresses

Web-application security audit : 2000+ applications
Wireless security audit : 10+ locations
Compliance audits (ISO 27001, PCI, etc.) :100+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 3
BS7799 / ISO27001 LAs : 23
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification : 7 PCI QSA, 2
CRISC, 72 CEH, 15 ECSA, 8 OSCP
Total Nos. of Technical Personnel : 700+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration Experience in Qualifications

No. Employee with Information related to
Paladion Security Information security
1. Hrishikesh 16+ years 16+ years CISSP
Sivanandhan
2. Balaji V 15+ years 15+ years CSSA
3. Sanjeev Verma 13+ years 13+ years CISSP
4. Dawood Haddadi 10+ years 12+ years Certified Web Hacking
Security Professional,
ISO 27001 Lead
Auditor
5. Hariharan 9+ years 12+ years ISO 27001, CEH, PCI
Anantha Krishnan QSA
6. Satyam Singh 8+ years 8+ years GWAPT, OSCP
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

We execute 500+ projects each year globally. Here are a few of them-

S.No. Customer Details Scope Project

Value

1. A large Private Bank in a. Security Testing Rs. 3 crore+

India b. Security Monitoring
c. Threat Advisory

2. Global Bank with Delivery a. Web application security test Rs. 2 crore+
Centre in India b. Internal penetration test
c. External penetration test

3. Large IT company a. 20+ applications for Application Rs. 1 crore+

Penetration Test
b. 10+ applications for Source Code
Review
c. 200+ IP addresses for Internal
network penetration test
d. 50+ External network penetration
test

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

S. Activities Security Audit tools

1. Application Security Burp Proxy and Scanner, Paros Proxy and Scanner,
Assessment Wireshark, Winhe, CSRF Tester, OpenSSL,
tHCSSLCheck, Firefox Extensions

2. Source Code Review Fortify SCA & Paladion Code Scanner

3. Network Penetration Testing KALI Linux, Nslookup, Dnsrecin, Dnsmap,

Metagoofil, fragroute, whisker, Nmap, Firewalk,
SNMPc, Hping, xprobe, Amap, Nessus, Nikto,
L0phtcrack, John the ripper, Brutus, Sqldict,
Penetration Testing Orchestrator

4. Wireless Penetration Testing AirSnort, WinDump, Ethereal, WEPCrack,

NetStumbler, Kismet, AirTraf, Aircrack-ng Suite &
Ettercap

5. Internal Vulnerability SAINT & Nessus Professional

Scanning

6. ASV Scans SAINT

7. Configuration Review Nessus Professional

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No

12. Whether organization is a subsidiary of any foreign based organization? : Yes/No

If yes, give details

AtosSE
13. Locations of Overseas Headquarters/Offices, if any : Yes/No

11480 Commerce Park Drive, Suite 210

Reston, VA 20191 USA

*Information as provided by Paladion Networks Pvt. Ltd.on 26th October, 2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Payatu Technologies Pvt Ltd

1. Name & location of the empanelled Information Security Auditing Organization :

Payatu Technologies Pvt Ltd

502, 5th Floor, Tej House, 5MG Road, Pune-411001

2. Carrying out Information Security Audits since : 2011

3. Capability to audit , category wise (add more if required)

• Network security audit : Yes

• Web-application security audit : Yes
• Wireless security audit : Yes
• Compliance audits (ISO 27001, PCI, etc.) : No
• Red team assessment : Yes
• Mobile application security audit : Yes
• Cloud infrastructure security audit : Yes
• IoT product hardware security audit : Yes
• DevSecOps consulting : Yes
• Source code security analysis : Yes
• AI/ML product security audit : Yes
• Application/Product/Protocol fuzzing : Yes
• Binary/Firmware reverse engineering : Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : 0
PSU : 5+
Private : 145+
Total Nos. of Information Security Audits done : 150+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 10+

Web-application security audit : 40+
Mobile-application security audit : 40+
Cloud infrastructure security audit : 25+
IoT Product hardware security audit : 25+
RedTeam Assessment : 5+
Source Code Security Analysis : 5+
DevSecOps Consulting : 2
Binary/Firmware Reverse Engineering : 1
Application/Product/Protocol fuzzing : 1
Wireless security audit : 0
Compliance audits (ISO 27001, PCI, etc.) : 0

6. Technical manpower deployed for informationsecurity audits :

OSCP : 5
OSWE : 1
OSCE : 1
OPSE : 1
CRTP : 1
SANS GWAPT : 1
Total Nos. of Technical Personnel : 30+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. Payatu Information Security Information security
1 Abhilash Nigam 2 months 3.5 years B.E.
2 Aman Aryan 2.5 years 4years BTech
3 Amit Kumar 1 months 2 years BTECH
4 ApparThusoo 1 year 1.7 years BE
5 Arjun Bahera 1.5 months 2years B.Tech
6 Arjun Singh 2 months 3 months BCA
7 Asmita 1 year 1 year BE
8 Dattatray Hinge 1.5 years 1.5 years B.SC. TECH (B.E.)
9 Devansh Bordia 2 months fresher B.Tech
10 Dipti Dhandha 9 months 2 years MTech
11 DOSHAN JINDE 1.5 months 4.7 years B.Sc(I.T)
12 Farid Luhar 1 month 2.5 years B.com
13 Gaurav bhosale 6 days 6 months BE, CSE
14 Gaurav Nayak 1.10 years 4 years MCA
15 Hari Prasad 6 days 3 years Diploma in Computer
Engineering
16 HrushikeshKakade 2.4 years 2.4 years BE
17 Irfan Mohammed 1.5 years 1.5 years BCA
18 Manmeet Singh 21 days 3 years BE
19 Mayank Arora 4 months 1.8 years MCA
20 Mihir Doshi 1.2 years 3 years MCA
21 Munawwar 1 year 1 year BE
Hussain Sheli
22 Nandhakumar 1.1 years 3.6 years BE
23 Nikhil Joshi 2.10 years 3 years BE
24 Nikhil Mittal 3 years 3 years BTECH (BE)
25 Nimit 1 month 3 years BTEC
26 Prateek Thakare 2 months fresher BE
27 RewanthTammana 2.4 years 2.3 years B.Tech (Bachelor of
Technology)
28 Saddam Hussain 1 month 1 year B.TECH
29 Samaksh Kaushik 6 months 3.5 years B.Tech
30 Shakir Zari 2.3 years 2.3 years BE perusing/Diploma in
Electronics
31 Sourov Ghosh 7 months 2.8 years B.Tech
32 Suraj Kumar 1 month 5 years B.Tech
33 YashodhanMandke 3 months 3 years M.Tech

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

S. Customer Details Scope Project

No. Value

1 One of the Middle East based IT 1. Web Application Security USD 1

consulting company 2. Security Analysis of Source Code Million+

2 One of the Europe based IT 1. IoT product hardware security Euro 100
consulting company assessment Thousand+
2. Web Application Security
Assessment
3. External Network Infrastructure
Assessment
4. Mobile Application Security
Assessment

3 USA based Analytics Product 1. Web Application Assessment USD 100

Company 2. Internal and External Thousand+
Infrastructure Assessment
9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

Information Gathering
1. Dnsenum
2. Fierce domain scan
3. Dig
4. Whois
5. Wget
6. Google Advanced search

Mapping
1. Nmap
2. Scapy
3. Ike-scan
4. Superscan
5. Dirbuster
6. Openssl
7. THC SSLCheck
8. Sslscan
9. Netcat
10. Traceroute
11. Snmpcheck
12. Smtpscan
13. Smbclient
14. Wireshark
15. Web Browser

Vulnerability Assessment
1. Nessus Professional
2. Openvas
3. Skipfish
4. Ratproxy
5. IronWASP
6. Grendel scan
7. Web securify
8. Burp suite professional
9. Paros Proxy
10. SOAPUI

Exploitation
1. Custom python script
2. W3af
3. Metasploit
4. Sqlmap
5. Sqlninja
6. BeEF Framework
7. Hydra

10. Outsourcing of Project to External Information Security Auditors / Experts : No

11. Whether organization has any Foreign Tie-Ups? : No

12. Whether organization is a subsidiary of any foreign based organization? : No

13. Locations of Overseas Headquarters/Offices, if any : Yes

1. The Hague – Netherlands

2. Sydney - Australia

*Information as provided by Payatu on 26th October 2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Qseap Infotech Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization:

Qseap Infotech Pvt. Ltd. Mahape, Navi Mumbai.

2. Carrying out Information Security Audits since : 2011

3. Capability to audit, category wise (add more if required)

 Network security audit (Y/N): Yes

 Web-application security audit (Y/N): Yes
 Wireless security audit (Y/N): Yes
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N): Yes
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N): Yes
 ICS/OT Audits (Y/N): Yes
 Cloud security Audits (Y/N): Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : 10+
PSU : 2+
Private : 30+
Total Nos. of Information Security Audits done : 40+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 1
BS7799 / ISO27001 LAs : 11
CISAs : 4
Any other information security qualification:
CEH: 45
ECSA: 6
OSCP: 3
CPTE: 5
CCNA: 4
CISEH: 7
CompTIA Security+: 1
CISC: 5
CHFI: 1
CNSS: 8
CND: 2
CISM: 1
CPFA: 1
Total Nos. of Technical Personnel:160
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Duration Experience in
Qualifications related to
S. No Name of Employees with Qseap Information
Information security
in Years Security in Years
1. Praveen Singh 10 Years 13 Years B. Tech IT
EMBA,
2. Sunil Kapri 10 Years 13 Years
BE in IT
CISA, CISSP, CISM, ISO
3. Jaya Bharthi 3 Years 38 Years
27001 LS, CEH, CAIIB
BE EXTC, CISA, ISACA
BS100012:2017 PIMS and
GDPR Lead Implementer
4. Hemant Dusane 0.1 Year 15 Years
(BSI), ISO27001 Lead
Auditor (BVQ), ISO20000
Lead Auditor (BSI), CSSA)
ISO27001 LA (BSI, IRCA)
5. Ketan Shah 0.1 Year 12 Years ECSA, CEH, MCITP, CCNA,
MCSA
CISA / ISO 27001 LA / CPTE
6. Gangadhar Kyatham 0.1 Year 23 Years / CEH / CCNA / MCP /
ITILv3
OSCP
7. Abhijit Ashok Doke 7.5 Years 8 Years CSIC
MBA in IT
CEH, MTAC
8. Kalyani Vishwas Mali 4.9 years 6 years
BE. In IT
BSs. In IT
Awdhesh Chintamani
9. 4.4 years 6 years CEH
Yadav
CCNA
ISO 27001 LA
PCIDSS Implementer
10. Ajita Haridas Gawai 4.3 years 4.3 years
MSc in Network Systems
Engineering
CEH, CND, CCNA
11. Ninad Rajeshbhai Gandhi 4.1 years 4.1 years B.E in Electronics and
Communications
CEH
CND
12. Brijesh Suresh Yadav 3.10 years 3.10 years
CCNA
B.E (EXTC)
CEH
13. Mandar Lingayat 3.7 years 3.7 years
BE EXTC
ISO 27001 LA
Professional Software
14. Onkar Ghadge 3.7 years 3.7 years
Testing Specialist
BE in IT
CISEH,OSCP
15. Vishnu s. Chandran 3.7 years 3.7 years
BE in IT
CCNA
16. Tanveer Shaikh 3.7 years 3.7 years ECSA.v10
BE in EXTC
17. Sandeep Pandey 3.6 years 3.6 years BSc. IT
JAVA
18. Zeeshan Khan 3.6 years 3.6 years SQL
BE in Electrical
CEH
19. Ashish Jogi 3.6 years 3.6 years
BCA
ESCA
20. Faizan Ansari 3.6 years 3.6 years
BE EXTC
CEH, CNSS
21. Aditya Nagarkar 3.6 years 3.6 years
BE in EXTC
CCNA
22. Shahnawaz Shaikh 3.6 years 3.6 years CCNP
BE EXTC
CEH
23. Rahul Subhash Ahire 3.4 years 3.4 years
CDAC, Certified Software
Tester
BE in Computers
CEH, PJS
24. Ajay Jayram Doke 3.1 years 3.1 years
BE in Electrical
MSc in I.T
25. Subodh vishe 3.1 years 3.1 years
BSC-IT
CEH
CCNP
ISO 27001:2013 LA
26. Shweta Songaonkar 3 years 3 years
Certified Network Associate
Router and S/w
BE in EXTC
CEH
ISO 27001:2013 LA
27. Apoorva Satish Phatak MSc. in IT
2.9 years 2.9 years
BSc. In IT

ISO 27001:2013 LA
28. Amurta Anna Gangurde
2.9 years 2.9 years BE in EXTC
ESCA
CEH
Purushottam Jaywant
29. CND
Rane 2.9 years 2.9 years
CHFI
B.E in EXTC
CCNA
30. Mohd Uvais Shaikh
2.9 years 2.9 years B.E (EXTC)
31. Roshan Uke B.E in IT
2.9 years 2.9 years
BTech in Electronics and
32. Rana Pratap Dudipalla Communications
2.9 years 2.9 years
Engineering
CEH
33. Suraj Bade
2.8 years 2.8 years BSc in Computer Science
CEH
34. Vishvesh Bhatt 2.4 years 2.4 years
BE in EXTC
Redhat certified system
Adminstrator
35. Manish Karda 2.4 years 2.4 years
CPTE
BE in EXTC
CEH
36. Himanshu Kulkarni 2.4 years 2.4 years
B.E in Electronics
CEH
37. Rahul Nikam 2.3 years 2.3 years
BSc. IT
ISO 27001:2013 LA
BE in EXTC
38. Shalini Saini 2.4 years 2.4 years
MBA

MCA - Master of Computer

Application, Programming
39. Shyam Dhuriya 2.4 years 2.4 years
BCA - Bachelor of Computer
Application, Programming
40. Rashmi Bhatt 2.4 years 2.4 years MCA in computer science
CISC
41. Zain Ahmed 2.4 years 2.4 years CPFA
BE EXTC
BE in Computer Science &
42. Darshana pund 2.4 years 2.4 years
Engineering
CEH
Cyber Protection and
43. Prem Singhote 2.4 years 2.4 years
Security Course
BCA
BE in Computer Science and
Technology
44. Sanjana Mahadeshwar 2.1 years 2.1 years PG Diploma in IT
Infrastructure, Systems and
Security
45. Ankita Desai 2.1 years 2.1 years BE in EXTC
CEH
46. Viraj Kishor Mota 2 years 2 years
BSc. IT
ISO 27001 LA
CNSS
47. Chetna Omeya Shinde 1.10 years 1.10 years
Software Testing
BE in IT
CISEH
48. Suraj Kalamkar 1.10 years 1.10 years CPTE
BSc in IT
CEH
49. Shubhangi Vijay Dawkhar 1.10 years 2.8years
BSc in Computer Science
Krutika Santosh CEH
50. 1.10 years 2.8 years
Haldankar BSc in IT
51. Sanket Yadav 1.10 years 2.5 years BSc in IT
52. Shashikumar Reddy 1.10 years 1.10 years BE in Mechanical
53. Tejaswi Sagi 1.10 years 1.10 years BE in Computer Science
54. Muthu Krishnan 1.10 years 1.10 years BE in Computer Science
CEH
55. Mohan Thakur 1.10 years 1.10 years
BE in EXTC
CEH
ECSA
56. Harsh Savla 1.10 years 2.5 years
BTech in Computer Science
Engineering
CISC
57. Ryan Nisar Pathan 1.10 years 2.5 years CEH
BE in EXTC
CEH
58. Uzaif Kotmire 1.9 years 2.5 years CISC
BE in EXTC
Bsc-IT
59. Swapnil Nikam 1.7 years 1.7 Years
CEH
MCA- IT
60. Sumit Satish Lambe 1.7 years 2.10 Years
BCA- IT
61. Devesh Nitin Chaudhari 1.7 years 2.10 Years BE. EXTC
CEH
62. Pooja Anilbhai Sali 1.7 years 2.10 Years MTech. Cyber Security
BE. EXTC
63. Sidh Jayesh Bhavsar 1.7 years 2.5 Years BSc in Computer Science
BSc IT
PGD -Digital and Cyber
64. Anish Tukaram Satam 1.7 years 2.10 Years
Forensics and Related Laws
CEH
CEH
65. Shweta Utpal Bhatia 1.7 years 3.9 Years
BSc IT
CNSS
66. Mohammad Aqib Shaikh 1.7 years 1.7 years BTech- Computer Science &
Engineering
ECSA
67. Harshad Sanjay Dudhane 1.6 years 1.6 years
BE. EXTC
68. Rutuja Vinaykumar Nikam 1.6 years 1.6 years BSc IT
69. Nidhin Sabu 1.6 years 1.6 years BTech. ECE
B.E ELECTRONICS
70. Chandan Vasudeo Kolhe 1.6 years 2.7 Years CISEH cyber security
CPTE cyber security
BE. EXTC
71. Prashant Karman Patel 1.6 years 1.6 years CNSS
CEH
BSc in Computer Science
CNSS
72. Amol Kedu Bhavar 1.6 years 1.2 years
AWS Security Fundamental
CISE
73. Manas Harsh 1.4 years 2.6 Years BCA Computer Science
BE EXTC
74. Akash Narayan Navghane 1.5 year 2.8 Years
Rakesh Sakharam MCA- IT
75. 1.4 year 2.7 Years
Kengale BCA- IT
CEH
76. Avneel Prabhu 1.4 year 2.7 Years
BE Computers
77. Shijo Raj 1.4 year 2.7 Years ME IT
78. Mayank Afle 1.5 year 10 Years BE IT
79. Pradip Sanjay Patil 1.4 year 1.4 year BE EXTC
80. Afroza Sulaiman 1.4 year 1.4 year BSc IT
Niraj Nandkumar CNSS
81. 1.4 year 1.6 Years
Pawaskar B.E ELECTRONICS
82. Khaja Mohiddin Syed 0.10 year 0.10 year BE CSE
BTech Computer
83. Rushikesh Shailesh Dave 1.5 year 3.5 Years Engineering
MSc Cyber Security
CEH
84. Hitesh Duseja 1.5 year 3.5 Years
BE EXTC
BE EXTC
85. Manali Sanjay Ahire 1.3 year 1.3 year CCNA ROUTING AND
SWITCHING
Pashmini Hiralal
86. 1.3 year 1.3 year BE IT
Sonawane
87. Mahesh Arjun Shinde 1.3 year 2.8 Years BSc IT
Pradeep kumar BTech in Electrical and
88. 1 year 1 year
shyamanthula Electronics Engineering
MSc. Computer Science
89. Ajay Thorbole 1.4 years 1.4 years CISEH
CPTE
BE. In Information
Technology
90. Vaibhav Barkade 1.4 years 1.4 years
CISEH
CPTE
BSc. IT
91. Ashish Upsham 1.4 years 1.4 years CISEH
CPTE
MCA / BCA
CEH v.10
92. Prathamesh Sarvankar 2.5 years 2.5 years
Certified Network Security
Specialist - ICSI
Web Application Pentesting,
Ethical Hacking &
93. Vishal Mohan 0.9 years 0.9 years Pentesting, Network
Security Expert 3, Certified
Cisco Network Associate
94. Vinay Bhuria 0.8 years 0.8 years BSc. Computer Science
Bachelor of Computer
95. Kanika Ajay Kapoor 0.6 years 0.6 years
Applications
96. Rutuja Dashrath Shirke 0.5 years 0.5 years BE. Comps
CEH
97. Piyush Dutta 0.6 years 0.6 years
BSc.
CEH
98. Saddam Ahmad Shaikh 0.5 years 0.5 years
BE. EXTC
CEH
99. Pramod Ramdas Shirke 0.6 years 0.6 years
BE. EXTC

100. Gagandeep Somal 0.6 years 0.6 years BE. IT

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

S.No Activity Scope Complexity Location

Information
Technology (IT)
Network VAPT
Contingency Plan
Web Appsec
1 ICICI Bank for Business Mumbai
Mobile Appsec
Continuity during
COVID-19
Pandemic.
Indian Cyber Security and
Commodity Cyber Resilience
2 Process Audit Mumbai
Exchange as per SEBI
(ICEX) Guidelines

Website Security
3 UTIITSL Audit for UTIITSL Multiple Web Applications Mumbai
Applications

Annual charges for

availing
Stock information
4 Process Audit Mumbai
Holding security audit
ISMS advisory
services

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Commercial:

• Nessus Professional
• Nipper
• Acunetix
• Burp Suite Professional
• CheckMarx

Free ware:

• Zed Attack Proxy

• WebScarab
• Spike Proxy
• Metaspolit Framework
• SQLiX
• Absinthe
• Winhex
• DJ Decompiler
• VBReFormer
• Brutus
• APKInspector
• Error-Prone
• Echo Mirage
• Interactive TCP Relay
• NMAP
• Wikto
• Xprobe
• SINFP
• Hping2
• Wireshark Network Stuff
• Process Monitor
• Scanrand Superscan
• Bowser Extensions
• Amandroid
• Androwarn
• Android SDK

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Qseap Infotech Pvt. Ltd. on 02nd July,2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s SecureLayer7 Technologies Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

SecureLayer7 Technologies Private Limited

Registered address: Plot No. 28, Vyankatesh Nagar, Beside Totala Hospital,
Jalna Road, Aurangabad – 431001, Maharashtra
Operations Address: TeerthTechnospace, B Wing, SecureLayer7 Technology
Private Limited, First Floor Teerth 2 work, Bengaluru - Mumbai Hwy, Baner,
Pune, Maharashtra 411045

2. Carrying out Information Security Audits Since : 2016

3. Capability to audit , category wise (add more if required)

4. Information Security Audits carried out in last 12 Months :

Govt. : 12
PSU : 05
Private : 04
Total Nos. of Information Security Audits done : 21

5. Number of audits in last 12 months , category-wise

Network security audit : 02

Web-application security audit : 18
Compliance audits (ISO 27001, PCI, etc.) : 01

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : OSCP 05, CEH 08
Total Nos. of Technical Personnel : 50+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related

No. <organization> Information Security to Information security
1 Sandeep Kamble 5 Years 9 Years OSCP Certified
2 Rajasekara A 2 Years 5 Years OSCP Certified
3 Hridyesh 2 Years 4 Years ISO 27001
4 Tohuid Shaikh 3 Years 4 Years OSCP Certified
5 AkshayDarekar 4 Years 6 Years CEH, MCA Computer
6 Akash katare 2 Years 2 Years BE-Computer

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Project Assessment Value

Eduvidhya Security Audit - Vulnerability Confidential

Web Conferencing Assessment and Penetration
System Design for Testing
Online Learning

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

• Acunetix
• Nessus
• Nmap
• Wireshark
• OpenVAS
• Nikto
• Metasploit
• Burp-Suite
• W3AF
• SQLMap
• Kali Linux
• Custom scripts

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by SecureLayer7 Technologies Private Limited on October 26th

2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s SecurEyes Techno Services Pvt Ltd.

1. Name & location of the empanelled Information Security Auditing Organization:

SecurEyes Techno Services Pvt Ltd.,

Registered Address:
3rd Floor, 3s, Swamy Towers, 51/27, outer Ring Road, Chinapanahalli,
Marathahalli, Bengaluru (Bangalore) Urban, PIN 560037
Corporate Office:
4th Floor, Delta Block, Sigma Soft Tech Park, Whitefield Main Road,
Varathur, Bangalore - 560066

2. Carrying out Information Security Audits since : 2006

3. Capability to audit, category wise (add more if required)

• Network security audit - Yes

• Web-application security audit - Yes
• Wireless security audit - Yes
• Compliance audits (ISO 27001, PCI, etc.) - Yes
• Comprehensive Risk Management - Yes
• Application Security - Yes
• Vulnerability Assessment - Yes
• Code Security Review - Yes
• Enterprise Architecture Review - Yes
• Development & Review of Policy & Procedures - Yes
• Policy Implementation Review - Yes
• Regulatory Consultancy - Yes
• Custom ISMS Consultancy - Yes
• Training Services - Yes
• User & Identity Management - Yes
• Single Sign On - Yes
• Application Architecture Review - Yes
• Operational Security Guidelines - Yes
• Social Engineering Assessment - Yes
• Setting secure SDLC practice and Code security review - Yes
• Process Security Testing - Yes
• Red Teaming Assessments - Yes
• Physical Access and Environment Security Controls Review - Yes
• Advanced Penetration Resilience Testing - Yes
• Enterprise Security Architecture Review - Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : 196
PSU : 367
Private : 293
Total Nos. of Information Security Audits done : 856

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

• Network security audit : 257

• Application security audit : 511
• Governance, Risk & Compliance (ISO 27001, PCI, etc.) : 13
• Business Continuity Review : 1
• Incident Management Review : 20
• Information Security Awareness Program : 1
• Red Teaming : 2
• Secure Configuration Review : 15
• Secure Code Review : 26
• VAPT : 4
Note: Some of the above audits may have been conducted for the same client through different
times/duration during the year.
6. Technical manpower deployed for informationsecurity audits: 82

CISSPs : 01
BS7799 / ISO27001 LAs : 22
CISAs : 08
CEH : 57
SANS : 4
CCNA : 5
CCNP : 02
SCSA : 01
ECSA : 09
Total Nos. of Technical Personnel : 104

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Experience
S. Name of Duration with in Qualifications related to
No. Employee SecurEyes Information Information security
Security
1.
Karmendra Kohli 14Y 19.50 Y CISA, CEH, ISO 27001, GCIH,

2. Seemanta
14Y 18.50 Y CISA, CEH, SANS, ISO 27001
Patnaik
3.
Uma Pendyala 11.5 Y 16.00 Y CEH, CISA,ISO 27001

4. Sudip Narayan ISO 27001, CISA, SANS GCIH,

12.8 Y 13 Y
Das CEH
5. ISO 27001, CEHV9, CISSP,
Sujay Gankidi 2.3 Y 12 Y
ECSA, CRISC
6. Puneet Kumar
3.8 Y 7.6 Y CEH V.10,CISC,CPH,CPFA
Vohra
7. Sanket Laxman
2Y 2.40 Y CEH V10,CPTE
Patil
8.
Bharat Kumar 1.90 Y 3Y CEH V10,ESCA

9. Devkaran Singh
4.40 Y 3.10 Y CEH, ISO 27001
Rathore
10.
Kiran Koli 2.20 Y 5Y CEH V9,CCNA,CISM

11. Subhasmita
1.50 Y 2Y CEH V10
Panigrahi
12.
Priyatosh Jena 1.50 Y 2Y CEH V10

13.
Vikash Kumar 3.20 Y 4.5 Y CEH V10

14. Anisha
2.30 Y 2.30 Y CEH V10
Sundaray
15. Deepika
2.20 Y 2.70 Y CEH V10,ESCA
Pradhan
16. Binay Kumar
2.30 Y 2.70 Y CEH V10
Nayak
17. Mrutyunjay
8.6 Y 8.70 Y ISO 27001
Sahoo
18. CEH,ISO,CISA,SANS 504
Ankit Sharma 5.90 Y 5.90 Y
GCIH,ECSA
Experience
S. Name of Duration with in Qualifications related to
No. Employee SecurEyes Information Information security
Security
19.
Vikrant Singh 2.10 Y 4.10 Y CEH V10

20. Sidhant
2.90 Y 2.90 Y CEH V10
Maharathy
21.
Prajna S K 4.4 Y 4.6 Y IS027001, CEH

22.
Abinash Panda 4.4 Y 4.4 Y IS027001, CEH, ECSA

23.
Sajjan Ray 4.70 Y 4.90 Y RHCSA,CEH MASTER

24. Mahesh
2.30 Y 5,30 Y CEH V10,CISM
Tallapaneni
25. Bineetha
0.6 Y 2.80 Y CEH V11
Yadlapalli
26. Namrata
5.9 Y 5.9 Y CEH, ISO 27001, CISA
Mohanty
27. Deepika
2.2 Y 2.7 Y CEH V.10, ECSA
Pradhan
28. Suma M
4.4 Y 4.6 Y IS027001, CEH
Komannavar
29. Takkolu Suma
4.4 Y 4.6 Y IS027001, CEH
Reddy
30.
Ujal Mohan Ray 5.9 Y 10 Y CEH, ISO 27001

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

The largest project handled in last year, was an end-to-end Information security, business
continuity management & data privacy review for a large financial sector organization. The
details of the project are mentioned below:

Project Scope:
1. Current State Assessment against Cyber Security, Business Continuity & Best Practices
in the Data Privacy (including GDPR) including
a) Cyber Security Governance review both at the design and the implementation
levels
b) Review of the Cyber Security Competency levels of the IT, IS & Business
Continuity, Data Governance departments
c) InternalNetwork Penetration Testing (Blackbox) ofIPs
d) External Penetration Testing (Blackbox) of all Public IP addresses belonging to
the Organization
e) Config Review of N/W Components
f) Config Review of Servers (OS, DB, Web & App Servers)
g) Config Review of Security Appliances
h) Remote Connectivity Review
i) Application Penetration Testing (Grey Box) of Applications
j) Review of the SOC practice including SOC Governance, Implementation &
Operation
k) Review of Incident Management practice including IM Governance,
Implementation & Operation
l) Conducting Social Engineering Test using spear phishing technique across Staff
2. Developing the Roadmap for the Highest Cyber Security Maturity Level
3. Multiple Periodic Re-assessments& Reviews for assessing current state
4. Red Teaming
5. Data Privacy Assessment
6. Business Continuity Assessment
7. Drafting of the Data Privacy Framework

Project Complexity:
This was a project for a financial sector organization having a large IT setup. The project covers
a detailed assessment of technology, processes and people components for this critical sector
organization. Large number of applications, infrastructure systems and networks were in the
scope of the security assessment. The assessment included review of third-party interfaces
which were implemented to enable business across multiple interested parties. The project
required the assessment team to perform its review against local and international best
practices, compliance requirements and regulatory standards. This was an approximately 35-
man month project with the team carrying out assessments across locations.

Locations:
Middle-East

Project Value:
Rs. ~3.0 Crores

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

i. Commercial Tools
1. Nessus (Commercial Professional Version)
2. Burp Suite Professional
3. Fortify
4. WebInspect
5. Nexpose
6. And many more licensed or subscription based commercial tools

ii. Freeware Tools

1. Google Search
2. SamSpade
3. Tcp traceroute
4. Nmap
5. Sparta
6. hping2
7. Protos
8. XProbe
9. P0f
10. Nmap-cronos
11. Httprint
12. Smtpscan
13. SinFP
14. Metasploit Framework
15. Nikto
16. Cain & Cable
17. SQL Map
…. And many other open source tools
iii. Proprietary Tools
1. SecurEyes Centralized Vulnerability Management System
2. SecurEyes Advance Social Engineering Test System
3. SecurEyes Advanced Penetration Testing Toolkit
4. SeInfo_Grabber
(Tool used for application security reconnaissance)
5. SEWindowsXP_VA
(Tool for VA of windows XP)
6. SEWindows2003_VA
(Tool for VA of windows 2003)
7. SEWindows2008_VA
(Tool for VA of windows 2008)
8. SEWindows7_VA
(Tool for VA of windows 7)
9. SERedHat_VA
(Tool for VA of RedHat Linux)
10. SEAIX_VA
(Tool for VA of AIX)
11. SESolaris_VA
(Tool for VA of Solaris)
12. SEDB_VA
(Tool for VA of MS-SQL, MySQL, Oracle, PostGRE SQL)
13. SENW_VA
(Tool used for VA of network devices including switches, routers, Firewalls)

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes

SecurEyes FZC
SAIF Plus, R5-05/C, P.O Box: 122708,
Sharjah, United Arab Emirates

SecurEyes LLC
Desk No. 023, Business Centre, Abu Dhabi Airports Free Zone, PO Box: 2313,
Abu Dhabi, United Arab Emirates
SecurEyes KSA
3321, Al Sulaimaniyah Dist. Al Safwah Centre, Unit No. 28
Riyadh, 12223-7656, KSA

SecurEyes INC
310, Alder Road, P.O.Box: 841,
Dover, DE – 19904, USA

*Information as provided by M/s. SecurEyes Techno Services Pvt.Ltd.on 24 August 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Security Brigade InfoSec Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization :

Security Brigade InfoSec Pvt. Ltd.

3rd Floor, Kohinoor Estate, Lower Parel, Mumbai - 400013

2. Carrying out Information Security Audits since : 2006

3. Capability to audit , category wise (add more if required)

4. Information Security Audits carried out in last 12 Months:

Govt.: 30+
PSU: 200+
Private: 150+
Total Nos. of Information Security Audits done: 50+

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit: 200+

Web-application security audit: 300+
Wireless security audit:20+
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): 20+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.): 40+
ICS/OT Audits:10+
Cloud security Audits:15+
6. Technical manpower deployed for informationsecurity audits:

CISSPs: -
BS7799 / ISO27001 LAs: -
CISAs: -
DISAs / ISAs: -
Any other information security qualification:12
Total Nos. of Technical Personnel: 14

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related

No. <organization> Information Security to Information security
1 Yash Kadakia Oct 2016 21 years ECPPT
2 Chintan Joshi Sept 2010 12 years ECPPT
3 Abhishek Gupta Nov 12, 2018 2.7 years CEH certified, ECPPT
4 Aditya Patil Mar 11, 2019 2.3 years VIVA Tech certification,
Python and Mysql
certification, national
conference on role of
engineers seminar
certification, ECPPT
5 Akshay Dandekar Feb 03, 2020 1.4 years CEH certified, MSC IT
certified
6 Ishan Patil July 16, 2018 2.11 years NPTEL Online
Certification
7 Kartik Badge Mar 04, 2021 1 year -
8 Nikhil Raut Feb 01, 2021 1 year ECPPT
9 Pranav Kumar July 1, 2020 3 years ECPPT
10 Ramneek July 1. 2019 2 years ECPPT
11 Samuel Valmiki Feb 1, 2021 1 year ECPPT
12 Siddarth Dec 20, 2017 3.6 years CEH certified, ECPPT
Gowrishankar
13 Sonali Singh Dec 1, 2020 1 year -
14 Sourav Kalal May 4. 2020 1.1 years -

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Quarterly Red Team Assessment for multiple locations, Web application PT, Network
PT, Source Code Review, Compliance Reviews for a Major Service Provider in India

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Information Gathering
- Bile-Suite
- Cisco torch
- SpiderFoot
- W3af
- Maltego
- SEAT
- In-House sdFinder
- … and 50 other tools

Port Scanning
- Nmap
- In-House networkMapper
- Amap
- Foundstone
- hPing
- ... and 30 other tools

Application Security Assessment

- In-House webSpider
- In-House webDiscovery
- In-House webTester
- Achilles
- Sandcat
- Pixy
- W3af
- Nikto
- Paros
- … and 100 other tools

Threat Profiling & Risk Identification

- In-House Risk Assessment
- … and 5 other tools

Exploitation
- Saint
- SQL Ninja
- SQL Map
- Inguma
- Metasploit
- … and 100 other tools

Social Engineering
- Social-Engineering Toolkit (SET)
- Firecat
- People Search
- … and 10 other tools

Privilege Escalation
- Cain & Abel
- OphCrack
- Fgdup
- Nipper
- Medusa
- Lynix
- Hydra
- … and 40 others

Commercial Tools
- Nessus Commercial
- Burp Suite

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Security Brigade InfoSec Pvt. Ltd. on 01/07/2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s TAC InfoSec Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

TAC InfoSec Private Limited

2. Carrying out Information Security Audits since : 2013

3. Capability to audit , category wise

4. Information Security Audits carried out in last 12 Months :

Govt. : 50+>
PSU : 10
Private : 1000+
Total Nos. of Information Security Audits done : 1000+

5. Number of audits in last 12 months , category-wise

Network security audit : 100+

Web-application security audit : 1000+
Wireless security audit : 50+
Compliance audits (ISO 27001, PCI, etc.) : 5+
Mobile Application Security Audit : 500+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : 0
DISAs / ISAs : 0
CSSP : 1+
CSSA : 1+
CEH : 10+
Any other information security qualification : 10+

Total Nos. of Technical Personnel : 20+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related

No. <organization> Information Security to Information security
1. Akash Joshi 4+ 5+ ECSA, CHFI, ISO
27001 LA, CEH, MSC
(Cyber Security)
2. Rohit Thakur 1 4+ CEH

3. Raja Nagori 1 4+ CEH

4. Ajay Shrimali 2+ 2+ CEH

4.5+ 4.5+ B-Tech (Information
5. Saransh Rawat Technology) CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

One of the largest BFSI: 200+ Mobile Applications, 100+ Web Applications, 200+ Network
Devices, Source Code Review, Configuration Review, and Risk Advisory.
Value of the Project was approx 90 Lacs.

9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

1.) Acunetix Consultant Edition (Commercial)

2.) Burp Suite Pro (Commercial)
3.) Dirbuster (Open Source)
4.) Nikto (Open Source)
5.) OWASP ZAP Proxy

Network VAPT:

1.) Nessus Vulnerability Scanner

2.) Wireshark
3.) Cain & Abel
4.) Metasploit
5.) smbclient
6.) snmpenum
7.) enum4linux
8.) netcat
9.) nslookup
10.) Exploit codes from exploit.db
11.) Other Kali OS tools as per the vulnerability

Configuration Review (OS & Devices):

1.) Nessus
2.) Nipper freeware
3.) Manual review

Wireless Penetration Testing:

1.) Atheros wifi card

2.) Aircrack-ng
3.) Wapiti
4.) Wifi - Pineapple

Red-Team:

1.) Malicious USB

2.) TAC PhishInfielder (TAC’s tool)
3.) Payloads (Self-Created)
4.) Other tools in kali OS.

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by TAC InfoSec Private Limited on 30/06/2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s TATA Communications Ltd

1. Name & location of the empanelled Information Security Auditing Organization:

TATA Communications Ltd,

Tower 4, 4th to 8th Floor,Equinox Business Park,
LBS Marg, Kurla (W), Mumbai 400070

2. Carrying out Information Security Audits since : 2008

3. Capability to audit , category wise (add more if required)

• Cyber Security Maturity Assessment (Y)

• Compliance audits (ISO 27001, PCI, etc.) (Y)
• Network security Audit (Y)
• Vulnerability Assessment and Management (Y)
• Penetration Testing (Infra/App) (Y)
• Web-application security audit (Y)
• Mobile Application security assessment (Y)
• Phishing Simulation Exercise (Y)
• Regulatory Audit/Assessment (Y)
• Wireless security audit (Y)
• Red Team Assessment (Y)

4. Information Security Audits carried out in last 12 Months :

Govt. : 10
PSU : 20
Private : 50
Total Nos. of Information Security Audits done : 80+

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

• Network security audit : 15

• Vulnerability Assessment : 75
• External Penetration Testing : 50
• Web and Mobile application security audit : 50
• Wireless security audit : 10
• Compliance audits (ISO 27001, PCI, etc.) : 20
• Red Teaming Assessment : 2
• Phishing Simulation Exercise : 4

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 10
BS7799 / ISO27001 LAs : 20
CISAs : 8
Any other information security qualification
(CEH, ECSA, Pentester Academy, CREST) : 15
Total Nos. of Technical Personnel : 300+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Experience Qualifications
Duration with
S. in related to
Name of Employee Tata
No. Information Information
Communications
Security security
CEH, ECSA,
Mohan Dass
1 12 23 CHFI, CCSK,
<[email protected]>
CISSP, QGCS

Rajaguru G S CEH, ITIL,QCS,

2 12 14
<[email protected]> ISO 27701 LA

Janardan Shinde CCNA

3 10 1.5
<[email protected]> ,OSCP,ITIL,CISA

OSCP (Offensive
Security) ,
CREST
Practitioner
Security Analyst
Saranya Manoharan
4 3 9 (CPSA), CEH
<[email protected]>
(Certified
Ethical Hacker),
Qualys Guard
certified
specialist
CREST
Practitioner
Security Analyst
(CPSA), CEH,
Prasath Jayasundar Qualys Guard
5 3 8
<[email protected]> certified
specialist in
Vulnerability
Management,
CCSK
CEH, Qualys
Divya Dilli
6 3 6 Guard certified
<[email protected]>
specialist
CEH, CCNA,
Navdeep Sethi
7 1 6 Qualys Guard
<[email protected]>
VM Certified

Nissmole Srambikal
8 2 5.5 CEH , ECSA
<[email protected]>

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Application Security audit for one of the largest Rating/Research organisation in India, covering Security
Audit for all their critical business applications and infrastructure across global locations. Deal value is
around INR 50Lakh.

Security Assessments including the Infrastructure Vulnerability assessment, Penetration testing,

Application Security testing, web application monitoring and GRC implementation for one of the largest
PSU Banks in India to manage their complete security area of the organisation, deal value including all
security services is around INR 2Cr.

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):

• Nessus Pro
• Qualysguard (VMDR)
• Tenable.sc , Tenable.io
• Metasploit Pro
• Burpsuite Pro
• NMAP
• Kali Linux
• Nipper Studio
• Algosec

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes

Dubai Office

• Office No. 308, Building No. 12, Dubai Internet City, Dubai, United Arab Emirates. Tel:
80033111133

Singapore Office

• 18 Tai Seng Street, 18 Tai Seng, #04-01, Singapore 539775 , Tel +65 6632 6700, Tel:
1800 555 4357

A list of Tata Communications office locations worldwide can be found at

https://www.tatacommunications.com/about/offices/

*Information as provided by Tata Communications Ltd on 26-Oct-2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s AKS Information Technology Services Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization :

AKS Information Technology Services Pvt. Ltd.,

B-21, Sector – 59, Noida (UP) - 201309

2. Carrying out Information Security Audits since : 2006

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) YES

• Vulnerability Assessment & Penetration Testing (Y/N) YES
• Configuration/Hardening review YES
• Web-application security audit (Y/N) YES
• Mobile Application Audit (Y/N) YES
• Thick Client Application Audit YES
• Wireless security audit (Y/N) YES
• Implementation & Compliance of Security standards/regulations YES
(ISO 27001, ISO 22301, ISO 20000, ISO 25000, ISO 27701, GDPR,PCI etc.)
• Payment Gateway Audit (Y/N) YES
• Industrial Control Systems (SCADA, DDCMIS, DCS) Audit (Y/N) YES
• IT & OT Audit of Power Generation, Power Transmission & Power Distribution YES
• Telecom Audit (Y/N) YES
• Information Systems Audit (Y/N)
• IS Audit of Bank as per RBI Gopalakrishna Committee Report, SEBI guidelines YES
• Compliance audit as per Government Guidelines
(IT Act, CVC, RBI, SEBI etc.) (Y/N) YES
• IT Risk Assessment (Y/N) YES
• Formulation of IT policies & Procedures (Y/N) YES
• Formulation/Review of Cyber Crisis Management Plan (CCMP) YES
• Data Migration Audit (Y/N) YES
• UIDAI AUA/KUA Audit (Y/N) YES
• ERP Audit (SAP, Oracle etc) (Y/N) YES
• Source Code Review (Y/N) YES
• Load Testing/Performance Testing (Y/N) YES
• Functional Testing (Y/N) YES
• Usability Testing (Y/N) YES
• Portability Testing (Y/N) YES
• Inter-operability Testing (Y/N) YES
• Accessibility Testing (Y/N) YES
• Configuration & Compatibility Testing (Y/N) YES
• Red Teaming Assessment YES
• DDoS Assessment YES
• IoT Audit YES
• Social Engineering YES
• SOC 1 Type 2 Audit (SSAE18 & ISAE3402) YES
• Cloud Security Audits YES
• Data Localization Audits YES
• Scalability and Resiliency Audit YES
• Malware Analysis YES
• Compliance of Cyber Security Assessment Framework (CSAF) YES
• Digital Forensics Investigation (Mobile Forensics, Computer Forensics, YES
Audio/Video Forensics, Network Forensics, CDR Analysis,
Email Forensics etc.) (Y/N)

4. Information Security Audits carried out in last 12 Months :

Govt: 700+
PSU: 100+
United Nations/UNDP/WHO 5+
Private: 300+
Total Nos. of Information Security Audits done: 1100+
5. Number of audits in last 12 months , category-wise

• Network security audit 100+

• Vulnerability Assessment & Penetration Testing 100+
• Web-application security audit 800+
• Mobile Application Audit 100+
• Wireless security audit 10+
• Implementation & Compliance of Security standards/regulations 10+
(ISO 27001, ISO 22301, ISO 20000, ISO 25000, ISO 27701, GDPR,PCI etc.)
• Payment Gateway Audit 20+
• Industrial Control Systems (SCADA, DDCMIS, DCS) Audit 30+
• IT & OT Audit 30+
(Power Generation, Power Transmission & Power Distribution)
• Telecom Audit 5+
• Information Systems Audit 30+
• IS Audit of Bank as per RBI Gopalakrishna Committee Report& 20+
SEBI guidelines
• Compliance audit as per Government Guidelines 10+
(IT Act, CVC, RBI, SEBI etc.)
• IT Risk Assessment 10+
• Formulation of IT policies & Procedures 10+
• Data Migration Audit 5+
• UIDAI AUA/KUA Audit 10+
• ERP Audit (SAP, Oracle etc) 5+
• Source Code Review 10+
• Load Testing/Performance Testing 10+
• Functional Testing 20+
• Source Code Review 10+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 03
ISO27001: 08
CISAs : 06
DISAs / ISAs : 00
CEH/CCNA/CASP/MBCI/OSCP 60+
Total Nos. of Technical Personnel : 77+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. No. Name of Employee Working with Experience in Qualifications related

AKS IT since Information Security to Information security
(Yrs)
1. Ashish Kumar Saxena Sep 2006 21+ CISSP, CISA, MBCI,
ISO 27001
2. Anil Malik Feb 2016 17+ BS 7799 LA, ISO
27001 & ISO 20000
3. Anshul Saxena Nov 2014 11+ MS (Information
Security), CASP
4. Ravi Chaubey May 2013 16+ CEH, CISA, CISSP, ISO
27001 LA
5.
Rajesh Sharma Oct 2019 10+ CISA, ISO 27001

6.
Anil Kumar Jun 2021 15+ CISA

7.
Devesh Rawat Dec 2015 6.0 CEH

8.
Yogendra Singh May 2016 9+ CEH

9.
Rahul Kumar Singh Aug 2017 4+ CEH

10.
Rupika Luhach Feb 2018 4+ CEH
11.
Jyoti Sharma Oct 2018 3 CEH

12. CEH
Sachin Singh Apr 2019 2+

13. CEH
Amit Kumar Jul 2019 5+

14. Jul 2018 3 CEH

Vignesh R.G

15. Shubham Saxena July 2019 2+ CEH

16. Ome Mishra July 2019 2.0 CEH

17. Prashant Thakur July 2019 2.0 CEH

18. Rupanshi Sharma Aug 2019 2 CEH

19. Sahil Verma Aug 2019 2 CEH

20. Sachin Sharma Aug 2019 2 CEH

21. Ayush Sharma Jan 2020 2 CEH

22. Anmol Bagul Feb 2020 2 CEH

23. Vaibhav Chavan Feb 2020 2 CEH

24. Sandy Sharma Feb 2020 2 CEH

25. Mohit Maurya Aug 2020 2+ CEH

26. Harshit Prajapat Sep 2020 1.0 CEH

27. Adarsh Giri Jan 2020 2 CEH

28.
Alok Kumar Jun 2018 5+ CCNA, CEH

29.
Arnav Shukla Jan 2019 3+ CEH

30. Aditya Pratap Jun 2020 1.5 CHFI

31. Manoj Kumar Singh Dec 2018 3 CHFI

32. Lokesh Burlla Sep 2020 2.0 CASP

33. CEH
Ankit Kumar Oct 2020 2

34. Oct 2020 1.0 CEH

Sumit Jha

35. CEH
Charchit Sharma Oct 2020 1.0

36. CEH
Pallavi Roy Nov 2020 1.0

37.
Himanshu Kumar Dec 2020 1.0 CEH

38.
Suraj Gupta Dec 2020 1.0 CASP

39.
Khushboo Singh Dec 2020 1.0 CASP

40.
Shubham Kumar Dec 2020 1.0 CASP
41. 2.0
Akash Pandey Jan 2021 CASP

42. 1.0
Aravind Mulakala Jan 2021 CASP

43. Kunal Tiwari Mar 2021 3+ CEH

44. Mar 2021 5+ CASP

Miftah Siddiqui

45. Y. Hemanth Kumar Feb 2020 2 CEH

46. Nitin Sharma Oct 2019 2+ CASP

47. Apr 2021 2+ CEH

Ankita Pal

48. Apr 2021 2+ CEH

Hitesh Balani

49. May 2021 4+ CEH

Rohit Singh Chauhan

50. Yash Warrdhan Aug 2020 1+ CEH

Gautam
51. Sep 2020 1+ CASP
Jugal Kalal

52. Oct 2020 1+ CEH

Ashu Jaiswal

53. Oct 2020 1+ CEH

Ketan Kaushik

54. Nov 2020 2+ CEH

Robin Verma

55. Nov 2020 2+ CEH

Akshay Sawant

56. Feb 2021 1.0 CASP

Pranjal Gupta

57. Feb 2021 1.0 CEH

Jahan Dhandapani

58. Apr 2021 2+ CCNA

Vikram Kumar

59. Apr 2021 1.0 CASP

Yash Patil

60.
Piyush Garg Jun 2016 5+ CASP

61.
Antony Ukken Jun 2018 3+ CASP

62.
Ankur Upadhyay Jun 2018 3+ CASP

63.
Arjit Agrawal July 2015 6+ CASP

64. Akash Anand Gupta Jun 2020 4+ CASP

65. Abhijeet Singh Aug 2020 1.0 CEH

66. Jun 2019 2+ CASP

Tarun Grover

67.
Ankit Sharma Feb 2020 2+ CASP

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

• Carrying out Cyber Security Audit for one of the National Level Power Sector Project
including audit of SCADA system, Project value is approx. 1.3 Crore
• Carried out Infrastructure, Process & Security Audit of one of the competition exams
conducted online. Total Number of Nodes were approx. 2,00,000. 31 different cities
with 276 locations. Project value was approx. 70 Lakh

• Carried out IT Security Audit, ISO 25000 for one of the International Stock Exchange.
Project value was approx. 43 Lakhs.

• Carried out SOC 1 Type 2 Audit (SSAE18 & ISAE3402) of foreign offices of leading
bank

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Freeware Tools

• Nmap, Superscan and Fport - Port Scanners

• Metasploit framework, Netcat, BeEF, Cain & able, Hydra, John the ripper - Penetration
Testing & Password cracking
• Process explorer, Sigcheck, Kproccheck - Windows Kernel & malware detection
• Netstumbler, Aircrack-ng suite & Kismet – WLAN Auditing
• OpenVas, W3af, Nikto - Vulnerability scanner
• Wireshark – Packet Analyser

Commercial Tools

• Nessus– Vulnerability Scanner

• Burp Suite, Acunetix - Web application auditing
• Immunity Canvas – Penetration Testing
• Passware: Password Cracking
• Manage Engine, Solarwind – Network Performance Testing
• Arbutus Analyzer - Migration Audit & Log Analysis
• Social Engineering ToolKit – Internet Evidence Finder
• Forensics Imaging and Analysis: FTK and Tableau, Paraben E3:DS
• Data Recovery Tool: E4SeUS Recovery Wizard
• CDR Analysis Tool: ASI CDR & Tower Dump Analysis Tool
• Video Forensics: Kinesense LE
• Mobile Forensics: MobilEdit, UFED4PC
• Proprietary Tools - ISA Log Analyzer, HaltDoS Web Application Firewall (WAF), HaltDoS
Traffic inspector

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by AKS Information Technology Services Pvt. Ltd. on 01st July 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s ALLIED BOSTON CONSULTANTS INDIA PVT. LTD.

1. Name & location of the empanelled Information Security Auditing Organization:

ALLIED BOSTON CONSULTANTS INDIA PVT. LTD.

DELHI/NOIDA, BANGALORE, HYDERABAD, CHENNAI, KOLKATA, PUNE,
MUMBAI

2. Carrying out Information Security Audits since : 2006

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) : YES

• Web-application security audit (Y/N) : YES
• Mobile application security audit (Y/N) : YES
• Wireless security audit (Y/N) : YES
• IT Infra Devices Configuration audit (Y/N) : YES
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N): YES
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N) : YES
• ICS/OT Audits (Y/N) : YES
• Cloud security Audits (Y/N) : YES
• Cyber Forensic (Y/N) : YES

4. Information Security Audits carried out in last 12 Months :

Govt. : 34
PSU : 10
Private : 28
Total Nos. of Information Security Audits done : 72

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 10

Web-application security audit : 86
Mobile security audit : 12
Server-side audits : 02
Source Code Reviews : 02
Database Functionality Test : 01
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 01
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : 04
ICS/OT Audits : 01
Cyber Forensic audit : 01

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 01
BS7799 / ISO27001 LAs : 10
CISAs : 04
DISAs / ISAs : 00
Any other information security qualification:
• CEH / ECSA / OSCP : 09
• CHFI : 02
• CISM : 02
• CCP / CCNA / ICSI : 03
Total Nos. of Technical Personnel :19

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Qualifications related to
No. <organization> Information Security Information security
1 T. Ganguly 17 years 30 years ISO 27001
2 Arun Mathur 2 years 30 years CISA, ISO 27001
3 Satish G. Meda 5.5 years 28 years CISA, ISO 27001, CRISC
4 Yatindra 7 years 27 years ISO 27001, CRISC, ISO
Shrivastava 31000 risk management
5 S.K. Thilakan 2 year 24 years MCSE, Dipl. Electronics &
Telecommunications
6 Chandrakesh Rai 7 months 24 years CISA, CISSP, CRISC,
CISM, ISO 27001
7 Sarat L. 8 months 19 years CCP, CCNA, CCNA
Security, CCSP
8 Ravi V. Reddy 2 years 15 years Certified Software Test
Engineer, Microsoft
certified data scientist
9 Kunal S. 8 months 11 years CHFI, CEH, ISO 27001,
AWS & Cybrary certified
10 Rahul Das 1.5years 10 years ISO 27001, RSA certified,
Kaspersky certified,
Rapid7 inSightVM certified
Administrator
11 Abhishek 6 months 9 years CEH, ECSA, OSCP, OSWP,
CISM, CCSK, Azure
Administrator certified
12 Khiladi Bayal 1.5years 8 years OCSP, CEH, ISO 27001
13 G. Baba 3 months 7 years CEH, CHFI, CEI
14 Sahil 8 months 6.5 years CEH, CSA, LPT, CPEH,
ISO27001, Red Teaming,
AWS certified
15 Avinash Kalal 1.5years 6 years MCA, CEH
16 Chitranshu Jain 2 years 3 years CEH, CCNA, TCP-IP
17 Jayant Sharma 3 months 3.5 years CEH
18 Rakesh S.P. 7 months 3.5 years CISA, ISO 27001
19 Priyanka Jangid 3 months 7 months CISEH, CNSS

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

• A smart city project involving security assessment (VAPT, Configuration audits) of

thick-clients, SCADA & other IoT devices, CCTV cameras, boom barriers, web
applications, servers, network devices, etc.
• Security audit of web application along with payment gateway for a renowned
educational institution of GoI.
• Application VAPT and source code review of critical applications of a small finance
bank.
• Software solution security auditand IRDAI compliance for an insurance aggregator
company.
• Security audit of applications & payment gateway for a financial institution company
into banking and insurance.
• RBI-SAR compliance audit for a banking software solution provider.
• Security audits ofIT systems, computer forensic, and applications VAPT for Defense
organizations under MoD.
• Application security audits for Government institutions in healthcare sector.
• Application security for central and state government departments such as SSC,
CGST & Central Excise offices across India, CSIR, Centre for Smart Governance,
National Health Mission.
• Security audit of website, CMS, mobile application (android and iOS) for a software
development company working for GoI departments.
• VA / configuration audit of IT infrastructure (servers, UTM/firewall, switch, wireless
controller) and PT of UTM/firewall device for a mid-size IT infrastructure company.
9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

Commercial Tools Freeware tools Proprietary tools

• Burp Suite professional • Kali Linux and • Custom developed

• Nessus Professional applications Scripts for cyber forensic
• Rapid7 (Nexpose) • OWASP-ZAP
• Qualis (On demand) • Open Vas
• Acunetix • SQLMAP
• EnCase • AirCrack Suite
• SonarCube • Zenmap
• Vega
• Nikto
• Wireshark
• Metasploit
• TestSSL
• SSLScan
• MobSF
• Android Emulator
• Hydra
• Ubuntu VMs
• DirBuster etc.

10. Outsourcing of Project to External Information Security Auditors / Experts : NO

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : NO

12. Whether organization is a subsidiary of any foreign based organization? : NO

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : NO

*Information as provided by Allied Boston Consultants India Pvt. Ltd. on <02-June-2021>

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Network Intelligence (I) Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization:

Network Intelligence (I) Pvt. Ltd.

Registered Office:
204, Ecospace IT Park, Off Old Nagardas Road, Andheri (E),
Mumbai-400069, Maharashtra, India.

2. Carrying out Information Security Audits since : 2001

3. Capability to audit, category wise (add more if required)

• Subcategory:Technical Security Assessments

 Network Security: Yes
 Web Application and Web Services Security: Yes
 Mobile Application / Thick-Client: Yes
 Source Code Review: Yes
 Infrastructure VAPT, PCI ASV Scanning: Yes
 VOIP and IVR Testing: Yes
 Configuration Review (Operating Systems, Databases, Network Devices): Yes
 Configuration Review (Security Solutions such as PIM, DAM, WAF, etc.): Yes
 Wireless Security Audit: Yes

• Subcategory: Strategic Assessments

 ERP Security (SAP, Oracle): Yes
 Cloud Security Assessment: Yes
 Application Security Design Review: Yes
 Banking Products -SWIFT, Finacle, etc.: Yes
 DevOps Security: Yes
 Blockchain Assessment: Yes
 SDLC Gap Assessment: Yes
 OT and IoT Security Assessment: Yes
 ICS Security Assessment: Yes

• Subcategory: Offensive Assessments

 Red Team Assessment: Yes
 Adversary Simulation: Yes
 Password Cracking: Yes
 DDoS Simulation: Yes
 Bug Bounty Program: Yes
 Phishing / Spear Phishing: Yes
 Vishing, Smshing: Yes

• Subcategory: Advisory and Consulting

 Technical Security Audits: Yes
 Maturity Assessment as per frameworks (C2M2, NIST, etc.): Yes
 War Game Assessment: Yes
 Remediation Consulting: Yes
 Data Flow and Data Classification: Yes
 Awareness Drills: Yes

• Subcategory: Training
 Security Awareness: Yes
 Customized Cybersecurity Trainings : Yes for all levels i.e beginner, intermediary
and advanced
4. Information Security Audits carried out in last 12 Months :

Govt. : Nil
PSU : 50+
Private : 500+
Total Nos. of Information Security Audits done : 550+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit: 100+

Web-application security audit: 300+
Wireless security audit:20+
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): 50+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.): 10+
ICS/OT Audits:2+
Cloud security Audits:10+

6. Technical manpower deployed for informationsecurity audits :

Total Nos. of Technical Personnel : 400+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Technical Personnel’s Place Working Information Total Credential Self- Specify in

No Name of with the Security experien s verified signed Yes/No
. Postin organizati related ce in by copy of whether the
g on since qualification informati organizati Passpor person will
(month & s on on t (if be deployed
year) (CISSP/ISM security (Yes/No) any) for
S LA / related (Yes/No government
CISM/ activities ) and critical
CISA/ ISA (years) sector
etc., state audits/proje
as cts
applicable)
1. Vaibhav Pune July 2015 CISC; CPH; 6 years Yes Yes. Yes
SheorajVerma CPFA; Can be
OSCP; submitt
Certified ed if
Red require
Teaming d
Expert
(CRTE);

2. AtulMishrilal Sharma Pune Septembe OSCP 6 Years Yes Yes. Yes

r 2015 Can be
submitt
ed if
require
d
3. ShashankHanumantG Mumb April OSWP; 7 Years Yes Yes. Yes
osavi ai 2014 Azure Can be
Fundament submitt
als; ed if
require
d
4. Ashutosh Digambar Mumb March CISSP, 15 years Yes Yes. Yes
Mahashabde ai 2017 CISA, Can be
CISM, submitt
CRISC, ISO ed if
27001:2013 require
LA, COBIT5 d
Foundation,
COBIT 2019
Foundation,
BS 25999-2
LA, ITIL 4
Foundation,
ISO 20000-
1:2011 LA,
Cloud
Security
CSA Star
Certified
Auditor

5. Vikas Shrinivas Vedak Mumb January ISO 20 years Yes Yes. Yes
ai 2018 27001:2013 Can be
LA, ISO submitt
27001:2013 ed if
LI, ITIL 4 require
Foundation d
6. Vishal Jeetendra Jain Mumb May 2018 CISA, ISO 4 years Yes Yes. Yes
ai 27001:2013 Can be
LA, ISO submitt
27001:2013 ed if
, CDPSE require
d

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

S.No Category Brief Description of Details of Contact Person at Additional Info.

(Govt./PSU/Private) Scope of Work Auditee Organization (Name, email,
website URL, Mobile, telephone,
fax, etc)
1 Private We are doing Yes Bank, Apart from these,
Application security Ms. Anuprita Daga, we are regularly
assessment and CRO & CISO conducting RBI
source code review [email protected] audit, UPI Audit,
for all Yes bank and +919324788940 NPCI Audit and
group’s application. other regulatory
We also manage audits for the bank.
their SOC. We are also
conducting third
party vendor audit
for banks’ vendors

2 Private Application Security Kotak Bank We also manage the

Testing Mr. Jaypaul Reddy Incident Response
Source Code Review [email protected] for the bank
Bug Bounty,
GRC services +919167930323

3 Private Providing 24x7 SOC HDFC Bank We also provide

services Mr. Sameer Ratolikar, CISO other services incl
3rd Party product [email protected] Third Party Audits
Monitoring +919820303045

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Qualys, Nessus, Burpsuite, Fortify, Solar AppScreener etc : Commercial

Firesec, BlueScope : Proprietary

KALI Linux, Metasploit, Cain and Abel, Wireshark, HPing, Microsoft Baseline Security Analyzer
(MBSA), Nmap Suite etc : Freeware

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

We donot outsource security auditing work to 3rd parties.

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes

We have partnered with various international security solutions which we are reselling and / or
providing support in the region. Some of the 3rd party products are:

- IBM QRadar
- HP ArcSight & Fortify
- Qualys
- Tenable Nessus
- Appknox
- Checkmarx
- TripWire
- Cylus
- Cylance
- CyberArk
- TrendMicro

12. Whether organization is a subsidiary of any foreign based organization? : No

We are not a subsidiary / member of any foreign based organization. We have a 22% investment from a
US based firm - CULBRO HELIX INVESTMENTS LLC, a limited liability company, registered,
incorporated and existing under the laws of the State of Delaware, the United States of America,
bearing the registration number 83-0538738. Its registered office is at C/o Corporation Trust Center,
1209 Orange Street, Wilmington, New Castle County, Delaware 19801, USA. This is a minority holding.
Major share continues to remain with the Indian Directors. The HQ of the Network Intelligence is located
in Mumbai
The shareholding patterns is as under :

KK Mookhey – 57%
Culbro Helix – 22%
Karishma Mookhey– 16%
Employee Stock Ownership Plan - 5%

13. Locations of Overseas Headquarters/Offices, if any : Yes

Listing of our branch offices is given below

# USA
Network Intelligence LLC
16192, Coastal Highway,
Lewes, Delaware 19958,
County of Sussex

# UAE
Network Intelligence India Pvt Ltd
803, Blue Bay Tower, Business Bay,
Dubai, United Arab Emirates

# Singapore
Network Intelligence Pte Ltd
30 Cecil Street
#19-08 Prudential Tower
Singapore (049712)

# Netherland
Network Intelligence Europe B.V.
Bezoekadres, Herengracht 420,
1017BZ Amsterdam

*Information as provided by Network Intelligence India Pvt. Ltd.on 2nd July 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Price water house Coopers Pvt. Ltd. (PwC PL)

1. Name & location of the empanelled Information Security Auditing

Price water house Coopers Pvt. Ltd. (PwC PL)

S No. Location Address

PricewaterhouseCoopers Pvt Ltd 1701, 17th Floor, Shapath V,
1. Ahmedabad Opp. Karnavati Club, S G Highway Ahmedabad, Gujarat 380
051,Telephone: [91] (79) 3091 7000
PricewaterhouseCoopers Pvt Ltd
The Millenia, Tower D, # 1 & 2 Murphy Road, Ulsoor
2. Bangalore Bangalore, Karnataka 560008
Telephone: [91] (80) 4079 4000, 5000, 6000, 7000
Telecopier: [91] (80) 4079 4222
PricewaterhouseCoopers Pvt Ltd
OB 2, 2nd floor, D B Corporate Park,D B Mall, Arera Hills, M P
3 Bhopal
Nagar, Bhopal, Madhya Pradesh 462011, India
Telephone: [91] (755) 676 6202
PricewaterhouseCoopers Pvt Ltd Prestige Palladium Bayan,
8th floor 129-140, Greams Road, Chennai, Tamil Nadu 600
4 Chennai
006 Telephone: [91] (44) 4228 5000 Telecopier: [91] (44)
4228 5100
PricewaterhouseCoopers Pvt Ltd
Premises No. 11, 2nd Floor, Mak Plaza, Municipal no 75A
5 Dehradun
Rajpur Road, Dehradun, Uttarakhand 248002,India
Telephone: [91] (135) 2740729
PricewaterhouseCoopers Pvt Ltd 7th Floor, Building No.8,
Tower-C DLF Cyber City, Gurgaon, Haryana 122002 ;
Telephone: [91] (124) 626 6600 ; Telecopier: [91] (124) 626
6500
PricewaterhouseCoopers Pvt Ltd Building 10, Tower C, DLF
6 Delhi NCR
Cyber City, Gurgaon, Haryana 122002 , Telephone: [91]
(124) 330 6000, Telecopier: [91] (124) 330 6999
PricewaterhouseCoopers Pvt Ltd Building 8, Tower B, DLF
Cyber City, Gurgaon, Haryana 122002 ; Telephone: [91]
(124) 462 0000, 306 0000 ; Telecopier: [91] (124) 462 0620
PricewaterhouseCoopers Pvt Ltd Plot no. 77/A, 8-624/A/1 ,
3rd Floor , Road No. 10 , Banjara Hills , Hyderabad,
7 Hyderabad
Telangana 500 034 Telephone: [91] (40) 4424 6000
Telecopier: [91] (40) 4424 6300
PricewaterhouseCoopers Pvt Ltd Plot No Y-14, Block EP,
Sector V, Salt Lake Electronics Complex Bidhan Nagar,
Kolkata, West Bengal 700 091
Telephone: [91] (33) 2357 9260, 7600
Telecopier: [91] (33) 2357 7496, 7456
8 Kolkata
PricewaterhouseCoopers Pvt Ltd, Plot Nos 56 & 57, Block DN-
57, Sector-V, Salt Lake Electronics Complex, Kolkata, West
Bengal 700 091
Telephone: [91] (33) 2357 9100, 9101, 4400 1111
Telecopier: [91] (33) 2357 3395, 2754
PricewaterhouseCoopers Pvt Ltd, 252 Veer Savarkar Marg,
Next to Mayor's Bungalow, ShivajiPark, Dadar Mumbai,
Maharashtra 400 028
Telephone: [91] (22) 6669 1000
Telecopier: [91] (22) 6654 7800/7801/7802
PricewaterhouseCoopers Pvt Ltd, NESCO IT Bld III, 8th Floor,
NESCO IT Park, Nescso Complex,Gate No. 3 Western Express
9 Mumbai
Highway ,Goregoan East, Mumbai, Maharashtra 400 063
Telephone: [91] (22) 6119 8000
Telecopier: [91] (22) 6119 8799
PricewaterhouseCoopers Pvt Ltd, PwC House, Plot No. 18 A,
Guru Nanak Road (Station Road), Bandra, Mumbai,
Maharashtra 400 050
Telephone: [91] (22) 6689 1000
Telecopier: [91] (22) 6689 1888
PricewaterhouseCoopers Pvt Ltd Tower A - Wing 1, 7th floor
Business Bay Airport Road Yerwada, Pune, Maharashtra
10 Pune 411006
Telephone: [91] (20) 4100 4444
Telecopier: [91] (20) 4100 6161
Unit No 004, 9th Floor, Tower C
Commercial Complex, CBD, Sector 21, Naya Raipur
11 Raipur
Raipur, Chhattisgarh 492002, India
Telephone: [91] (771) 242 9100
PricewaterhouseCoopers Pvt Ltd
Eastlin Complex, Near Himurja SDA Commercial Complex
12 Shimla
Kusumpti, Shimla, Himachal Pradesh 171009, India
Telephone: [91] (177) 2971828

2. Carrying out Information Security Audits since : 1992

3. Capability to audit, category wise (add more if required)

• Network security audit - Yes

• Web-application security audit - Yes
• Wireless security audit - Yes
• Compliance audits - Yes
• Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) - Yes
• ICS/OT Audits - Yes
• Cloud security Audits - Yes
• Information security policy review and assessment against best
security practices - Yes
• Communications Security Testing - Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 10+
PSU : 10+
Private : 200+
Total Nos. of Information Security Audits done : 300+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit: 50+

Web-application security audit: 30+
Wireless security audit:1
Compliance audits: 50+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.): 50+
ICS/OT Audits:10
Cloud security Audits:15+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 10+
BS7799 / ISO27001: 100+
CISAs : 10+
DISAs / ISAs : 1
Any other information security qualification:400+ (OSCP, CEH, CISM, DCPP etc.)
Total Nos. of Technical Personnel : 600+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. PwC Information Security Information security
1. Rajinder Singh 7+ years 16+ years • CISSP
• CIPP/US,
CIPP/E, CIPT,
FIP
• DCPP
• CEH
• BCCS
• CISRA
• CCNA
• ISO31000
• ISO27001
2 Ankit Goel 5+ years 11+ years • OSCP
• CEH
• OWASP
Member
3 Faiz Haque 7+ years 7+ years • ISO 27001 LA
• ISO
22301:2012 LA
• BS 10012
• DCPP
• ISO 27001 LI
• TOGAF 9
4 G Karthik 3+ years 3+ years • OSCP
• ISO 9001:2015
LA
5 Sameer Gupta 4+ years 4+ years • Associate of
(ISC)2 towards
Certified
Information
Systems
Security
Professional
(CISSP)
• DCPP
• ISO 31000
• ISO 27001 LA
• ISO 27001 LI

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

PwC India was engaged by a large PSU organization to provide various cyber security audit
services. We perform application, infrastructure security penetration test (ethical hacking),
including manual and automated tool techniques to uncover potential security issues.

Contract Value: Confidential

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

S No. Tools Freeware/ Commercial

1 Nessus Professional Commercial
2 Acunetix WVS Commercial
3 HPE Webinspect Commercial
4 HPE Fortify AWB Commercial
5 Burp Suite Professional Commercial
6 Nmap/Zenmap Freeware
7 Nikto Freeware
8 Kali Linux and associated tools Freeware
9 AirCrack-Ng Freeware
10 MobSF Freeware
11 Metasploit Framework Freeware
12 QARK Freeware
13 Nipper etc. Freeware

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details :

PricewaterhouseCoopers Pvt. Ltd. (“PwCPL” or “the Company” hereinafter), a distinct and

separate legal entity being incorporated under the Companies Act, 1956, engaged in rendering
advisory and consulting services. PwCPL is an Indian member company of this global network
and provide advisory and consulting services.

12. Whether organization is a subsidiary of any foreign based organization? :

PricewaterhouseCoopers Pvt. Ltd. (“PwCPL” or “the Company” hereinafter), a distinct
andseparate legal entity being incorporated under the Companies Act, 1956, engaged in
renderingadvisory and consulting services. PwCPL is an Indian member company of this global
networkand provide advisory and consulting services.

13. Locations of Overseas Headquarters/Offices, if any : NA

*Information as provided by PricewaterhouseCoopers Pvt. Ltd. on 2nd July 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Xiarch Solutions Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

M/s Xiarch Solutions Private Limited,

352, 2nd Floor, Tarun Enclave, Pitampura,
New Delhi-110034, India
Ph: 011 - 4551 0033, 9810874431
Fax 011 - 6617 3033

2. Carrying out Information Security Audits since : 2008

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
• Cyber Forensics investigations : Yes
• API Security Audit : Yes
• Mobile Application Security Audit (iOS, Android) : Yes
• Source Code Review/Audit : Yes
• IS Audit : Yes
• Network Performance Testing : Yes
• SOC 2 Type 1 & Type 2 : Yes
• GDPR Compliance : Yes
• Load Testing : Yes
• ISNP Audit : Yes
• Root Cause Analysis : Yes
• AUA/KUA (Aadhaar Audit) : Yes
• AEPS & Aadhaar Pay Micro ATM Audit : Yes
• Email Spear Phishing : Yes
• Compliance Audit (RBI, SEBI, NHB, Stock Exchanges) : Yes
• IT/OT Infrastructure Audit : Yes
• IT General Controls : Yes
• Cloud Security Audit : Yes
• e-Sign Compliance audit : Yes
• Backend Architecture Review : Yes
• Process and Policy Review : Yes
• IoT Security Assessment : Yes
• Red Team Assessment : Yes
• Incident Response : Yes
• Server & Database Configuration Review : Yes
• Thick Client Security Audit : Yes
• Data Localization Audit : Yes
• Networking Device Configuration Audit : Yes
• SCADA Security Audit : Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : 760+
PSU : 20+
Private : 232+
Total Nos. of Information Security Audits done : 1012+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them).

Network security audit : 35+

Web-application security audit : 764+
Wireless security audit : 10+
Compliance audits (ISO 27001, PCI, etc.) : 4+
Cyber Forensics investigations : 2+
API Security Audit : 25+
Mobile Application Security Audit (iOS, Android) : 28+
Source Code Audit : 4+
IS Audit : 20+
ISNP Audit : 5
AUA/KUA (Aadhaar Audit) : 10+
AEPS & Aadhaar Pay Micro ATM Audit : 19+
Compliance Audit (RBI, SEBI, NHB, Stock Exchanges) : 10+
IT Infrastructure Audit : 15+

6. Technical manpower deployed for information security audits :

CISSPs : 1
BS7799 / ISO27001 Las : 1
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification : 20
Total Nos. of Technical Personnel : 25

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Qualifications related to Experience in

No. Employee Xiarch Information security Information
Solutions Pvt. Security
Ltd.
1 Utsav Mittal 12 years CISSP, CEH, MS Infosec 12+ Years
Purdue Univ, USA
2 Sandeep Sikka 6.6 years CISA, ISO 27001:2005: Lead 25+ years
Implementor
3 Ashish Chandra 7 years MCA, CEH, GNIIT 9 years
4 Kritika Mittal 8 years B-tech (CSE ) , M-tech (CSE 8 Years
with specialization in
Information security )
5 Kritika Mishra 4.1 years B.Tech, CEH 4.1 years
6 Shubham Dabre 3.10 years CEH 3.10 years
7 Abhishek Kataria 3.10 years B.Tech(Mech), MBA, CEH 3.10 years
8 Md. Tanveer Alam 3.7 years B.sc Diploma in Software 3.7 years
Engineering (Java
Specialization),Oracle
Database 11g, CEH
9 Vivek Jain 3.6 years M.Sc(CS&IS), CEH 3.6 years
10 Sanjay Kumar 3.3 years BE (IT), CEH 5 Years
11 Ajay Kant 3 years BCA, MCA(Pursuing),CEH 3 years
12 Kamalesh Maity 2.5 years B-tech, CEH 5.6 Years
13 Sidhant Maithani 2.7 years BCA, MCA, CEH 2.7 years
14 Shubham Patil 2.3 years BE- IT, CEH 2.3 years
15 Naman Gupta 2.3 years BCA(Pursuing), CEH 2.3 years
16 Sushil Kumar 1.8 years MCA, CEH 3 Year
Jaiswal
17 Vipul Chauhan 1.5 years PGDIS, ACISE, LCSP 1.5 years
18 Sarthak Goyal 1.5 years B.Tech (Cs), CEH V10, 1.5 years
Diploma in Information
Security
19 Ajaz Sayed 1.3 years Diploma, BE(ETRX), CISC, 1.3 years
CEHv10
20 Jitender Kumar 1.4 years Master of Science in 1.4 years
Information Technology
(Pursuing)
21 Aakash Mishra 2 years MCA 2 years
22 Nitin Gupta 1 year B-tech (ECE) 1 year
23 Garima Kalra 8 Months MCA 8 Months
24 Srikar Sama 3 Months B-tech (ECE) 3 Months
25 Pratik Shah 2 Months MCA, CEH, CNSS, NSE 1 and 2 Months
2
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

S. Project Scope of work Complexity Location

No
1 Petroleum Industry 150 Web Applications, 200 -Web Applications for Black Mumbai
Servers audit, box Testing,
Email Spear Phishing Drill -Web Applications for Grey
(Internal Employees), box Testing,
Network device Configuration -Email Spear Phishing Drill,
Review, Onsite Training at -Vulnerability Assessment &
different locations and Penetration Testing of
Forensics Investigation Critical IT Systems including
Activities. Servers, Databases,
Network devices, Security
devices etc,
-Configuration Review of
Network & Security
solutions,
-Cyber Security Awareness
Workshop for End-users,
-Forensics / Incident
Investigation
2 Project for Approx 660 Websites and web Audit of all websites and Gujarat
Government of Applications Security Audit web applications (hosted in
Gujarat GSDC and NIC Data
Centre).
3 One of the Largest Managing complete IS and Work included Compliance, Delhi/NC
NBFC in India Compliance Services. Vulnerability Assessment R
Penetration Testing, Web
Application Security, Infra
Audit, Aadhaar Audit etc
4 SaaS Company Information Security, Cyber - Application Security Delhi/NC
Security Services and Assessment R
Compliance Services - VAPT
- API Security Assessment
-Devices Configuration
Review/ Audit
- Compliance Service
-IT Security Roadmap
Development and consulting
5 Maharatna Compan SCADA/Industrial Control -SCADA/Industrial Control PAN India
y Systems/ Distributed Control Systems/Distributed Control
Systems Security Vulnerability Systems Security
Assessment and Penetration Vulnerability Assessment
Testing. and Penetration Testing.
-Servers/WorkStation
Vulnerability Assessment
and Penetration Testing
-Firewall and Switches
Configuration Review.
-Policies and Procedure
Review
6 India's largest Comprehensive IT Security - Different Locations IT PAN India
public sector Audit of IT Infrastructure & Infra VAPT
trading body. Systems. - IS Policy Review
7 Industry - Power Cyber Security Audit of -Network Architecture Delhi/NC
Market Regulation Information Technology Review, R
(Govt. Sector) System -VA & PT (Internal) of
Servers, Desktops,
-Network & Security
Devices and Applications,
-Configuration Audit of
Servers,
-Network Devices &
Security Devices,
-External Penetration
Testing for Public IPs,
-Source Code Review
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
• Burp Suite
• Puma Scan
• SQL Map
• Nmap
• Superscan
• Kali Linux
• Metasploit Framework, Netcat , BeEf
• Wireshark – Packet Analyser
• Cisco Netwitness
• Tenable Nessus
• Rapid7 Nexpose community edition
• Tamper Data
• Directory Buster
• Nikto
• Ettercap
• Paros Proxy
• Webscarab
• Brutus
• Encase, FTK, Pro discover etc
• Custom Scripts and tools
• OWASP Xenotix
• Browser Addons
• Echo Mirage
• Paros Proxy
• Fiddler Proxy
• Angry IP Scanner
• Nmap
• Aircrack
• Kismet
• WinHex
• Proccess Monitor
• WP-Scanner
• Accunetix Vulnerability Scanner

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Xiarch Solutions Private Limited on 26/10/2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Yoganandh & Ram LLP

1. Name & location of the empanelled Information Security Auditing Organization :

Yoganandh & Ram LLP

G-1, SHREE VISHNU APARTMENTS,
#12, 12TH CROSS STREET,DHANDEESWARAM NAGAR,
VELACHERY, CHENNAI – 600 042

2. Carrying out Information Security Audits since : September-2009

(11 Years – 1 Month)

3. Capability to audit, category wise (add more if required)

• Network security audit : YES

• Web-application security audit : YES
• Wireless security audit : YES
• IT Security Audit : YES
• Data Centre Physical and Environment Security Audit : YES
• Internet & Mobile Security Audit : YES
• CBS/ERP Application Security Assessment : YES
• Information Security Policy Formulation & Assessment : YES
• Data Migration Audit : YES
• Cyber Forensics & Mail Forensics Analysis : YES
• Compliance audits (ISO 27001, PCI, CCA, IRDA, CRA, etc.) : YES
• NPA Configuration Review : YES
• Swift Infrastructure Audit : YES
• AUA/KUA Audit : YES
• BCP Policy Formation & Assessment : YES
• BCP DR Testing & Implementation : YES

4. Information Security Audits carried out in last 12 Months:

Govt. : 18
PSU : 06
Private : 49
Total Nos. of Information Security Audits done : 73

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them).

Network security audit : 10

Web-application security audit : 42
Wireless security audit : 1
Compliance audits (ISO 27001, PCI, etc.) : 29
Data Migration Audit : 1
CBS/ERP Application Security Assessments : 1
Internet Banking & Mobile Security Audit : 10
Information Security Policy Formulation &assessment : 3
AUA/KUA Audit : 4

6. Technical manpower deployed for information security audits :

CISSPs : 1
CISAs : 11
ISO27001 LAs : 7
BS 10012 : 9
BS25999 : 1
DISAs / ISAs : 2
Any other information security qualification:
1. Certified Ethical Hacker : 3
2. M.Sc/M.Tech- Cyber Forensics and Information Security: 3
3. PG Diploma in Cyber Law : 1
4. System Security Certified Practitioner : 1
5. CloudU : 1
6. CRisc : 1
7. CDCP : 1
8. ECSA : 1
Total Nos. of Technical Personnel : 16

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required) : As per Annexure-1

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

IT Security Audit for one of the leading Bank in India

1. Scope inclusive of

a. Vulnerability Assessment for over 200 Servers,

b. Web Application Penetration Testing of Internet & Mobile Banking
Applications,
c. CBS Application Review,
d. Policy Assessment,
e. Application security Assessments,
f. ATM Switch Review,
g. Physical and Environmental Audit.

2. Value: Over 12 Lakhs

3. No. of Applications: 20+
4. No. of Server: 200+
5. Locations: Chennai, Bangalore

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

1. Nessus(Commercial)
2. Burpsuite(Commercial)
3. Nmap
4. Nikto
5. Sqlmap
6. John the Ripper
7. Wireshark
8. Hping3
9. SNMP Walk
10. Metasploit
11. W3af
12. Netcat
13. Pdump
14. THC Hydra
15. Acunetix Free Web Application Scanner
16. Dirbuster
17. ZAP
18. PW Dump
19. OWASP Xenotix
20. SEToolikit
21. Aircrack-ng

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Yoganandh & Ram LLP

Back
Annexure-1

Sl.No Name of Employee Duration with Experience in Qualifications related

organization Information to Information
Security security
1. T Manoj Kumar Jain 14 Years 10 Years CISA, ISO 27001:2013
Lead Auditor
2. R Chandrasekhar 10 Years 6 Months 17 Years CISA, DISA, CISSP, ISO
27001:2013 Lead
Auditor, ISO 25999, PG
Diploma Cyber Law
3. T Mariappan 11 Years 2 Months 10 Years CISA, DISA

4. Sangeetha N 4 Years 4 months 4 Years 4 Months CISA, ISO 27001:2013

Lead Auditor

5. T Chandra Prakash Jain 8 Years 7 Months 8 Years 7 Months CISA

6. Pavana Kumar LKG Mushti 6 Years 7 Months 6 Years 7 Months CISA, ISO 27001:2013
Lead Auditor
7. Sreevatchan S 4 Years 1 Month 4 Years 1 Month Certified Ethical Hacker
(C|EH)

8. Padmanaban K 3 Years 7 Months 21 Years CISA, CISM

9. Krishnan J 3 Years 4 Months 3 Years 4 Months CISA, , ISO 27001:2013

Lead Auditor

10. Madhan Prasad 3 Years 5 Months 3 Years 5 Months M.Tech., M.Sc., Cyber
Forensics & Information
Security

11. Prasanna P 8 Years 3 Years ISO 27001:2013 Lead

Auditor
12. Vasanth K 3 Years 4 Months 3 Years 4 Months CISA

13. Selin Raj 2 Years 6 Months 2 Years 6 Months B.Tech, CEH, M.Sc.,
Cyber Forensics &
Information Security

14. Srinivasan V V 2 Years 5 Months 2 Years 5 Months CISA

15. Sowmya Rajan 2 Years 2 Months 2 Year 2 Months CISA, ISO 27001:2013
Lead Auditor

16. Vignesh 1 Year 4 Months 1 Year 4 Months M.Tech, Certified Ethical

Hacker (C|EH),

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

STQC Directorate, Ministry of Electronics and IT, Govt. of India

1. Name & location of the empanelled Information Security Auditing Organization :

STQC-IT
STQC Directorate,
Electronics Niketan, 6 C G O Complex,
Lodhi Road, New Delhi-110003

2. Carrying out Information Security Audits since : 2020

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Y

• Web-application security audit (Y/N) : Y
• Wireless security audit (Y/N) : Y
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y

4. Information Security Audits carried out in last 12 Months :

Govt. : 125
PSU : 20
Private : 40
Total Nos. of Information Security Audits done : 185

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 75

Web-application security audit : 200
Wireless security audit : 0
Compliance audits (ISO 27001, PCI, etc.) : 25

6. Technical manpower deployed for information security audits :

CISSPs : 0
BS7799 / ISO27001 LAs : 14
CISAs : <number of>
DISAs / ISAs : <number of>
Any other information security qualification : <number of>
Total Nos. of Technical Personnel : 43

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Technical Place of Posting Working Total Information

No. Personnel’s with the experience Security related
Name organizatio in qualifications
n since information (CISSP/ISMS LA
(month & security / CISM/ CISA/
year) related ISA etc., state
activities as applicable)
(years)
1 Subhendu Das STQC, Kolkata 30 19 ISMS LA, CEH,
CC Validator
2. Malabika STQC, Kolkata 28 19 CEH, ISMS LA,
Ghose CC Evaluator
3. Manikanta Das STQC, Kolkata 31 17 ISMS LA, CEH,
CC Evaluator
4. Arpita Datta STQC, Kolkata 20 13 CEH, Master
Trainer (ISEA
Project)
5 Sanjay Kumar STQC, Kolkata 20 13 CPSSE
Prusty (Certified
Professional for
Secure
Software
Engineering),
Trained in IOT
Security
6 Arup Datta STQC, Kolkata 17 7 CNSM, Trained
in IOT Security
7 Subrata Giri STQC, Kolkata 14 7 CNSM
8 Ratna STQC, Kolkata 31 2 Trained in
Bhattacharya Source Code
Review
9 Anurag STQC, Kolkata 2 2 Trained in
Cryptography,
IOT security
10 Amrita Som STQC, Kolkata 5 2 Trained in
Reverse
Engineering
11 Bony Thomas ERTL(S),Thiruva February, 4 ISMS LA
nanthapuram 1997
12 Praveen PS ERTL(S),Thiruva March, 5 ISMS LA
nanthapuram 2014
13 T.V. STQC IT February, 10 years ISMS LA
Subramanyam Services, 1987
Hyderababad
14 Satish Kumar STQC IT September, 2 Years
Services, 2017
Hyderababad
15 G Nagaraju STQC IT February, 1 Years
Services, 2018
Hyderababad
16 Mohammad STQC IT October, 1 Year
AkramSohail Services, 2017
Hyderababad
17 ChandraSekha STQC IT December, 1 Year
r Yadav Services, 2018
Hyderababad
18 Dr. S STQC, Chennai 1990 20 years ISMS LA, STQC-
Velmourougan CISP, CEH,CRP
19 M Vellaipandi STQC, Chennai 13/05/199 15 Years ISMS LA
3
20 C STQC, Chennai 27/07/199 20 years
Chollanathan 2
21 V STQC, Chennai 01/02/199 20 years ISMS LA, STQC-
Jambulingam 1 CISP,CEH. CRP
22 NandlalJadav STQC, Chennai 09/2017 2 years
23 Aditya Kumar STQC, Chennai 24/02/201 6years
Dewangan 4
24 Suresh STQC, Delhi 04/04/199 19 Years ISMS LA, STQC-
Chandra 0 CISP,
25 A. K. STQC, Delhi 16/08/199 19 Years ISMS LA, STQC-
Upadhyaya 1 CISP,
26 Sanjeev STQC, Delhi 16/11/199 19 Years ISMS LA, STQC-
Kumar 3 CISP,
27 M. K. Saxena STQC, Delhi 04/07/198 19 Years ISMS LA, STQC-
5 CISP,
28 Sunil Kumar STQC, Delhi 04/04/201 5 years
Yadav 4
29 Anjali Jain STQC, Delhi 21/09/201 2 Years
7
30 Swati Gupta STQC, Delhi 21/09/201 2 Years
7
31 Pinky Bai STQC, Delhi 18/09/201 2 Years
7
32 CharupriyaBis STQC, Delhi 21/09/201 2 Years
ht 7
33 Manish Kumar STQC, Delhi 19/09/201 2 Years
Selal 7
34 Praveen STQC, Delhi 12/12/201 2 Years
Kumar 7
35 Mohammed STQC, Delhi 26/09/201 2 Years
Danish 7
36 Ritu Luthra STQC, Delhi 21/04/200 10 Years
8
37 Makrand STQC, Mumbai 1986 7 Years ISMS-LA, ITSM-
Deshpande LA, ISA
38 Sunil Kumar STQC, Mumbai 2017 2 Years
Singh
39 Dineshh Saini STQC, Mumbai 2017 2 Years
40 N STQC, Mumbai 2018 17 years
SamayaBalan
(Deputed from
MEITY)
41 S.P.Tharesh STQC, 1999 11 years ISMS-LA
Kumar Bengaluru
42 Prashant STQC, 2017 2 years
Kumar Varma Bengaluru
43 Ziaul Hasan STQC, 2017 2 years
Bengaluru

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

• Conformity assessment of different eProcurement and auction systems for Coal Auction,
OFB eProcurement, Director General of Hydro Carbon, Non-Coal Mining Lease have been
completed in time bound manner. The systemsare developed by M/S mjunction or M/S
MSTC Kolkata or (n)codeGujratandare being successfully used.

• Security vulnerability assessment for the websites of Govt. of West Bengal, various
PSUs, Indian Embassies / High Commissions at different countries like Germany,
Romania, Sri Lanka, Tajikistan, Vietnam, United Kingdom and Russia Conducted and
certificate issued for ‘safe to host’.

• Security evaluation of IT Security Products like Core Routers, Networks POTP/PTN Access
Systems, SDH/SONET based Optical Networking Equipment, Telecom Element
management , Dos Mitigation Platform etc.based on Common Criteria standards
(https://www.commoncriteria-india.gov.in/product-certified)

• Security vulnerability assessment of servers and network devices for organization like
IRCTC, CRIS, MSRTC, Power Grid Corporation etc. has been completed.

• Security Assessment of different Mobile Apps both on Android and iOS platforms based
on OWASP MASVS 1.2

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial: Appscan, Acunetix, N-Stalker, Nessus (Professional Feed), Burp Suite,

Webinspect

Freeware: nmap, dirbuster, Paros, SSL Digger, HPing3, WebScarab, SqlMap, BackTrack
Suite, Nipper, OpenVAS

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No

12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes/No

*Information as provided by STQC IT, Kolkataon 26thOctober 2020 based on data of last 12
months i.e. from Oct-2019 to Sept-2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Protiviti India Member Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

Protiviti India Member Private Limited

2. Carrying out Information Security Audits since : 2006

3. Capability to audit , category wise (add more if required)

• Network Security Audit (Y)

• Web-application security audit (Y)
• Wireless security audit (Y)
• Compliance audits (ISO 27001, PCI, etc.) (Y)
• Configuration Review audits (Y)
• Domain & Email exchange audit(Y)
• Cloud security audits (Y)
• Mobile device management solution review(Y)
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.)(Y)
• Source code review audits (Y)
• Mobile application security audit (Y)
• Network and Web application architecture review audit(Y)
• Endpoint security Audits (Y)
• Cyber Forensics(Y)
• Incident response (Y)
• IOT/DCS devices security audit(Y)

4. Information Security Audits carried out in last 12 Months :

Govt. : 2
PSU : 1
Private : ~210
Total Nos. of Information Security Audits done :~213

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

• Network Security Audit : ~41

• Web-application security audit : ~41
• Wireless security audit : 1
• Compliance audits (ISO 27001, PCI, etc.) : ~150
• Configuration Review audits : ~3
• Cloud security audits : ~2
• Mobile device management solution review : ~1
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : ~2
• Source code review audits : `2
• Mobile application security audit : ~1
• Network and Web application architecture review audit : ~1
• Cyber Forensics / Incident Response : ~1

6. Technical manpower deployed for informationsecurity audits :

Certification Count
ISO 27K LI 19
ISO 22301 LA/LI- BSI
LA 25999 8
ISO 20K LA 51
CHFI 4
CEH 25
OSCP 6
CISA 15
CCSA 1
ITIL 13
Prince2 Practitioner 1
CCNA 8
Blockchain Essential 1
CDPSE 1
PCI DSS 2
DCPP 1
AWS Solutions Architect
- Associate 2
AWS Security
Fundamentals 3
ICSI 4
ECSA 4
OPSEC 2
COBIT 5 Implementer 2
JCHNP 1
ACSE 1
CISM 2
CPISI 1
Beyond Trust 1
One Trust 16
Carbon Black Associate
Analyst (EDR 4
Carbon cloud Black 1
Carbon Black Advanced
Analyst 1
Rapid 7 Insight VM 2
CompTIA Security + 3
CNSS 8
Fortinet Network
Security Expert 5
Qualys Vulnerability
Management 4
Splunk 3
Microsoft Azure Security
Certified(AZ-500) 4
API Security Architect 1
SAP 3
CCENT 1
CISEH 1
DSCI Certified Privacy
lead Assessor (DCPLA) 2
GDPR Practitioner 3
IBM Agile Explorer 1
RSA Certified Security
Professional 1
Cyber Ark 4
CISSP 2
CSA-Cloud security
alliance STAR
certification 2
ITSM 1
CCSK 1
AML 1
Basell 1
Green Belt 1
Certified Crisis
Management Specialist 1
CIAM (Certified Identity
and Access Manager) 1
Oracle Certifications 3
Cloud Certifications 4
Total 264

Total Nos. of Technical Personnel : 125+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

The indicative list is as under:

Years Total
Sr. Post
Name with years of Graduation Certifications
No. Graduation
Protiviti experience

1 Abhishek Gautam 1.7 7.7 BE, 2014 CHFI, ISO 27001 LA

ISO 27001 LA
Beyond trust Certified
2 Amish Kaul 2.2 4 BE CS, 2015 MBA IT, 2019
Secure Password
Management

OneTrust Vendor
3 Chintamani Gupta 3.9 7 BSc IT MCA
Management

CEH V10, Carbon

PGDM Black Associate
4 Dhruv Raina 1.7 5.11 B.Tech ECE Information Analyst (EDR ),
security, 2017 Carbon Black
Advanced Analyst

5 Harin Kumar 1.2 6 Btech ,2014 NA NA

ISO27001 LI
ISO 22301 LI
Carbon Black Cloud
Associate Analyst
OneTrust Vendor Risk
Management Expert
PGDM in One Trust Privacy
Operations Management
Bsc (Physics, Maths, Management, Professional
Statistics), 2011, 2019, from One Trust GRC
6 Kamlesh Gusian 1.9 9.1
from HNBGU Welingkar Solutions Expert
Uttarakhand Institute of One Trust Targeted
Management Data Discovery
Mumbai Expert Certification
ITIL Foundation
Certified Network
Security Specialist -
ICSI
AWS Security
Fundamentals

Onetrust Vendor Risk

PG Diploma Management Expert
7 Kishan Kumar 1.9 9.4 B.Tech (ECE) (Information CEH, CHFI, CCNA,
Security), 2015 ISO 27001 LA

Onetrust Privacy
Management
Professional
Shraddha MBA ISO/IEC 27001: 2013
8 2 13.11 BCOM
Korgaonkar (Finance),MCOM LI
Vendor Risk
Mangement -
Onetrust

CEHV8, Rapid 7
9 Muktanand Kale 1.8 6 BE EXTC,2014
Insight VM
CEHV9, ECSA V9,
PG Diploma
CCNA(Expired)
10 Neelesh Kanojiya 1.6 6.8 BE, 2012 (Information
One Trust Vendor
Security), 2019
Risk Management

OSCP, Rapid 7
11 Parth Srivastava 1.9 6 B.tech, 2015
Insight VM

ISO27001 LI, IA
M.Sc. Disaster
Prathamesh ISO22301 LI, IA
12 2.1 7 BSC, 2012 Management,
Baviskar One trust: Vendor
2015
Management

B.E. - Electronics Qualys Vulnerabiliy

and Management, CNSS,
13 Prachi Hajare 2.6 5.5
Telecommunication Fortinet Network
2015 Security Expert

OSSTMM Professional
Security Expert
B.E. (Computer (OPSE)
14 Pranav Kathale 1.7 7.11 Science and - Splunk 7.x
Engineeing) Fundamentals Part 1
CarbonBlack Defense
Associate Analyst

B.E. (Computer
15 Ranvijay Singh 3.3 4.5 Science and
Engineeing), 2016

PGDM in
16 Rahul Bhalekar 1.7 8.8 BCA, 2017 Information ISO 27001 LI
Security
ISO 27001 LA,
Protiviti US Lab
Challenge - Inetrnal
Certification, Access
Data Certified
Computer Science MBA in IT &
17 Rahul Rohit 2.10 3 Investigator, Carbon
Engineering Operation
Black Defense
Associate Analyst
Microsoft Azure
Security Certified(AZ-
500)

CEH, CCNA R&S,

18 Sanjeev Jha 2.7 6.5 B.Sc.IT MCA Protiviti US Lab
Challenge - Internal

CEHV10
NSE1(Fortinet's
Network Security
Expert Certification )
NSE2(Fortinet's
BE(Electronics)2014- Network Security
19 Satish Yadav 1.5 2.9
2018 Expert Certification )
Onetrust Vendor Risk
Management Expert
NSE(Fortinet's The
Threat Landscape
Certification )

20 Suraj Nair 3 6.7 Msc, 2015 CEH V8, ECSA V8

MSc in ISO 27001 LA, ISO

Information 22301 LI, ITIL, One
21 Subir Kochar 1.9 6.1 BE CSE 2009-2013
security (2013- Trust Vendor Risk
15) Management Expert

ISO 27001 LA
22 Sagar Padaya 2 4.11 BSCIT MBA-ITBM
ICSI CNSS free
training course
Splunk Enterprise
Certified Architect v7,
Splunk Architecture
Certified, Splunk
Admin Certified,
Splunk Power User
M.Tech in Cyber Certified, Palo alto
23 Tushavara Oakesh 1.8 5 B.E IT
Security, 2017 ACE networks OS V8,
Red Hat Automation
with Ansible I, Qualys
Vulnerability
Management, CB
Response Advanced
Analyst

Chartered
24 Sandeep Gupta 3.5
Accountant

CISA,BSI LA
Prashant Ramdas Chartered (I25999), BSI LA
25 2.3 20+
Bhat Accountant (I25999), SAP FI
certified

Bachelor of
CISA, CCNA, CCSA,
26 Vaibhav Koul 3 15+ Electrical
CDPSE
Engineering,

, Certified CompTIA
Security+ (SY0-601),
Red Hat Certified
System Administrator
Dharamraj BSC. Computer MSC.IT Part One (RHCSE), Red Hat
27 0.8 4.1
Vishwakarma Science, 2016 perusing Certified Linux
Engineer (RHCE),
ITIL® 4 Foundation
Certification in IT
Service Management

28 Sonu Sahu 0.6 4 B.Tech, 2017 CEH, OSCP

29 Nitin Bhardwaj 0.6 3.5 BE 2015 MBA – TM 2019 ISO 27001 LA
CEH v10, ISO 27001
30 Saurabh Jagtap 0.7 5.1 BE, 2015 Certified Internal
Auditor

31 Jinesh R 0.6 2.5 BE, 2017 OSCP, CCENT

1. ISO 27001 LA
2018
2. (Comprehensive
Information Security
32 Deepak Joshi 0.7 6.2 BSC, 2011
and Ethical Hacking)
CISEH 2019
3. Carbon cloud Black
2020

Abdul Khader OIM -L1-Internal

33 0.9 6.1 B.sc(M.E.Cs),2006 M.C.A,2009
Shaik OIM-L2-Internal

ISO 27001 2013 LA

Certified EU GDPR
Imp
Certified PCI DSS
v3.2 Imp
DSCI Certified
Privacy lead Assessor
(DCPLA)
AWS Solution
34 Varun Goyal 0.6 6.3 BE, 2014 Architect
Dipoma in Cyber law

35 Aayush Mittal 0.8 3 B.Tech - CSE, 2017

Master of Cyber
Law & ISO 27001 LA,
Samarth Kumar B. Tech , Mechanical
36 0.6 3.6 Information One Trust Certified
Mishra Engr. 2016
Security (MCLIS) Privacy Professional
, 2020

CISA,
CCNA,
CEHv9,
37 Sahil Chander 0.3 12 BE, 2008-09 PGDM ISO27001 (LI)
ISO 27701
ISO 31000
CNDv1

Vijay Singh
38 0.4 3.5 BE, 2017 ISO 27001 LA
Thakur
Qualys,
ISO 27001 LA
39 Amey Sawant 0.6 8.5 BSc.IT, 2012 MSc.CS, 2017
Splunk dashboard
and log management

CISA,CPISI,CCSA,ISO
40 SARITA PADMINI 0.3 12+ Btech, 2007 MBA 27001 LA, One Trust
Privacy Professional

ISO 27001 LA,

41 Madhuri Mandal 0.3 4.1 B.Tech, 2016 NA IBM Agile Explorer,
ITIL Foundation V3

42 Sarth Dixit 0.3 NA B.Com(Hons.)2018 NA NA

ISO 27001 LA

One Trust data

mapping certification
43 Smruti Pradhan 0.3 6 2014 2018
One Trust targeted
data discovery
certification

ISO 27001 LA,

Post-Graduation
BE Electronics and ISO 27001 LI,
Diploma
44 Nikita Kale 0.3 5.2 Telecommunication, CISA Preliminary
(PGDITISS),
2015 exam cleared,
2016
EX-PCI QSA

ISO 27001 LA,

ISO 22301 LA,
MBA- ITBM, CEH,
45 Anuj Banura 0.3 3 BCA, 2016
2018 CCNA,
DCPLA,
DCPP

CEH, CHFI, ECSA,

ACSE, JCHNP,
Masters in Cyber OPSEC, ITIL,
46 Gaurav Sharma 0.5 9 B.Com, 2007
Security,2015 ISO/IEC 27001 LA -
TUV SUD,
OSCP,CISA, CISM
ISO 27001 LA
ECC - CEH v9
Asian School of Cyber
Laws - Advanced
Diploma in Cyber
Laws
M.Sc.
B.Sc. Computer Asian School of Cyber
47 Rudhir Anil Moghe 0.5 4.5 Information
Science Laws - Diploma in
Technology
Internet Crime
Investigation
AWS Security
Fundamentals
Fortinet NSE1 and
NSE2

Krishna Chartered
48 Srinu Elike 0.2 4 NA
University/2015 accountantancy
49 Vishal Bhandari 0.3 0.2 B.tech, 2020 NA CEH
50 Arnab Biswas 0.2 9 MBA (Finance) CEH, ISO 27001
M.Sc. Network
Tech – 2015, CCNA, CEH, Comptia
51 Divesh Sood 0.2 4 BCA, 2010-2013
M.Tech Cyber Security +
Security- 2018
MBA 2020 (In-
52 Gandharv Saxena 0.2 0 B.tech, 2018 process, Result NA
not out yet)
53 Hitesh Agarwal 0.3 3.8 B.Sc, 2013 MCA, 2016 CEH, ECSA
Varadaraj
54 Hanamant 0.2 2.7 BE, 2018 NA
Jahagirdar
55 Nihal Kazi 0.3 2.7 B.com 2016 CISA
56 Preeti Thakur 0.3 9 BSc IT NA

Power BI,
MBA In finance,
ISO 27001,
Pursuing,
57 Kanchi 0.3 3 Btech IT, 2018 Cyber security audits,
completed by
GDPR, Java, Adv
2022
Java, C and C++

MBA(Marketing),
58 Mrunal Kiran Sali 0.2 3.8 BCOM, 2014 NA
2017

CompTIA Security +,
59 Kunal Tagra 0.3 4 B.Tech. CSE, 2017 MBA, 2020 ISO 27001 LA, ISO
27001 LI

CSA-Cloud security
60 Prajwal Prabhu 0.4 5.6 BE, 2015 alliance STAR
certification
CISA (R)
ISO/IEC 27001: 2013
LA
61 Rukhsar Singh 0.2 10 B.SC, 2004 PGDBA, 2011
ITIL
CCIE(Written
Certified)

MCA(master of
62 Ravuri Venu 0.11 9 BSC computer
applications)
63 ANUPAM GAUTAM 0.5 3 BCOM 2016 MBA IT, 2020 ISO 27001 LI
AKSHAT
64 0.5 1..5 B.Tech, CS, 2015 NA NA
SARASWAT

ISO 31000 - Certified

Professional in Risk
Management –
Foundation Level
65 AKSHAI SURESH 0.2 2.5 B.E (EXTC), 2017 MBA, 2019
ITSMS based on
ISO/IEC 20000-
1:2011 Foundation
Level

Master’s Degree
66 BHARATH KUMAR 0.3 5.8 B.Tech, 2010
in CS, 2016

DEVENDRA CEH, CNSS, API

67 0.2 3.6 BTech, 2018
YADAV Security Architect

SAP S/4 HANA Sales

68 GAGAN RJ 4.5 B.E-2016
1809 Upskilling

B.Tech (Computer
69 KAVITA CHELLANI 1.9 9 NA
Science) – 2012
Privacy Information
Management System
ISO 27701:2019,
QRC
Bachelor of CISSP Review, ISC^2
Master of Cyber
Engineering in General Data
Law and
Information Protection
Information
Technology from Regulation, Risk Pro
70 KOUSTUBH S 0.2 1.7 Security from
Rajiv Gandhi Personal Data
the National Law
Prodyogiki Protection
Institute
Vishwavidyalaya, Regulation, Risk Pro
University, 2020
2016 One Trust Certified
GRC Professional
One Trust Vendor
Risk Management
Expert

M.Tech(VLSISD)
71 MALA CHENNAIAH 0.9 5.8 B.Tech(ECE) 2007
2010

CEHv11, CDAC,
72 MAYUR GANGWAL 0.1 4.3 BE, 2016 Qualys,
Vectra

WebLogic
implementation
73 AKULA NAGESH 0.3 15.8 B.Tech(2005) specialist
soa implementation
specialist

74 NEHA RAMESH 0.2 5.4 B.Tech (ECE) PGDBA ISO 27001 LA

CyberArk Certified
Trustee, Defender,
Sentry and CDE
75 PIYUSH PAREEK 0.1 4 BE, 2017
Fortinet Network
Security Expert(NSE1
& NSE2)

PRATEEK
76 0.2 2.3 B.Com(H), 2015
SATSANGI
CISSP,
CISA,
ISO 27001 LA,
ISO 27701 LI,
Certified Ethical
SAHIL Hacker V9,
77 0.2 7 BE Computers, 2014
ACHAREKAR Certified Network
Defender V1,
AWS Certified Cloud
Practitioner,
Azure AZ 900
Fundamentals

SANTOSH ISO 27001:2013

78 0.2 2.4 B Tech
SHARMA Lead Auditor, CNSS

79 SUNIL ARAVIND 0.2 9 BE 2012 ITIL

SUBHRAJIT
80 0.2 CCNA, CEH, PCNSA
BASAK

ISO 27001 LI
GDPR- Data
protection officer
skills
FireEye Systems
SHASHANK Engineer
81 0.2 3.8 BE, 2016 NO
BHUTE Metasploit Pro
certified
CyberArk certified
trustee
Certified Ethical
hacking (attempted)

SHOBHIT MBA IT &

82 2.6 11 B.Tech (CSE) – 2007 CyberArk Certified
SINGHAL Systems, 2013
Trustee

ISO 27001:2013 LA,

Business Analytics
83 UMANG AGARWAL 0.2 5.6 B. Tech., 2015 and Data
Visualization Using R
and Tableau

84 VIJAYA ANNANGI 1.11 5.2 B.Tech(2009) M.Tech(2013)

85 OMKAR RANE 0.2 5.3 BSC, 2014 ISO 27001 LI
86 Sneha Mahulkar 0.1 1.7 B.Sc. IT 2011 M.Sc. IT 2015 CEH
87 Saif Ahmad 0.1 3.8 B. Tech, 2017 No ISO 27001 LA
BA Hons. ISO 27001- Lead
88 Sanya Kansal 0.1 6.5 LLB, 2015
Philosophy, 2010 Implementer
Chennakesavula
89 Naga Venkata Sai 0.1 3.3 B.tech(ECE) 2017 CompTIA Security +
Anitha

Cisco Certified
Network Associate -
Training certification
Master of Cyber Fortinet’s Network
Rahul Bhushan Law and Security Expert
90 0.1 0 BCA, 2017
Singh Information Certification
Security,2020 (NSE)level 1
Fortinet’s Network
Security Associate
(NSA) level 2

CISA, CDPSE,
91 Sanjay Soni 0.1 12 Bcom 2008
ISO27001 LA
92 Biswajit Das 0.1 6 B.Tech. (2014) MBA (2015)

CyberArk Defender-
No Expiry
CyberArk Sentry- No
Expiry
CyberArk certified
Delivery Eng.-
Expiry2022
93 Richa Singh 0.1 11 BCOM MHRM
AZ-900 Microsoft
certified Azure
Fundamentals-No
expiry
Certified Network
Security Specialist -
CNSS

Nikhil Maharu
94 0.1 4.4 B.E. (2014) MBA (2020) ISO 27001 LA
Borse
95 Sanka Vishnu 0.2 4 Bsc(Comp) 2014 MCA(2017)
96 Garima Singh 0.1 7 B.Tech(2011) MBA(2016

RSA Certified
97 Kritika Ambasht 0.1 5.10 B.Tech, 2015
Security Professional

Shaik Mahaboob
98 0.1 4.50 B.tech(CSE) 2012
Basha
Mannem
99 0.1
Venkatarao
Syed Inzamam
100 0.1
Firoz

101 Manish Chadha 2.4 20+ BE MBA CISA, ITIL, ISO27001

CISA, ISO27001 Lead

Auditor, Prince2
102 Manish Jain 1.1 13+ BE MBA Practitioner, ISO
22301, ISO 31000,
ISO 20000, NIST

103 Garima Saksena 0.1 17+ B.Com MBA SAP(FICO)

ISO27001 Lead
104 Ankit Panwar 2.2 7+ Btech MBA
Auditor

ISO 27001:2013
105 Snigdh Mayank 1.7 5+ B.Tech NA
Lead Implementer

ISO 27001 Lead

Auditor, AWS
Security
106 Omair Parvez 5 7+ B.Tech NA
Fundamentals,
Certified Ethical
Hacker

107 Anand Paswan 0.1 5+ B.Sc. IT MBA NA

ISO270001LA, ISO
108 Ayush Beri 1.9 5+ B.Tech NA
22301LA

ISO 27K :2013 Lead

109 Aditya Tiwari 2.8 5+ BE NA
Implementer

ISO 27001:2013
110 Pooja Tanwar 2.3 4+ BCA MCA
Lead Implementer

ISO 27001:2013
111 Paras Makhija 2.3 2+ B.Tech -
Lead Implementer

Khalid Basir
112 1.9 3+ BCA MCA
Ahmed
English honours
113 Ashish Kumar 2.5 4+ NA ISO270001LA
(BA)
114 Yash Malhotra 0.1 <1 B.Tech N/A N/A
115 Madhav Rao 0.3 0

CISA, ISO27K LA,

Neelakantan
116 2.10 12 COBIT Assessor/
Sethuraman
Implementer, ITIL

117 Bhargava Naidu 0.9 0

Ekansh
118 2.1 0
Choudhary
AWS Certified
119 Kabileshkumar K 2.1 0 Solutions Architect
Associate

ISO27K LA,Data
120 Kanagavarsha M 1 0
Privacy (One Trust)

OneTrust Certified
121 Karunya Devi 0.11 0
Privacy Professional.

ISO27K LA,CISA
(CISA Passed), OSCP
(Trained), Microsoft
Azure
122 Kharthik Kumar 1 0
Fundamentals(AZ-
900), CCNA Routing
& Switching
,CCNA CyberOps

OneTrust Certified
Privacy Professional.
Elearn Security Junior
Mohankumar
123 0.9 0 Penetration Tester
Kamaraj
Microsoft Azure
Fundamentals(AZ-
900)

OSCP, CNSS Certified

124 Rajani Sagale 0.8 4 Network Security
Specialist

125 Ruchika Markad 3.1 0 ISO27K LA

126 S Sankaran 2.1 0

Thirupuranthagam 1. OneTrust Certified

127 0.11 0
P Privacy Professional

128 Naveen Kumar 0.3 0 ISO27K LA

129 Puneet S 0.2 2

Deepak 1.ISO 27001

130
Venkatesan 2. Cloud Security
131 Karthik Gajendran 1 0 1.ISO 27001
132 Karthikeyan A 0 1.ISO 27001
133 Aswathy Mohanan 0 CEH
134 Nasreen Fathima 0 1.ISO 27001
135 SABARI KUMAR 0 1.ISO 27001

CISA, ISO 27K LA,

cloud, Oracle Cloud
136 Naveenaa M 3.6 5 Infrastructure
Associate, CCNA
CNSS

Cloud, ISO27K LA ,
LI, CISM, One Trust
Privacy Professional
Oracle Cloud
137 Shubham Swami 0.7 5 Infrastructure
Foundations (OCI)
2020 Certified
Associate
BS 10012

ISO27K LI, COBIT,

138 Suresh D 0.8 12
ITIL, Cloud

ITIL, Oracle certified

139 Ashwin Rao 0.3 6.5
Associate -2009

140 Gaurav Singh 0.2 6 ISO27K LA

ISO27K LA, CEH,
141 Adarsh Hirenallur 0.9 10
CCNA

ISO27K LA, CEH,

142 Ebin Joseph 0.6 7
ISO22301 LA

ISO27K LI,CIAM
Harshaditya
143 2.7 7 (Certified Identity
Rachapudi
and Access Manager)

ITIL, Certified Crisis

144 Rathish Raghul 0.7 0 Management
Specialist

145 Vijai K 7.2 0

Jayaprakash Prince 2, ITIL, CISA,

146 0.3 13
Reddy CEH, ISO27K LA
AML, Basell-2 &
Basell-3 trained
147 Arun Raja 0.2 0 Green Belt Trained
and Assessment
Cleared

148 Akshay Prasad 0.9 5

OSCP, ICSI |
Certified Network
149 Giridhar Ramesh 4.9 4.9
Security Specialist
(CNSS)

150 Tanmoy Bhadra 3.8 6

151 Anil Notagar 0.2 3.5

CISA, ITIL and ITSM

152 Ganesh Kumar 0.2 10 certification from
EXIN

153 Poojita Hegde 0.2 0.2

154 Sai Bhargavi 0.2 4
Sudheer
155 0.2 7 ISO27K LA
Gopalakrishnan

Karthikeyan ISO27K LA, LI, CHFI,

156 0.2 7
Chandrasekar CSA STAR,

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

One of the large banks in India -IT Audits including security assessments – Quarterly
assessment of Internal & External VAPT, configuration review of servers network devices and
web application security assessment as well as IT audit

One of the largest Pharma companies - Third Party Assessments - Performing IT/IS
reviews of third parties, planned to conduct approximately 1500-2000 assessments a year

One of the leading banks in India – IT Audits: Performingthemed audits across various areas
of information security such as review of critical application review, Internet Gateway Review,
ATM/Switch review, Cloud Review, Mobile Banking Review and Vendor reviews.

One of the leading hospitality companies – IT/IS assessments : Performed themed audits
for the corporate entity as well as hotel properties. The coverage included data privacy,
information security as well as technical assessments related to VAPT and configuration review.

One of the largest multinational conglomerate corporation headquartered in Tokyo.

Have been assisting the client in performing IT audits covering various domains over the last 5
years. The work has been performed in India, US and multiple other countries/cities. Detailed IT
control testing covering test of design and effectiveness have been performed for client’s various
functions.

9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

Illustrative list of tools is as under :

• Acunetix
• Nessus
• Nmap
• Wireshark
• OpenVAS
• Nikto
• Metasploit
• Burpsuite
• Beef
• W3AF
• SQLMap
• Kali Linux
• Dradis framework
• MobSF
• Fiddler
• Custom Scripts
• Genny Motion
• Echo Mirage
• Vound Intella Pro
• X-ways forensics
• Magnet Axiom
• EnCase
• FTK
• Syhunt
• Checkmarx
• OWASP ZAP
• Paros
• Web Scarab
• Aircrack suite
• MBSA
• FOCA
• Inhouse custom scripts / Tools

10. Outsourcing of Project to External Information Security Auditors / Experts : No

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes

We have alliance partners for tools and technologies that help us deliver the information / cyber
security audits and projects. Some of our alliance partners are: Flexera, Kaspersky etc. Further,
we have a network where in our global offices assist in providing support from a global
technology alliance perspective

12. Whether organization is a subsidiary of any foreign based organization? : Yes

if yes, give details

The parent company of Protiviti India Member Pvt. Ltd (headquartered in Gurugram) is
Independent Consultants FZE (Sharjah). Protiviti India Member Pvt. Ltd. is member firm of the
Protiviti Inc. Protiviti Inc. is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in
1948, Robert Half is a member of the S&P 500 index.

13. Locations of Overseas Headquarters/Offices, if any : Yes

Australia:-
1. Level 32, 10 Eagle Street, Brisbane, QLD, 4000, Australia
2. Level 12, 14 Moore Street, Canberra, ACT, 2601, Australia
3. Level 39, 140 William Street, Melbourne, VIC, 3000, Australia
4. Level 19, St. Martin's Tower, 44 St. Georges Terrace, Perth, WA, 6000, Australia
5. Level 24, No 1 Martin Place, Sydney, NSW, 2000, Australia.
China:-
6. Unit 718, China World Office 1, No. 1 Jianguomenwai Street, Chaoyang District, Beijing,
China
7. 9th Floor, Nexxus Building, 41 Connaught Road, Central, Hong Kong S.A.R., China.
8. Rm. 1915-16, Bldg. 2, International Commerce Centre, No. 288 South Shaanxi Road,
Shanghai, 200030, China.
9. Unit 1404, Tower One, Kerry Plaza, No. 1 Zhong Xin Si Road, Futian District, Shenzhen,
518048, China.
Japan:-
10. Osaka Center Building 13F, 4-1-3 Kyutaro-machi, Osaka, 27, 541-0056, Japan.
11. Ote Center Building, 1-1-3 Ote-machi, Tokyo, 13, 100-0004, Japan.

Singapore: -
12. 9 Raffles Place, #40-02 Republic Plaza I, 048619, Singapore.

Bahrain:-
13. Platinum Tower, 17th Floor Bldg 190, Road 2803, Block 428, Seef, P.O. Box 10231,
Manama, Bahrain.

France:-
14. 15-19 rue des Mathurins, Paris, 75009, France.

Germany:-
15. Protiviti GmbH, Upper West (27th Floor) Kantstr. 164, 10623, Berlin, Germany.
16. Protiviti GmbH, Kennedydamm 24, 40476, Düsseldorf, Germany.
17. Mainzer Landstraße 50, 60325, Frankfurt, Germany.
18. Sendlinger Straße 12, 80331 München, Germany.

Italy:-
19. Via Tiziano, 32, Milan, MI, 20145, Italy.
20. Via Bissolati 76, Rome, RM, 00187, Italy.
21. Via Viotti, 1, Turin, TO, 10121, Italy

Kuwait:-
22. Al Shaheed Tower, 4th Floor, Khaled Ben Al Waleed Street, Sharq, P.O. Box 1773, Safat,
13018, Kuwait.

Netherlands:-
23. SOM 1 building (Floor M); Gustav Mahlerlaan 32; 1082 MC Amsterdam, Netherlands.

Oman:-
24. Al Ufuq Building, Shatti Al Qurum, P.O. Box 1130, Ruwi, PC 112, Oman.

Qatar:-
25. Palm Tower B, 19th Floor, P.O. Box 13374, West Bay Doha, Qatar.

Saudi Arabia:-
26. Al-Ibdaa Tower, 18th Floor, King Fahad Branch Road, Al-Olaya, Building No. 7906, P.O.
Box 3825, Riyadh, 12313, Saudi Arabia.

South Africa:-
27. Suite 1A, 100 On Armstrong, La Lucia, Durban, 4051, South Africa.
28. 15 Forest Rd, Building 1 Waverley Office Park, Johannesburg, 2090, South Africa.

United Arab Emirates:-

29. 9th Floor, Al Ghaith Holding Tower, Airport Road, P.O. Box 32468, AZ, United Arab
Emirates.
30. U-Bora Tower 2, 21st Floor, Office 2104, Business Bay, P.O. Box 78475, DU, United
Arab Emirates.

United Kingdom:
31. Colmore Building, 20 Colmore Circus, Queensway, Birmingham, B4 6AT, United
Kingdom.
32. Whitefriars, Lewins Mead, Bristol, BS1 2NT, United Kingdom.
33. The Bourse, Boar Lane, Leeds, LS1 5EQ, United Kingdom.
34. Protiviti Limited, The Shard, 32 London Bridge Street, London, SE1 9SG, United
Kingdom.
35. 8th Floor, The Zenith Building, 26 Spring Gardens, Manchester, M2 1AB, United
Kingdom.
36. Pinnacle Mews, 1 Grafton Mews, Milton Keynes, MK9 1FB, United Kingdom.
37. Suite B, Ground Floor, The Stella Building, Whitehall Way, Swindon, SN5 6NX, United
Kingdom.

Bulgaria:-
38. 146, Vitosha blvd., entrance B, 3rd floor, office 32, Sofia 1000, Bulgaria.
Egypt:-
39. Cairo Complex, Ankara Street, Bureau 1, Second Floor Sheraton Area, Heliopolis, Cairo,
Egypt.

Switzerland:-
40. Bahnhofpl. 9, 8001 Zürich, Switzerland.

Argentina:-
41. Alicia Moreau de Justo 1150, piso 3, oficina 306A, (CPAAX1107), Dock 8, Puerto Madero,
Ciudad Autónoma de Buenos Aires, Argentina.

Brazil:-
42. Rua Antonio de Albuquerque, 330, 8º andar Savassi, Belo Horizonte, MG, Brazil
43. Av. Rio Branco, 109, Cj. 702, 7º andar, Rio de Janeiro, RJ, 20040-004, Brazil.
44. Rua James Joule 65-5º andar, Sao Paulo, SP, 04576-080, Brazil.

Chile:-
45. Alonso de Córdova 5320, Off 1905 Las Condes, Santiago, RM, Chile.

Mexico:-
46. Paseo de la Reforma 243 P18, Mexico, DIF, 06500, Mexico.

Peru:-
47. Amador Merino 307 Of. 501, 27, LIM, 15046, Peru.

Venezuela:-
48. Av. La Estancia, CCCT Pirámide Invertida, Piso 6, Oficina 612, Urb. Chuao, Municipio
Chacao Codigo Postal 1064 Estado Miranda Caracas, Venezuela.

Colombia:-
49. Calle 95 con Carrera 15, Edificio 14-48, Oficina 305, Bogota, 110221, Colombia.

Canada:-
50. 487 Riverbend Dr, 3rd Floor, Kitchener, ON, N2K 3S3, Canada.
51. 1, Place Ville Marie, Suite 2330, Montréal, QC, H3B 3M5, Canada.
52. Brookfield Place, 181 Bay Street, Suite 820, Toronto, ON, M5J 2T3, Canada.

United States:-
53. 1640 King Street Suite 400, Alexandria, VA, 22314.
54. Regions Plaza, 1180 West Peachtree St., NE Suite 400, Atlanta, GA, 30309.
55. 1 East Pratt Street, Suite 900, Baltimore, MD, 21202.
56. Oliver Street Tower, 125 High Street, 17th Floor, Boston, MA, 02110.
57. 201 South College Street, 15th Floor, Suite 1500, Charlotte, NC, 28244.
58. 101 North Wacker Drive, Suite 1400, Chicago, IL, 60606.
59. PNC Center, 201 E. Fifth Street Suite 700, Cincinnati, OH, 45202.
60. 1001 Lakeside Avenue, Suite 1320, Cleveland, OH, 44114.
61. 13727 Noel Road, Suite 800, Dallas, TX, 75240.
62. 1125 Seventeenth Street, Suite 825, Denver, CO, 80202.
63. 200 E. Broward Blvd, Suite 1600, Ft. Lauderdale, FL, 33301.
64. 600 Travis Street, 8th Floor, Houston, TX, 77002.
65. 135 N. Pennsylvania St, Suite 1700, Indianapolis, IN, 46204
66. 9401 Indian Creek Parkway, Suite 770, Overland Park, KS, 66210
67. 400 S. Hope Street, Suite 900, Los Angeles, CA, 90071.
68. 411 E. Wisconsin Avenue, Suite 2150, Milwaukee, WI, 53202-4413
69. 225 South Sixth Street, Suite 1730, Minneapolis, MN, 55402
70. 888 7th Ave 13th Floor, New York, NY, 10106
71. 301 E. Pine St, Suite 225, Orlando, FL, 32801
72. 1700 Market Street, Suite 2850, Philadelphia, PA, 19103
73. Airport Tech Center 4127 E. Van Buren Street, Suite 210, Phoenix, AZ, 85008
74. 1001 Liberty Ave, Suite 400, Pittsburgh, PA, 15222
75. 222 SW Columbia St, Suite 1100, Portland, OR, 97201
76. 1051 East Cary St., Suite 602, Richmond, VA, 23219
77. 2180 Harvard St., Suite 250, Sacramento, CA, 95815
78. 3451 N. Triumph Blvd., Suite 103, Lehi, UT, 84043
79. 555 Market Street, Suite 1800, San Francisco, CA, 94105
80. 10 Almaden Blvd., Suite 900, San Jose, CA, 95113.
81. 601 Union St., Suite 4300, Seattle, WA, 98101
82. 1401 S. Brentwood Blvd, Suite 715, St. Louis, MO, 63144
83. 263 Tresser Blvd., 12th Floor, Stamford, CT, 06901
84. Corporate Center III, 4221 Boy Scout. Blvd., Suite 450, Tampa, FL, 33607
85. 1751 Pinnacle Dr., Suite 1600, Mclean, VA, 22102
86. 131 Frogale Ct., Winchester, VA, 22601
87. 10 Woodbridge Center Dr., Woodbridge, NJ, 07095

Switzerland:-
88. Bahnhofpl. 9, 8001 Zürich, Switzerland

India:-

89. 77º Town Centre, Ground Floor (East Wing), Building 3 Block B, Divyasree Technopolis
Yemalur, Bengaluru, KA, 560037, India
90. 4th Floor, A Wing, Alexander Square, No 2, Sardar Patel Road, Little Mount, Guindy,
Chennai, TN, 600032, India
91. Q City, 5th Floor, Block A, Survey No. 109, 110 & 111/2, Nanakramguda Village,
Serilingampally Mandal, R.R. District, Hyderabad, TG, 500 032, India
92. PS Srijan Corporate Park, 1001B, 10th floor, Tower-2, Plot No. 2, Block EP & GP, Sector
–V, Salt Lake City, Kolkata, WB, 700091, India
93. 1st Floor, Godrej Coliseum, Unit No 101, B Wing, Somaiya Hospital Road, Sion (East),
Mumbai, MH, 400 022, India
94. 15th Floor, Tower A, DLF Building No. 5, DLF Phase III, DLF Cyber City, Gurgaon, HR,
122002, India

*Information as provided by Protiviti India Member Pvt. Ltd. on 07.07.2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s eSec Forte Technologies Pvt. Ltd.

1. Name & location of the empaneled Information Security Auditing Organization :

M/S ESEC FORTE® TECHNOLOGIES PRIVATE LIMITED

Registered Address:
DELHI: A-2/10, A-2 Block, Rohini Sector- 5, New Delhi – 110085

Corporate Office (Mailing Address):

GURUGRAM:Plot No. 311,Jwala Mill Road, Udyog Vihar Phase- IV,
Gurugram – 122015, Haryana, India

Branch Office:
BANGALORE:143, 3rd Floor, 10th Cross, Indira Nagar 1st Stage,
Bangalore – 560038, Karnataka, India
MUMBAI:Plot C-59, Bandra Kurla Complex, Bandra East, Mumbai-
400051, Maharashtra, India

2. Carrying out Information Security Audits since : <2011>

3. Capability to audit , category wise (add more if required)

• Network security audit : (Yes)

• Web-application security audit : (Yes)
• Mobile-application security audit : (Yes)
• API security audit : (Yes)
• Cloud Security Assessment : (Yes)
• Wireless security audit : (Yes)
• Compliance audits (ISO 27001, PCI, etc.) : (Yes)
• Firewall Audits : (Yes)
• Digital Forensic Investigations : (Yes)
• Red Team Assessment : (Yes)
• Source Code Review : (Yes)
• Penetration Testing : (Yes)
• Vulnerability Assessment : (Yes)
• Incident Response : (Yes)

4. Information Security Audits carried out in last 12 Months :

Govt. : 5+
PSU : 5+
Private : 75+
Total Nos. of Information Security Audits done : 100+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : <20+>

Web-application security audit : <20+>
Red Team Assessment : <5+>
Wireless security audit : <5+>
Forensic Analysis and Incident Response : <5+>
Compliance audits (ISO 27001, PCI, etc.) : <10+>

6. Technical manpower deployed for informationsecurity audits :

CISSPs : <2>
CISM : <3>
OSCP : <6>
BS7799 / ISO27001 LAs : <3>
CISAs : <2>

Any other information security qualification:

CEH : <20+>
PCI QSA : <1>
CCSK : <1>
CHFI : <1>
CDFE : <1>
CTIA : <1>
ECIH : <1>
Others : <20+>
Total Nos. of Technical Personnel : 75+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience Qualifications related to Information

No. Employee <eSec Forte in security
Technologies> Information
Security
1 Sachin 2011 15Years CISSP, PCI QSA, CEH, CDFE, ISO
Kumar 27001,Nexpose Certified Administrator,
Metasploit Certified Administrator,B.Tech
2 Saurabh S 2017 14 Years B.Tech, MS in Cyber Law and Security ,
MCSE: Security, ITIL V3,ECSA, CyberarK
Vault Administrator, CPISI – PCI DSS
v3.2, Sourcefire Certified Professional,
Qualys Guard Security Expert.
3 Kunal Bajaj 2013 12 Years ISO 27001, B.Tech, MBA
4 Mohit Mittal 2015 14 Years CISM, CISA, AWS CSA, PMP
5 SB 2020 20 Years ISO 27001LA, CISM, CCSK
6 PK 2020 20+ CISSP, CISA, CISM, Certified RSA SE In
ASOC, MBA
7 JK 2016 6 Years M.Tech, B.Tech, CEH, Tufin Certified
Engineer
8 VR 2017 4 Years B.E., RHCE, RHCSA
9 VR 2019 6 Years ISO/IEC 27001:2005 Lead Auditor,
Certified Cyber Security Expert, Master of
Science in Cyber Law & Information
Security
10 S.C 2019 5 years OSCP, MCA, BCA
11 TS 2018 3 years OSCP, Tenable Certified Associate,
Fortinet’s Network Security Expert
Certification
12 AS 2019 1.5 years OSCP
13 DS 2019 10 Years Microsoft Certified: Azure Security
Engineer Associate, Palo Alto Networks
PSE,Certified Incident Handler (ECIH),
OPSec for ICS (DHS, US), Certified Threat
Intelligence Analyst (CTIA), CHFI
14 SS 2018 3 years OSCP, Fortinet’s Network Security Expert
Certification
15 Md. S 2019 4 Years OSCP, Certified Red Team Professional,
MCA, BCA
16 VS 2019 1.5 years OSCP, CEH
17 AK 2019 5 Years CEH
18 VP 2018 10 Years CyberArk Vault Administrator, Tufin
Certified Engineer, CCNP, CCNA
19 AC 2014 7 years TCSE, CMO
20 HK 2018 5 years TCSE, CEH, Tenable Certified Associate
21 AS 2019 5 Years TCSE, RHCE, RHCSA, Tenable.se Cert,
B.Tech
22 AT 2020 2 years Associate of ISC2 – CISSP, Certified
Ethical Hacker, CompTIA Security+
23 AW 2018 3 years ICSI – CNSS, AWS Security, Fortinet’s
Network Security Expert Certification,
24 RS 2019 3 years AWS Cloud Practitioner Essentials, Splunk
Infrastructure Overview, ICSI, UK –
Certified Network Security Specialist,
Splunk UBA
25 MS 2020 2.5 years ISO 27001:2013
26 MC 2020 1 year ISO 27001 : 2013 Lead Auditor

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

o Conducting Network Audit for Govt. Entity across 100+ locations for 10,000+
End points.
o Performed Audit of 100+ Applications for a large Business Process Organization
across different environments
o Performed Application Audit of~ 50 WAPT of very large and complicated
applications.

9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

• Metasploit
• Nexpose
• Nessus
• Nipper
• Netsparker
• HCL App Scan
• Checkmarx
• Burp Suite
• Nmap
• SSLScan
• Wireshark
• Immunity Canvas
• Immunity Silica
• Hak5 (Pineapple Wifi)
• Social Engineering Toolkit
• Kali Linux
• Aircrack-ng
• Ettercap
• John the Ripper
• Kismet
• Maltego
• Cuckoo
• Volatility
• sslstrip
• hping3
• dnswalk

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes

Yes, eSecForte Technologies is partner with multiple OEM Companies such as Tenable,
AccessData, Cato Networks, Tufin, BeyondTrust, OpenText, Logrhythym, HCL Software,
Microfocus etc. for Information Security and Forensic Products.

eSec Forte acts as Value Added Partner for these companies and is involved in Pre-Sales,
Implementation and Post-Sales activities.

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : Yes

Singapore : eSec Forte® Technologies Singapore PTE Ltd.

1 North Bridge Road, #11-10, High Street Centre, Singapore 179094 P: +65 31650903

Sri Lanka :eSec Forte Technologies Sri Lanka Pvt. Ltd.

Level 26 & 34, East Tower, World Trade Center, Echelon Square, Colombo, 00100, Sri Lanka

*Information as provided by <eSec Forte® Technologies Private Limited> on <29 December

2020>

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Talakunchi Networks Pvt Ltd

1. Name & location of the empanelled Information Security Auditing Organization:

Talakunchi Networks Pvt. Ltd., Mumbai

2. Carrying out Information Security Audits since : 2016

3. Capability to audit, category wise (add more if required)

• Network security audit : Yes

• Web-application security audit : Yes
• Wireless security audit : Yes
• Compliance audits (ISO 27001, PCI, etc.) : Yes
• Mobile Security audit : Yes
• Red Team and Blue Team Assessments : Yes
• Source Code Review : Yes
• Web and Mobile Application Security Testing (VAPT) : Yes
• Network, Server and Firewall Security Testing (VAPT) : Yes
• Vulnerability Assessment and Configuration Assessment : Yes
• SAP Security Audits : Yes
• IOT, Embedded and SCADA Security Assessments : Yes
• Cyber Security Threat Analysis : Yes
• Compromised Assessments : Yes
• Incidence Management and Response : Yes
• Reverse Engineering and Forensic Assessments : Yes
• Building & Maintaining Security Operations Centre (SOC) : Yes
• Managed Security Services (MSS) : Yes
• Managed Detection and Response (MDR) : Yes
• Security Awareness Trainings : Yes
• Physical Access Controls & Security Testing : Yes
• Business Continuity Disaster Recovery Planning (BCP-DRP) : Yes
• Regulatory Compliance Implementation and Management
(RBI, NCIIPC, IRDA, ISNP, SEBI, TRAI) : Yes
• International Cyber Security Framework
(ISO, NIST, ISACA, SANS, CIS) : Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : 4
PSU : NA
Private : 50+
Total Nos. of Information Security Audits done : 50+

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 20+

Web-application security audit : 50+
Wireless security audit : 3
Mobile Security audit : 15+
Compliance audits (ISO 27001, PCI, etc.) : 3
6. Technical manpower deployed for informationsecurity audits:
CISSPs : NA
BS7799 / ISO27001 LAs : NA
CISAs : 2
DISAs / ISAs : NA
Any other information security qualification:
20CEH, 2 OSCP, 8ECIH, 7 CTIA, 5 ECSA, 2 CHFI, 1 ECSP.Net, 7 CCNA
47
Total Nos. of Technical Personnel : 50

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications

No. Employee <organization> Information related to
Security Information security
1 Rahul Gala 4.5 Years 12.5 Years BE, OSCP, CISA, CEH,
ECSA, ECSP,GCIH, CEI
2 Vishal Shah 4.5 Years 12.5 Years BE, OSCP, CISA,
CEH,GCIH, FireEye
3 Pranjali Shah 4.5 Years 7.2 Years BE
4 Sujal Shah 4.5 Years 7.2 Years BE
5 Harshil Shah 4.2 Years 4.2 Years BE, CEH, ECSA, CTIA,
ECIH
6 Atik Vora 4.2 Years 4.2 Years BE, ECSA, ECSA
Practical, ECIH
7 Krishna Dasari 3 Years 3 Years BE
8 Narendra 2.5 Years 3 Years BE
Vishwakarma
9 Talha Sayed 2.5 Years 2.5 Years BE, CEH, ECSA, ECSA
Practical
10 Musharraf Khan 2.5 Years 2.5 Years BE, CEH, ECSA
11 Faisal Sonalkar 2.5 Years 2.5 Years BSc, CEH, CCNA
12 Saad Sonalkar 2.5 Years 2.5 Years BE, CEH
13 Sanket Patil 2 Years 2 Years MCA
14 Viraj Nayak 2 Years 2 Years BSc Comp
15 Nitesh Singh 1.5 Years 1.5 Years BE, CEH
16 Omkar Mane 1 Year 1 Year BE, CEH
17 Shahid Shaikh 1 Year 1 Year BE, CEH
18 Ravindra Auti 1 Year 1 Year MCA, CEH
19 Prajay Shetty 1 Year 1 Year BE, CEH
20 Harsh Bhanushali 1 Year 1 Year MSc

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Private Sector Bank

• Application Penetration Testing – 90+ Web Application, 8 Mobile Applications, 20+ API
• Infrastructure Penetration Testing – 2000+ IP Addresses Quarterly Basis
• Configuration Audit – 2000+ Servers & Network Devices Half Yearly
• Security Solutions Review – 40 Devices of 8 different category of devices

Project Term – 1.5 Years

Project Value – Approx. 1 Cr

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Squad1 (Proprietary)
Burp Suite Professional
MicroFocus Fortify
MicroFocusWebInspect
Nessus Professional
QualysGuard
Kali Linux
Metasploit
SQLMAP
Wireshark
ZAP
Charle’s Proxy
Netsparker
Nikto
CSRF Tester
Wapiti
Fiddler
SQL Ninja
W3af
WinHex
WebScarab
IDAPro
Drozer
MobSF
Nmap
Aircrack-ng
Cain & Able
JohnTheRipper
IronWasp
Nagios
Social Engineer Toolkit

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Talakunchi Networks Pvt. Ltd. on 29-Dec-2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s A3S Tech & Company

1. Name & location of the empanelled Information Security Auditing Organization :

A3S Tech & Company.

Registered Office- A/95 Kamla Nagar, Delhi- 110007.
Corporate Office- 1314, 13th Floor, Devika Tower,
Nehru Place, New Delhi- 110019

2. Carrying out Information Security Audits since : 2014

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, ISO 22301, ISO 27701
PCI, GDPR, HIPPA etc.) (Y/N) : Yes
• Mobile Application Security Audit (Y/N) : Yes
• ERP Audit (Y/N) : Yes
• Payment Gateway Audit (Y/N) : Yes
• Compliance audit as per Government of India
guidelines (Y/N) : Yes
• Source Code Review (Y/N) : Yes
• Cloud Security Review (Y/N) : Yes
• Swift Review (Y/N) : Yes
• Concurrent/ Continuous Audit (Y/N) : Yes
• Data Privacy audits (Y/N) : Yes
• Regulatory audit as per guidelines by
RBI, IRDA, SEBI, UIDAI etc (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : Nil
PSU : Nil
Private : 10+
Total Nos. of Information Security Audits done : 10+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 5+

Web-application security audit : 15+
Wireless security audit : 5+
Compliance audits (ISO 27001, PCI, etc.) : 4+

6. Technical manpower deployed for informationsecurity audits :

BS7799 / ISO27001 LAs : 2

CISAs : 3
DISAs / ISAs : 1
Any other information security qualification : 3
Total Nos. of Technical Personnel : 5+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related

No. <organization> Information Security to Information security
1. Sagar Gupta 6+ years 8+ years CISA, ISA/DISA, ISO
27001 LA, CEH, CDPSE
2. Arpita Gupta 6+ years 8+ years ISO 27001 LA
3. Akash Goel 1+ years 6+ years CISA

4. Vidhya Jayaraman 2+ years 4+ years CISA

5. Mahendra Pratap 1+ years 3+ years CEH

Singh

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

• Consultancy for Data Privacy and GDPR compliance for multiple locations in India for Rs
15 lakhs+
• Consultancy for implementing ISO 27001for multiple locations for 10 lakhs+

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

• Nmap
• Backtrack kali linux
• Custom Scripts and tools.
• Metasploit Framework, Netcat , BeEf
• Wireshark
• Tenable Nessus
• Burpsuite
• SQL Map
• Tamper Data
• Directory Buster
• Nikto
• Ettercap
• Webscarab
• Veda
• Backtrack
• Meta Sploit
• A3S customised scripts

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by <A3S Tech & Company > on October 25, 2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Andhra Pradesh Technology Services Ltd

1. Name & location of the empanelled Information Security Auditing Organization:

Andhra Pradesh Technology Services Ltd.

(Govt. of AP Undertaking)
Location: Vijayawada

2. Carrying out Information Security Audits since : 2018

3. Capability to audit, category wise (add more if required)

• Network security audit : (Yes)

• Web-application security audit : (Yes)
• Mobile Application Security audit : (Yes)
• Wireless security audit : (Yes)
• Compliance audits (ISO 27001) : (Yes)
• Infrastructure Audits : (Yes)
• Source Code Review : (Yes)
• Configuration Review (OS, DBMS & Network Devices) : (Yes)
• Remediation Consulting : (Yes)
• RedTeam Assessment : (Yes)

4. Information Security Audits carried out in last 12 Months:

Govt. : 371+
PSU : 5+
Private : 00
Total Nos. of Information Security Audits done : 390+

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 20

Web-application security audit : 360+
Wireless security audit : 0
Compliance audits (ISO 27001, PCI, etc.) : 1
RedTeam Assessments : 15+

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 00
BS7799 / ISO27001 LAs : 06
CISAs : 05
DISAs / ISAs : 00
Any other information security qualification:
1. ISMS : 01
2. OSCP : 01,
3. CEH : 04,
4. ECSA : 01,
Total Nos. of Technical Personnel : 15

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. <organization> Information Security Information security
1 Dr.G Jacob Victor 25-04-1998 17+ years PhD, ISMS, CISA
2 K.Dhavuryan Naik 14-08-1998 2+ years CISA, ISO 27001
3 K.Chandrasekhar 28-10-1992 2+ years CISA, ISO 27001
Reddy
4 P.Srinivasulu 06-04-1998 2+ years CISA, ISO 27001
5 M.SobhanBabu 30-06-1998 2+ years ISO 27001
6 PPV Satyanarayana 10-07-1992 2+ years ISO 27001
7 P.V Reddy 28-03-1998 2+ years ISO 27001
8 Ch. Venkateswara Dec, 2018 6+ years M.Tech, CISA, OSCP,
Reddy CEH,Nessus, Nessus
Security Center, Qualys
9 S. Mohana Krushna Mar, 2019 4+ years CEH
10 A KS Prabhat Verma Mar, 2018 2+ years CEH, Qualys (VM)
11 G.Yaswanth Kumar Jan, 2019 2+ years CEH, Qualys (VM)
12 T.Sreeja Dec, 2017 2+ years M.Tech (Cyber
Security) Qualys (VM)
13 G. Raghuveera July, 2017 3+ years Qualys (VM)
14 K.SriPraveena Sep, 2018 2+ years ECSA, Qualys (VM)
15 N.Durga Pavani Feb, 2019 2+ years Qualys (VM)

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

S.No Name of Scope of work Value

Client
Department
1. AP Transco The scope covers Transco infrastructure Inter
which transmits power to the DisComs who Departmental
further distribute the power further entire within the AP
Andhra Pradesh. State
The audit scope covers applications cover in Government
the Fire wall rule set review, Configuration
scanning of IT Assets, Application Security
scanning, Internal vulnerability scan, External
vulnerability scan, Internal and external
penetration testing.

2. Department of The Scope covers department centralized Inter

Municipal web portals along with the individual Departmental
Administration applications of 100+ Municipalities. The within the AP
assessment scope covers Application Security State
scanning, Internal vulnerability scan, External Government
vulnerability scan, Internal and external
penetration testing.
3. AP State Data The scope covers IT infra and security audit. Inter
Centre The audit scope covers applications cover in Departmental
the Fire wall rule set review, Configuration within the AP
scanning of IT Assets, Internal vulnerability State
scan, External vulnerability scan, Internal and Government
external penetration testing.

9. List of Information Security Audit Tools used (Commercial/ freeware/proprietary):

commercial:Acunetix, Burp Suite, Nessus, Nexpose, Metasploit.
Freeware: Kali Linux open source tools and MobSF ..etc

10. Outsourcing of Project to External Information Security Auditors / Experts : No

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Andhra Pradesh Technology Services Ltd on22/10/2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Bharti Airtel Service Limited

1. Name & location of the empanelled Information Security Auditing Organization :

Bharti Airtel Service Ltd

Plot# 16, UdyogViharPhase-IV
Sector 18, Gurgaon-122016

2. Carrying out Information Security Audits since : 2015-16

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) - Y

• Web-application security audit (Y/N) - Y
• Wireless security audit (Y/N) - Y
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) – Y
(Assessments)

4. Information Security Audits carried out in last 12 Months :

Govt. : <number of>

PSU : 1
Private : 7
Total Nos. of Information Security Audits done : 8

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 5

Web-application security audit : 2
Wireless security audit : NA
Compliance audits (ISO 27001, PCI, etc.) : 1

6. Technical manpower deployed for informationsecurity audits :

CISSPs : NA
BS7799 / ISO27001 LAs : 4
CISAs : 2
DISAs / ISAs : NA
Any other information security qualification :CISM – 4, CEH - 8
Total Nos. of Technical Personnel : 15

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration Experience in Qualifications related to

No. Employee with BASL Information Information security
Security
1 Aamir Banday 5 7 CISM, CEH, ISO27001
LA/LI, PCI DSS (QSA)
2 Ekta Bhurani 5 6 CEH, ISO27001 LA/LI
3 Ummed Meel 0.3 5 CEH, ISO27001 LA
4 Navneet Kumar 1.2 5 CEH, ISO27001 LA
5 Garima Maithani 1.3 1.3 CEH, ISO27001 LA
6 Ankit Gautam 1.3 1.3 CEH, ISO27001 LA
7 Saumya Yajurvedi 1.2 5 CEH, ISO27001 LA
8 Arvind Bhat 2 15 CISM, ISO27001 LA
9 Ashutosh Makkar 2.2 6 CISM, CEH, ISO27001 LA
10 Suchet Pajani 1.3 5 CISM, CEH, ISO27001 LA
11 Manish Tiwari 3.5 20 CISA, ISO27001 LA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Vulnerability Management, Penetration Testing, Firewall Assurance services for the

customer with user base of 4000+ nos, and with DC, DR and Cloud base Infra set-up.
The project value is ~2.5 Million per year.

The Services included Quarterly Vulnerability Management, and Half-Yearly Penetration

Testing & Firewall Assurance / assessment services. The locations included Noida, and
Bangalore.

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

1. BurpSuite
2. SQLMap
3. Acunetix
4. Nikto
5. HOLM Security
6. ZAPProxy
7. MetasploitFramework
8. Wireshark
9. Dirbuster

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Bharti Airtel Services Limited on 23-Oct-2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Codec Networks Pvt Ltd

1. Name & location of the empanelled Information Security Auditing Organization :

Codec Networks Pvt Ltd

507, New Delhi House, Barakhamba Road, New Delhi 110001
+91 9971676124, 9911738718, 011-43752299, 011-43049696
[email protected]

2. Carrying out Information Security Audits since : 2011

3. Capability to audit , category wise (add more if required)

• Network Security Audit (Y/N): Yes

• Web-application Security Audit (Y/N): Yes
• ERP and SAP Application Security Audit (Y/N): Yes
• Mobile Application Security Audit: Yes
• IoT Security Audit: Yes
• IT and OT SCADA System Security Audit (Y/N): Yes
• Wireless Security Audit (Y/N): Yes
• SDLC Review and Code Security Review: Yes
• Compliance audits (ISO 27001, ISO 27701, GDPR, SOC 2
ISO 20000, ISO 22301, HIPAA, PCI-DSSetc.) (Y/N): Yes
• IT Risk Assessments: Yes
• Formation and Review of IT Security Policy: Yes
• Business Continuity Planning / Disaster Recovery Audit: Yes
• IT General Controls Review: Yes
• Information Security Awareness and Trainings: Yes
• RBI Compliance Audit: Yes
• Aadhaar (UIDAI AUA/KUA) Compliance Audit: Yes
• ISNP Audit: Yes
• IT Security Due Diligence Audits: Yes
• Configuration Audits: Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 14
PSU : 09
Private : 138
Total Nos. of Information Security Audits done : 161

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 00
BS7799 / ISO27001 LAs : 03
CISAs : 01
DISAs / ISAs : 00
Any other information security qualification:10
Total Nos. of Technical Personnel : 10
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
S. Name of Employee Duration with Experience Qualifications related to
No. Codec Networks in Information security
Pvt Ltd Information
Security
CISA, CRISC, ISO 27001
LA, ISO 22301 LA, ISO
3001 RM, GDPR-CDPO,
Certified Payment Card
01 Mr. Rajendra Kathal 3 Years 16+ Years Industry Security
Implementer, COBIT5
Foundation, CEH, ISO
9001:2008, BS 15000,
ITIL v4 Foundation
ISO 27001 LA, BS 25999
Mr. Rajesh LA, ISO 31000 RM, ISO
02 5.5 Years 16+ Years
Sandheer 50001 LA, CDCP, Project
Management
03 Mr. Piyush Mittal 10+ Years 8+ Years BCA
04 Ms. Ritu Pandey 6+ Years 8+ Years MCA, ISO 27001 LA, CEH
MCA, OSCP, CEH, CASE,
Mr. Saurabh
05 5+ Years 5+ Years Seqrite Certified Endpoint
Bhardwaj
Security Professional
06 Mr. Gaurav Pant 4+ Years 4+ Years BCA, CEH
M.S in Cyber Security,
07 Mr. Rahul Kumawat 3+ Years 5+ Years CEH, ISCI CNSS, Fortinet
NSE 1 & 2
Mr. Amol
08 2.5+ Years 2.5+ Years MBA (ITBM)
Waghmare
09 Mr. Milan Singh 2.5+ Years 2.5+ Years B.Tech (CSE)
Mr. Shantanu
10 .5+ Years 1.5+ Years B.Tech (CSE), CEH, ECSA
Jahked

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Project 1 The client is a reputed scheduled commercial bank(Client Name is kept

confidential due to signed NDA and taking care sensitivity of Data
Security)
Nature of Project Work: Review and gap assessment of IT Security
Policy, IT Policy, Cyber Security Policy, Vendor Management Policy, BCP
Policy, IS Policy, Antivirus policy.
PO Value of the one cycle of assessment was 1.25 Lacs.

Project 2 The client is a reputed Indian private sector enterprise involved in

power generation, infrastructure, construction and defence (Client
Name is kept confidential due to signed NDA and taking care sensitivity
of Data Security)
Nature of Project Work: During the Audit, the IT General Controls
function were reviewed to gauge the effectiveness, to ensure the
integrity of the data and processes that the IT systems support such as
applications, operating systems, databases, and supporting IT
infrastructure.
PO Value of the one cycle of assessment was 2.75 Lacs

Project 3 The client is a prominent organization in healthcare industry which

specializes in root cause analysis of patient’s health problems to design
personalized health interventions with an online web/mobile application.
(Name kept confidential due to NDA signed).
Nature of project Work: Provided Comprehensive HIPPA and GDPR
compliance Consultancy, GAP Analysis and Risk Assessment, HIPPA and
GDPR Policies implementation and Process Review with ISO 27001.
Data Protection Policy Formulation, Documentation, HIPPA and GDPR
Internal Audit, HIPPA and GDPR Awareness Trainings.
PO Value of the one-year contract terms was 6.8 Lacs

Project 4 The client is one of the top Fintech start-ups specialise in offering
personal loan, credit card and personal credit line to consumers. (Client
Name is kept confidential due to signed NDA and taking care sensitivity
of Data Security)
Nature of Project Work: Comprehensive Security Assessment (VAPT)
testing for 03 web applications including and 02 mobile application.
PO Value of the one cycle of assessment was 1.25 Lacs.

Project 5 The client provides one stop solution to industry clients for all their
supply chain management needs, from technology development to
analytics. (Name kept confidential due to NDA signed).
Nature of project Work: Provided Comprehensive IT Security
Consultancy, GAP Analysis and Risk Assessment, Security Policy and
Process Review with ISO 27001 and ISO 27701 Data Protection Policy
Formulation, Documentation, Cloud Infrastructure and Cloud Application
Security Audit, Internal Audit and Certification, Security Awareness
Trainings.
PO Value of the one-year contract terms was 5.50 Lacs.

Project 6 The client is one of the fastest growing Insurance Company in India
offer a wide choice of life and general insurance policies available with
multiple insurance companies. (Client Name is kept confidential due to
signed NDA and taking care sensitivity of Data Security)
Nature of Project Work: Comprehensive Security Assessment (VAPT)
testing for 10 web applications including API Testing and 04 Mobile
Application.
PO Value of the one year contract terms was 2.80 Lacs.

Project 7 The Client is a reputed NBFC Public Sector Undertaking (PSU) with their
HQ in New Delhi and 4 branch offices around India. (Client Name is
kept confidential due to signed NDA and taking care sensitivity of Data
Security)
Nature of Project work: Provided Comprehensive IT Security
Consultancy, GAP Analysis and Risk Assessment, Security Policy and
Process Review with ISMS and BCMS Policy Formulation and
Documentation, Internal and External Network Vulnerability Assessment
Penetration Testing, Security Configuration Review, Final IT Security
Audit. Security Awareness Trainings.
PO Value of the one year contract terms was 3.25 Lacs.

Project 8 The clients is is a prominent organization in healthcare industry which

specializes in root cause analysis of patient’s health problems to design
personalized health interventions with an online web/mobile application.
(Name kept confidential due to NDA signed).
Nature of project Work: Provided Comprehensive IT Security
Consultancy, GAP Analysis and Risk Assessment, Security Policy and
Process Review with ISO 27001 and ISO 27701 Data Protection Policy
Formulation, Documentation, Cloud Infrastructure and Cloud Application
Security Audit, Internal Audit and Certification, Web and Mobile
Application Vulnerability Assessment Penetration Testing, Security
Configuration Review, Security Awareness Trainings.
PO Value of the one year contract terms was 7.25 Lacs.

Project 9 The client is a reputed Information Security Services Provider in Israel

( Client Name kept confidential due to signed NDA)
Nature of Project Work : Provide comprehensive security assessment
tests for 16 web applications, 02 mobile applications, Source Code
Review, Network Penetration testing and Configuration Review Services.
PO Value of the one year contract terms was 7.25 Lacs.

Project 10 The client provides AI-powered based products and Data Science
Analytics based services in India, US, UK, Singapore, Dubai (Name kept
confidential due to NDA signed).
Nature of Project Work: Comprehensive Security Assessment (VAPT)
testing for 05 web applications including API testing, External Network
security assessment for 27 Public IPs, Internal Networks Security
Assessment and configuration audit services for more than 225 nodes
including wireless devices, network devices, servers and security
devices.
PO Value of the one year contract terms was 4.80 Lacs.

Project 11 The Client is one among top Manufacturing Industry in Delhi NCR and
exporter from India and provides Sports and Outdoor products in
coloration from European countries. (Name kept confidential due to
sensitivity and security of the project work and NDA signed).
Nature of Project Work: Provided Comprehensive IT Security
Consultancy, GAP Analysis and Risk Assessment, Security Policy and
Process Review with ISO 27001 and Data Protection Policy Formulation,
Documentation, Internal and External Network Vulnerability Assessment
Penetration Testing, Security Configuration Review, Enterprise Security
Set up, Security Threat Monitoring and SOC Services. Security
Awareness Trainings.
PO Value of the one year contract terms was 5.45 Lacs.

Project 12 The Client is a Global Leader in Mobile Financial Services & Payment
Solutions and pioneers in m-commerce solutions provider based in India
and Middle East. (Name kept confidential due to sensitivity and security
of the project work and NDA signed).
Nature of Project Work: Security Assessment (VAPT) Testing for 06 web
applications including payment gateway and API testing, 02 mobile
applications along with source code review and performance testing
services.
PO Value of the one year contract terms was 4.10 Lacs.

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Tenable Nessus Professional Burp Suite Professional Acunetix

GFI LanGuard HP Web Inspect Nmap
Metasploit Pro Nexpose QualysGuard
Kali Linux Framework – Netcat, Cryptcat, Hping, Sqlmap, JTR, OpenVAS, SET, MSF, Dirbuster
Android Debug Bridge (adb) Mobile Security Framework (MobSF) Drozer
John The Ripper L0pth Crack Brutus
Xposed Framework Apktool d2j-dex2jar
Hydra OpenSSH OpenSSL
Ettercap WPScan DNSdumpster
Testssl Fluxion Routersploit
Netstumbler Aircrack-ng suite HTTrack
Nikto BeEF OpenVAS
Wireshark – Packet Analyzer Kismet Cain & Able
Maltego Putty W3AF
Snort Paros Proxy SNMPWalk
RAT - Router and network management

10. Outsourcing of Project to External Information Security Auditors / Experts: No

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No

12. Whether organization is a subsidiary of any foreign based organization?: No

13. Locations of Overseas Headquarters/Offices, if any: N.A

*Information as provided by Codec Networks Pvt Ltd on 01st July 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s ITORIZIN TECHNOLOGY SOLUTIONS PVT LTD

1. Name & location of the empaneled Information Security Auditing Organization :

ITORIZIN TECHNOLOGY SOLUTIONS PVT. LTD.

8/14, SHAHID NAGAR, GROUND FLOOR,
WING “A”, KOLKATA – 700078.
WEST BENGAL, INDIA

2. Carrying out Information Security Audits since : 2017

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) : Yes
• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001,IEC 62443, IEC 27019, PCI, etc.) (Y/N) : Yes
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N) : Yes
• ICS/OT Audits (Y/N) : Yes
• Cloud security Audits (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : 05
PSU : NIL
Private : 19
Total Nos. of Information Security Audits done : 24

5. Number of audits in last 12 months , category-wise

Network security audit : 07

Web-application security audit : 14
Wireless security audit : NIL
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 04
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : NIL
ICS/OT Audits : NIL
Cloud security Audits : 01

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 0
BS7799 / ISO27001 LAs : 2
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 7
Total Nos. of Technical Personnel : 09

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations

Duration with
ITORIZIN Experience in
Sl. Name of Qualifications related to
TECHNOLOGY Information
No. Employee Information security
SOLUTIONS PVT Security
LTD
Basudev - ISMS LA
1 4 Yrs 18.8 Yrs
Gangopadhyay - CEH
- ISMS LA
Debjyoti - CEH
2 2.4 Yrs 3.8 Yrs
Chowdhury - CHFI
- CyberArk Certified Trustee
- CEH
Sirsendu
3 3.2 Yrs 4.8 Yrs - CyberArk Certified Trustee
Bharati
- Vulnerability Mgmt. by Qualys

- CEH
4 Susanta Saha 2.4 Yrs 13.8 Yrs - CyberArk Certified Trustee
- Vulnerability Mgmt. by Qualys
- CEH
- CHFI
- CyberArk Certified Trustee
5 Asmita Sarkar 2.4 Yrs 5.8Yrs
- Vulnerability Mgmt. by Qualys
- NSE1 Network Security
associate
- CEH
- Google IT Support Professional
Certificate (Offered By -
Google through Coursera)
Tanmoy
6 2.2 Yrs 2.2 Yrs - Cyber Security Specialization
Samanta
(Offered By - University of
Maryland through Coursera),
- Vulnerability Mgmt. by Qualys
- CyberArk Trustee
- Red Hat Certified System
7 Sourav Pal 1.7 Yrs 1.7 Yrs Admin
- CEH
- ICSI
8 Nishant Kumar 10 Months 10 Months
- CNSS
9 Arnab Giri 3 Months 3 Months - CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Web Application Security Assessment for a Corporate.

Project Volume: 133 nos of IPs, 24 Websites, 10 Web Apps, 11 Mobile Apps, 24 Internal Apps.
Project cost: 14.94 Lacs

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Commercial
- Burp Suite

Freeware
- Nessus
- Metasploit Tool
- Wire Shark
- NMap
- SQLmap
- Dirbuster
- OpenVas
- Genymotion+Santoku OS
- Postman
- Nipper
- Aircrack-Ng
- Airmon-Ng
- Airodump-Ng
- Gerrit
- RIPS

10. Outsourcing of Project to External Information Security Auditors / Experts: Yes

( If yes, kindly provide oversight arrangement (MoU, contract etc.)

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : No
If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : None

*Information as provided by ITOrizin Technology Solutions Pvt Ltdon 01-07-2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s PRIME INFOSERV LLP

1. Name & location of the empanelled Information Security Auditing Organization:

Name - PRIME INFOSERV LLP,

Address- 60, SIBACHAL ROAD, BIRATI, KOLKATA 700051

2. Carrying out Information Security Audits since : 2010

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/NYES) - YES

• Web-application security audit (Y/N) - YES
• Wireless security audit (Y/N) - YES
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) - YES

4. Information Security Audits carried out in last 12 Months :

Govt. :<number of1>West Bengal Electronics Industry Development Corporation Ltd.

(WEBEL)
PSU :<number of1>POWER SYSTEM OPERATION CORPORATION LIMITED (POSOCO),
Eastern Regional Load Despatch Centre
Private :<number OF 20>GKB Rx Lens Pvt. Ltd, Grasim Industries Ltd (Jaya Shree
Textiles, Aditya Birla Group), Meghbela Broadband, Wooribank – Bangladesh,Essel
Mining, Mihup Communication, Khadim India Ltd.
Total Nos. of Information Security Audits done : 22

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit: <9>(Jayashree Textile, Essel Mining, Khadim, GKB Rx, Algo
Energy Tech, Lexplosion, Woori Bank, Waterbase (KaramchandThaper Group), IKONET)
Web-application security audit: <6>AlgoEnerytech, Lexplosion, Woori Bank, Intelligent
Image Management Inc, Saratella, Aditya Birla Insulator
Wireless security audit:<number of 2>GKB Rx Lens Pvt. Ltd, Grasim Industries Ltd
(Jaya Shree Textiles, Aditya Birla Group),
Compliance audits (ISO 27001, PCI, etc.):<5>West Bengal Electronics Industry
Development Corporation Ltd. (WEBEL), GKB Rx Lens Pvt. Ltd, Intelligent Image
Management Inc, Meghbela Cable & Broadband Services Pvt Ltd, Matrix Media Solutions
Pvt Ltd

6. Technical manpower deployed for informationsecurity audits :

CISSPs : <2> - Kishore Vekaria, Sabyasachi Hazra

BS7799 / ISO27001 LAs : <5>Ajai Srivastava, Saurabh Sarkar, Sabyasachi Hazra,
Tapas Majumder, Sanjib Chowdhury
CISAs : <3>Sanjib Chowdhury, Tapas Majumdar, Sabyasachi Hazra
DISAs / ISAs : <number of>
Any other information security qualification:<number of>OSCP. CHFI, CEH, ECSA,
PMP, PCI-DSS, CISM
Total Nos. of Technical Personnel : 10

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Experience in
S. Duration with Qualifications related to
Name of Employee Information
No. organization Information security
Security
1 Kishore Vekaria 1st Feb 2017 30+ years CISSP, CCNA
2 Smith Gonsalves 1st Feb 2017 5+ years OSCP. CHFI, CEH. Certified
Advance Penetration Tester
3 Sudipta Biswas 1st May 2017 15+ years CEH, ISMS LA, STQC-CISP,
STQC-Certified Internal
Information Security Auditor
4 Soumadeep 12th April 2017 3+ years CEH
Chakraborty
5 Sanjib Chowdhury 4TH March 2019 3+ years CISA, PCI-DSS, ISO 27001

6 Subhamoy Guha 4th March 2019 2 years CEH, ECSA

th
7 Tapas Majumder 10 Oct 2019 5+ years CISA, ISO 27001 Lead Auditor
th
8 Saurabh Sarkar 29 Nov 2017 8+ years ISO 27001 Lead Auditor
th
9 Ajai Srivastava 16 Sept 2019 12+ years ISO 27001 Lead Auditor, Lead
Implementer 27001 & 9001

10 Sabyasachi Hazra 16th Sept 2019 12+ years CISSP, CISA, CISM, CRISC,
PMP, LA, CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

• Project – Compliance Audit and VAPT

• Customer Name - GKB Rx Lens Pvt Ltd
• Total value – 1534000/-
• Location – Kolkata, West Bengal
• Complexity – Large infra across India with diverse platform and technologies. There
were global compliance norms for GDPR and ISO 27001 framework for their mother
organization Essilor

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Netcat

10. Netcat , NMAP, Metasploit Framework, Vega, W3af, OWASP Zed Attack Proxy Project, Firefox
addon, Kali Linux tools , Nessus, Burpsuit, NetSparker, Accunetix, F-Secure Radar.

11. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by PRIIME INFOSERV LLP on 26-10-2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s QRC Assurance and Solutions Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

• Name: QRC Assurance and Solutions Private Limited

• Location: Office No 508, Plot No 8, Ellora Fiesta, Sector -11,
Sanpada, Navi Mumbai, Maharashtra, India, 400705

2. Carrying out Information Security Audits since : 2016

3. Capability to audit, category wise (add more if required)

• Network security audit : Yes

• Web-application security audit : Yes
• Wireless security audit : Yes
• Compliance audits (ISO 27001, PCI, etc.) : Yes
• Vulnerability Assessment : Yes
• Penetration Testing : Yes
• Mobile Application Security Testing : Yes
• API Security Testing : Yes

4. Information Security Audits carried out in last 12 Months:

• Govt. : One (1)

• PSU : Zero
• Private : Sixty (60)
• Total Nos. of Information Security Audits done : Sixty (60)

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

• Network security audit : 50

• Web-application security audit : 35
• Wireless security audit : 1
• Compliance audits (ISO 27001, PCI, etc.) : 40
• Vulnerability Assessment : 100
• Penetration Testing : 100
• Mobile Application Security Testing : 15
• API Security Testing : 25

6. Technical manpower deployed for informationsecurity audits:

• CISSPs : None
• BS7799 / ISO27001 LAs : Six(6)
• CISAs : Three (3)
• DISAs / ISAs : None
• Any other information security qualification:
• CISM: One (1)
• CDPSE: Two (2)
• CRISC: One (1)
• CEH: Five (5)
• CHFI:One (1)
• ECSA: One (1)
• OSCP: One (1)
• PCI-QSA: Five(5)
 PA-QSA: One (1)
 PCI-3DSA: One (1)

 Total Nos. of Technical Personnel : 20

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Experience in Qualifications related

S. Name of Duration
Information to Information
No Employee with QRC
Security security
PCI-QSA, PA-QSA,
CDPSE, ISO 27001 Lead
Mr Vamsikrishna 04 years 10
1. 19 years Auditor, CISA, HIPPAA,
Maramganti months
COBIT 5, ITIL
Foundation

PCI-QSA, PCI-3DSA,
03 years 03
2. Mr Kalpesh Vyas 19 years CISA, CISM, CRISC,
months
CDPSE, ISO 27001 LA

Ms Akshata 04 years 10 CISA, 1SO27001:2013.

3. 6 Years
Bhaskar months LA, PCI-QSA
MS (Cyberlaw &
Mr Hare Krishna 04 years 06 Information Security),
4. 6 Years
Tiwari months IS0 27001:2013 LA, IS0
27001:2013 LI, PCI-QSA
02 years 11 BE (IT), CEH, CHFI,
5. Mr Vicky Fernandes 5.3 years
months ECSA, RHCSA
Mr Prashant 03 years 04 B. Tech (IT), CEH,
6. 3.4 years
Srivastava months OSCP
Mr Shashwat 03 years 02
7. 3.2 Years B. Tech (IT)
Verma months
03 years 02
8. Mr Saif Ahmad 3.2 Years B. Tech (IT)
months

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

1. One of the banks in India:

• Enterprise Vulnerability Assessment and Penetration Testing services including
Infrastructure VAPT audit of 350+ Servers
• Web and Mobile Application Security Assessments for 5+ applications
• PCIDSS Audit
• Information Security and Systems Audit

Project Value: Confidential

2. One of the Payment Gateways in India:

• Vulnerability Assessment and Penetration Testing covering about 50+ systems
• Web and Mobile Application Security Testing of 4+ critical Payment Gateway
Applications
• PCIDSS Audit

Project Value: Confidential

3. One of the BPOs in USA

• Vulnerability Assessment and Penetration Testing covering 200+ systems across 3
International Geographic Locations
• PCIDSS Audit for three (3) multiple locations across Globe

Project Value: Confidential

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

A. Commercial Tools
1. Nessus Professional
2. Netsparker Professional
3. Burp Suite Professional
4. QualysGuard

B. Open Source
1. Kali Linux
2. Nmap
3. Wireshark
4. OWASP ZAP
5. SSL Scan
6. HTTrack
7. Network Stumbler
8. Aircrack suite
9. Nikto
10. Cain and Abel
11. Mobile Security Framework
12. L0phtcrack: Password Cracker
13. OpenVas
14. W3af
15. Directory Buster
16. SQL Map
17. Android Tamer
18. Metasploit

C. Proprietary Tools (Inhouse developed)

1. QRC dataFinder

10. Outsourcing of Project to External Information Security Auditors / Experts : No

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by QRC Assurance and Solutions Private Limited on 26-October-2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s RNR Consulting Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

RNR Consulting Private Limited.

E-16/169, Sector-8, Rohini,
Delhi 110085

2. Carrying out Information Security Audits since : 2014

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Y

• Web-application security audit (Y/N) : Y
• Wireless security audit (Y/N) : Y
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) : Y
• ICS/OT Audits (Y/N) : Y
• Cloud security Audits (Y/N) : Y

4. Information Security Audits carried out in last 12 Months:

Govt.:1
PSU:2
Private:25+
Total Nos. of Information Security Audits done:28+

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit: 6

Web-application security audit: 25+
Wireless security audit:2
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): 10
ICS/OT Audits:2
Cloud security Audits:4

6. Technical manpower deployed for informationsecurity audits:

CISSPs:1
BS7799 / ISO27001 LAs:8
CISAs: 4
DISAs / ISAs: None
Any other information security qualification:6
Total Nos. of Technical Personnel:20

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications

No. RNR Consulting Information related to
Private Limited Security Information
security
CISSP, CISA, CEH,
1 Nitish Goyal 6+ years 8+ years ISO27001 LA,
PCI-DSS
CEH, CHFI,
ISO27001 LA,
2 Jagbir Singh 6+ years 12+ years
SANS certified,
Cyber Law
M.S (State Univ.
New York) MBA,
3 Arup Roy 6+ years 30+ years
Lead Auditor for
ISO 27001, ISO
20000, ISO
22301, ISO 9001,
BS 10012
CISA, ISO27001,
CEH, MCSE,
4 Vinay Singh 6+ years 14+ years
CCNA, Penetration
Tester, Network +
5 Shyam Thakur 6+ years 9+ years ISO27001, CEH
6 Rakesh Kumar 1+ year 4 years CEH, CCNA, MCSE
7 Vibha Gupta 1+ year 2+ years CEH
8 Narendra 1+ year 2+ years CEH
9 Arun Goyal 6+ years 6+ years CISA, CCNA, CCNP
10 Mousumi Pattnayak 1+ years 2+ years ISO 27001
11 Abhay Mathur 1+ years 23+ years ISO 27001

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

RNR carried out a project for a power sector PSU with the following scope

• Network Security Audit: 1200+ Devices

• Server and Desktop/Laptop Security Audit: 4500+ Devices
• Application Security Audit: 120+ Applications
• ISO 27001 Internal Audit

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):

Commercial:

• Nessus Professional
• Nipper
• Acunetix
• Burp Suite
• beSecure

Proprietary: -

• Own developed scripts for Operating System and Database Audit.

Freeware:

• SonarQube
• Cloudsploit
• Security Monkey
• Nmap
• DOMTOOLS - DNS-interrogation tools
• Nikto - This tool scans for web-application vulnerabilities
• Hping – TCP ping utilitiy
• Dsniff - Passively monitor a network for interesting data (passwords, e-mail, files, etc.).
• SQL Tools - MS SQL related tools
• John - John The Ripper, Password-cracking utility
• Wikto - Web server vulnerability assessment tool
• Back Track
• MetaSploit
• Ethereal - GUI for packet sniffing. Can analyse tcpdump-compatible logs
• NetCat - Swiss Army-knife, very useful
• Hping2 - TCP/IP packet analyzer/assembler, packet forgery, useful for ACL inspection
• Brutus – password cracking for web applications, telnet, etc.
• OpenVas
• W3af
• Owasp
• Wire Shark
• Ettercap
• Social Engineering Tool Kit
• Aircrack-Ng
• SOAPUI
• Hydra
• Directory Buster
• SQL Map
• SSL Strip
• CAIN & Able
• Fiddler
• Tamper Data
• Postman

10. Outsourcing of Project to External Information Security Auditors / Experts: Yes, Contact,
NDA and MoU

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No

12. Whether organization is a subsidiary of any foreign based organization?: No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any: No

*Information as provided by RNR Consulting Private Limited on 01st July 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Sattrix Information Security Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization :

Sattrix Information Security (P) Ltd

2. Carrying out Information Security Audits since : 2014

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Y

• Web-application security audit (Y/N) : Y
• Wireless security audit (Y/N) : Y
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y

4. Information Security Audits carried out in last 12 Months :

Govt. : 0
PSU : 0
Private : 3
Total Nos. of Information Security Audits done : 3

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 3

Web-application security audit : 3
Wireless security audit : 3
Compliance audits (ISO 27001, PCI, etc.) : 0

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification :CEH, MF Fortify
Total Nos. of Technical Personnel : 13

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. Sattrix Information Security Information security
1 Krunal Mendapara 5.5 years 5.5 years B.Tech, CeH
2 Yash Zalawadia 3.5 years 3.5 years B.E, CeH
3 Anurag Priyam 5 years 5 years B.E, CeH, AWS Cloud
Practitioner
4 Anil Kumar 2 years 3.5 years B.E, CeH
5 Ankit Shah 2.5 years 2.5 years B.E
6 Mahendra Patel 1 year 14 years B.E, MBA
7 Sudhanshu Singh 1.5 years 1.5 years BSc-IT
8 Ashutosh 3.5 years 3.5 years B.Tech, AWS Associate
Solution Architect
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

• Project 1
 Location – USA
 Project – infrastructure audit
 Activity – Vulnerability Assessment, Penetration Testing, Reporting and
remediation suggestion, Remediation of Vulnerability and patching activity
 Location – 3
 Volume – 5000 users
 Project Value - $80K+

9. List of Information Security Audit Tools used (Commercial/ freeware/proprietary):

• Commercial – MF Fortify SSC, MF Fortify SCA, Nessus, Rapid7

• Freeware – burp suit, Kali linux, Metasploit, SQL Map, NMAP, Wireshark, W3AF, Aircrick

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes

*Information as provided by Sattrix Information Security (P) Ltd. on 28-Oct-2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Tata Advanced Systems Ltd.

1. Name & location of the empaneled Information Security Auditing Organization:

Organization Name: Tata Advanced Systems Ltd.

(Cyber & Physical Security Division)
Location: Office No. 15, 6th floor, Tower 1,Stellar IT Park,C-25, Sector-62
Noida, Uttar Pradesh, India. PIN - 201307

2. Carrying out Information Security Audits since : 2017

3. Capability to audit, category wise (add more if required)

Network security audit (Y/N) : Y

Web-application security audit (Y/N) : Y
Wireless security audit (Y/N) : Y
Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y
Android Security Audit(Y/N) : Y
IOS security Audit(Y/N) : Y
IOT Security Audit(Y/N) : Y

4. Information Security Audits carried out in last 12 Months:

Govt. : 0
PSU : 0
Private : 6
Total Nos. of Information Security Audits done : 6

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 4 (500+ Servers &

250+ Network Devices)
Web-application security audit : 20+ Applications
Wireless security audit : 4
Android Security Audit : 3
IOS security Audit : 1
Compliance audits (ISO 27001, PCI, etc.) : NIL

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 1
BS7799 / ISO27001 LAs : N/A
CISAs : N/A
DISAs / ISAs : N/A
CEH : 4
ECSA : 1
CHFI : 2
Total Nos. of Technical Personnel : 7
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related

No. Employee TATA Advanced Information to Information
Systems Ltd Security security
1 Arun Kumar 1 year 10 12 years M.S. (software
months systems), CISSP
2 Ankit Gupta 1 year 10 6 Years MCA, CHFI & ECSA
months
3 Kamaljeet Kumar 1 year 9 months 2 years 3 months M.Tech (Cyber
Security), CEH
(Practical) v10
4 Nitya Nand 9 months 2 years 5 months MCA, CEH-v10

5 Jesna Joy 9 months 3 years 6 months B.Tech (CSE),CEH-V10

6 Yash Kansal 2months 2months Post Graduate
Diploma in Cyber
Security and Law

8. pecify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.

S. Organization Volume Complexity Locations Project

No. Type Value
1 Aviation Network On-prem and multi- Ahmedabad INR
Industry Devices150+ cloud Infra spread Bhubaneswar 2,900,000/-
across various Bangalore
Servers: 350+ availability zones. Mumbai
Delhi
The organization Dibrugarh
Web -
houses multi-vendor Guwahati
Applications:
SaaS products Goa
15+
including inhouse Gurgaon
application servicing Bagdogra
Mobile Lucknow
4000+ mobile
Application Mumbai
workforce across 34
(Android & IOS): Pune
locations
20 Raipur
Amritsar
Kolkata
Cochin
Hyderabad
Chandigarh
Jammu
Ranchi
Chennai
Srinagar
Varanasi

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):

a. Commercial Tools:Nexpose, Burp suite, Netalytics

b. Freeware Tools:Kali Linux, MobSF, Wireshark, Nipper, Powershell Empire, Virus Total,
Drozer, Frida & Objection, Inspeckage, APKtools, Shodan, Nmap, Metasploit, Nikto, ZAP,
Responder, Impacket Crackmapexec, , onesixtyone, Searchsploit, Maltego, LFIsuite,
SQLMAP and etc.
c. Proprietary Tools: Netalytics

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by TATA Advanced Systems Ltd. on 26th October 2020

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Dr CBS Cyber Security Services LLP

1. Name & location of the empanelled Information Security Auditing Organization :

Dr CBS Cyber Security Services LLP

113, Suraj Nagar East, Civil Lines, Jaipur, Rajasthan-302006

2. Carrying out Information Security Audits since : 2017

3. Capability to audit , category wise (add more if required)

Network security audit (Y/N) : Yes

Web-application security audit (Y/N) : Yes
Wireless security audit (Y/N) : Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) Yes
End Point Security Audit (Y/N) Yes
Information Security Policies Formulation& Review as per Legal Yes
Mandates & International Standards(ISO/IEC 27001:2013, ISO 27002,
Rule 4 & 8 of IT Reasonable Security Practice & Procedure & Sensitive
Personal Data Rules 2011(Y/N) :
Communications Security Testing (Y/N) : Yes
Vulnerability Assessment & Penetration Testing (Y/N) : Yes
Exploitation of Vulnerabilities (Y/N) Yes
Network Mapping (Y/N) Yes
Application Security Assessment (Y/N) Yes
Malware Backdoor Detection Yes
Risk Assessment(Y/N) : Yes
Physical Security Review (Y/N) : Yes
Information Security Trainings (User awareness& counseling, cybercrime Yes
investigation, technical training, etc.) (Y/N) :
Enterprise Security Architecture Review (Y/N) : Yes
Data Leak Prevention (DLP) consulting (Y/N) : Yes
Mobile Application Security Audit (Y/N) : Yes
Compliance Audit (GDPR, RBI, SEBI, Stock Exchanges, IRDA etc.) (Y/N) : Yes
API Security Audit (Y/N) : Yes
Network Performance Testing (Y/N) : Yes
Cloud Security Audit (Y/N) : Yes
Source Code Review/Audit (Y/N) : Yes
Incident Response (Y/N) : Yes
IoT Security Assessment (Y/N) : Yes
Data Centre Audit / Security Operation Centre (SOC) Audit Yes
Authentication User Agency (AUA ) / KYC User Agency (KUA) - Aadhaar Yes
Audit) (Y/N) :
Electronic Signature (e-Sign) Compliance audit(Y/N) : Yes
Red Team Assessment (Y/N) : Yes
AEPS &AadhaarPay Micro ATM Audit (Y/N) : Yes
Supervisory Control & Data Acquisition(SCADA) Security Audit (Y/N) : Yes
Cyber Forensics (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 02
PSU : 00
Private : 05
Total Nos. of Information Security Audits done : 07

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit: 06

Web-application security audit: 12
Wireless security audit: 06
Formulation of IT Security Policies: 01
Compliance audits (ISO 27001, PCI, etc.):00
6. Technical manpower deployed for informationsecurity audits :

CISSPs : 00
BS7799 / ISO27001:2013 Lead Auditors : 05
CISAs : 00
DISAs / ISAs : 01
Any other information security qualification:

Certified Ethical Hacker (CEH) from EC Council: 05

Diploma in Cyber Law : 07
Certificate in International Law on E-Commerce : 02
Masters in Cyber Security (M.Tech) : 01
Masters in Computer Science (M.Tech) : 01
MSc (IT) : 01
MSc (Micro Electronics) : 01
MSc (Advance Electronics ) : 01
Bachelor of Technology (B.Tech-CSE/ECE) : 06
Bachelor in Law : 01
Any other informationsecurityqualification : 08
Total Nos. ofTechnicalPersonnel : 09

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration Experience Qualifications related to

No with in Information security
. organizati Informatio
on n Security
1. Dr C B Sharma IPS (R) 05 Years 05+Years • Certified Lead Auditor
ISMS(ISO/ IEC
27001:2013) from Indian
Institute of Quality
Management (IIQM)
• Diploma in Cyber Law
• MSc Physics (Microwave
Electronics),
• LL.B,
• MA Philosophy,
• PhD

2 Mrs. Swati Vashisth 05 Years 05+ Years • B.Tech (CSE),

• MBA(PGDRM) from IRMA
• Certified Lead Auditor ISMS
(ISO/IEC 27001:2013) from
Indian Institute of Quality
Management (IIQM),
• Diploma in Cyber Law,
• Diploma in Information
System Audit (DISA) from
Indian Institute of Banking
Finance (IIBF)
• Certified Ethical Hacker
from EC Council,
• Certificate in Prevention
Of Cyber Crimes And
Fraud Managementfrom
Indian Institute of Banking
Finance (IIBF)
• Certification in IT Security,
from Indian Institute of
Banking Finance (IIBF)
• Certification in
Information System
Bankerfrom Indian
Institute of Banking Finance
(IIBF)
3 Mr. SachinKumar 05 Years 05+ Years • B.Tech (CSE),
Sharma • M.Tech(CSE),
• Certified Lead Auditor ISMS
(ISO/IEC 27001:2013) from
Indian Institute of Quality
Management (IIQM),
• Certified Ethical Hacker
from EC Council,
• Diploma in Cyber Law,
• Certificate in International
Law on E-Commerce

4 Mr. Satyendra Singh 05 years 05+ Years • M.Sc (IT),

• Certified Lead Auditor
ISMS (ISO/IEC
27001:2013)
from Indian Institute of
Quality Management
(IIQM),
• Diploma in Cyber Law,
• Certified Ethical Hacker
from EC Council

5. Mrs. Manju Sharma 05 years 05+ Years • Diploma in Cyber Law

• BSc
• MA
• Diploma in Textile
Designing

6. Mr. VishrantOjha 02 Years 02+ Years • B.Tech (ECE),

• M.Tech(Cyber Security)
from Sardar Patel Police
University, Jodhpur,
• Diploma in Cyber Law
• Certified Ethical Hacker
from EC Council

7 Mr. Ramesh Prasad 03 years 03+ Years • Polytechnic diploma (ECE),

Verma • Certified Lead Auditor
ISMS (ISO/IEC
27001:2013)
from Indian Institute of
Quality Management
(IIQM),
• Certified Ethical Hacker
from EC Council,
• Diploma in Cyber Law,
• Red Hat Linux
Certification,
• HCL CDC network
administration

8 Mr. Balkrishna Sharma 2 Years 02+ Years • B.Tech (CSE)

• CCNA,
• MCITP from Microsoft

9. Prof. (Dr.) Yogesh 0.5 Year 23 Years’ • PhD (Physics with

Chandra Sharma Experience specialization in
in Research Condensed Matter Physics
(Research & & )
Development) Development • MSc (Physics with
in the field of Specialization in Advanced
advanced Electronics)
electronics, • BSc
Condensed • Diploma in cyber Law (
Matter and pursuing)
Thermoelectr • Member American Physical
ics Society
• Vice President, IAPT,
Rajasthan Jaipur Chapter
• Treasurer , MRSI (IISc,
Bangalore) Rajasthan
Chapter
• Supervised 11 PhD thesis,
20 PG projects & 20 UG
projects
• Have Guided & Supervised
8 Projects of about 50 lacs
with agencies like DRDO,
RRCAT, IUAC, RTU etc.
• Have published more than
50 research papers
• Have organized more than
20 national and
international conferences /
workshops

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

S.No. Organization Scope Details of IT Location

Infrastructure
1. One of the 1.Gap Analysis and Review of Documented Audit Total 19
leading textile & Existing Policies Report as per Scope locations at
garment 2. Risk Assessment and of work of : Mumbai,
manufacturer Vulnerability Assessment Computers:1091, Tarapur,
company of India (End Point, Server, Network, Servers:18, Daman,
Firewall, Routers, Switches, E- Firewall:16, Silvassa,
Project Value : mail, Website, Web Switches:110, &
NA Application, Wi-Fi: 22, Bhiwandi
Mobile Application, Software, DVR:28
Back-up, CCTV etc.) Cameras:295
3. Penetration Testing
4. Exploitation of
Vulnerabilities
( In the System and
Networks).
5. Detailed Documented IT
Security
Audit Report and Actionable
Items etc.
(Top Critical Vulnerability,
End
Point Security, Server Related
Vulnerability, Network,
Internet
and Wireless Security.
6. Web Application Software
Security
7. Physical Access Control and
Security
8.Conceptual Guidance
( IT Security Standards and
Controls etc.)
9. Information Security
Training
and Awareness.

2. One of the 1.Gap Analysis and Review of Documented Total 06

Biggest leader in Existing Policies Audit Report as locations at
field of Solar 2. Risk Assessment and per Scope of work Mumbai,
power energy Vulnerability Assessment (End of : Pune,
products Point, Server, Network, Computers:198, Bengalore,
Firewall, Servers:02, Chennai,
Project Value : Routers, Switches, E-mail, Firewall:02, Gurugram&
NA Website, Web Application, Switches:03 Dubai
Mobile Wi-Fi:15
Application, Software, Back-up, S/w application:
CCTV etc.) 02
3. Penetration Testing DVR: 1,
4. Exploitation of Cameras: 8
Vulnerabilities
( In the System and
Networks).
5. Detailed Documented IT
Security
Audit Report and Actionable
Items etc.( Top Critical
Vulnerability, End Point
Security,
Server Related Vulnerability,
Network, Internet and Wireless
Security.
6. Web Application Software
Security
7. Physical Access Control and
Security
8.Conceptual Guidance( IT
Security
Standards andControls etc.)
9. Information Security
Training
and Awareness.
3. Asia’s largest IT Security Audit of Data Documented Hyderabad
tier-4 data Center Audit Report as
center in India 1. Logical Security per Scope of work
2. Physical Security of :
ANSI/TIA-942
Design
Certification:
Rated-4/Tier-4:
Fault Tolerant Site
Infrastructure
On:
i) Certification
and Compliances
ii) Physical
Security
iii) Logical
Security
iv)
Recommendation

4. Tier-4 data IT Security Audit of Data Documented Mumbai

center in India Center Audit Report as
1. Logical Security per Scope of work
2. Physical Security of :
ANSI/TIA-942
Design
Certification:
Rated-4/Tier-4:
Fault Tolerant Site
Infrastructure
On:
i) Certification
and Compliances
ii) Physical
Security
iii) Logical
Security
iv)
Recommendation
5. One of the Indo- 1.Gap Analysis and Review of Documented Total 03
US Organization Existing Policies Audit Report as locations at
in field of 2. Risk Assessment and per Scope of work Mumbai,
Geosynthetic Vulnerability Assessment (End of : Daheli,
material Point, Server, Network, Computers:121, Daman
Firewall, Servers:3,
Routers, Switches, E-mail, Firewall:01,
Project Value : Website, Web Application, S/w application:
NA Mobile 01
Application, Software, Back-up, Wi-Fi:07
CCTV etc.) DVR: 1,
3. Penetration Testing Cameras: 8
4. Exploitation of
Vulnerabilities
( In the System and
Networks).
5. Detailed Documented IT
Security
Audit Report and Actionable
Items etc.( Top Critical
Vulnerability, End Point
Security,
Server Related Vulnerability,
Network, Internet and Wireless
Security.
6. Web Application Software
Security
7. Physical Access Control and
Security
8. Conceptual Guidance (IT
Security Standards and
Controls
etc.)
9. Information Security
Training
and Awareness
6. One of the 1.Gap Analysis and Review of Documented Audit Total 18
leading textile & Existing Policies Report as per locations at
garment 2. Risk Assessment and Scope of work of : Mumbai,
manufacturer Vulnerability Assessment Computer: 1237, Tarapur,
company of India (End Point, Server, Network, Servers: 15, Daman,
Firewall, Routers, Switches, E- Switches: 138, Silvassa,
Project Value : mail, Website, Web Firewall: 16, Amravati&
NA Application, Wi-Fi: 29, Bhiwandi
Mobile Application, Software, Web application: 01,
Back-up, CCTV etc.) DVR: 36,
3. Penetration Testing Cameras: 413
4. Exploitation of
Vulnerabilities
In the System and Networks).
5. Detailed Documented IT
Security
Audit Report and Actionable
Items etc.
(Top Critical Vulnerability, End
Point Security, Server Related
Vulnerability, Network,
Internet and Wireless Security.
6. Web Application Software
Security
7. Physical Access Control and
Security
8.Conceptual Guidance
( IT Security Standards and
Controls etc.)
9. Information Security
Training
and Awareness.
7. A prominent Formulation of IT Security Formulation of Mumbai
Principal Policies following IT
Investment Security Policies:
Organization 1. Identification,
Asset
Project Value : Management
NA & Disposal
,Acceptable
Use
(including
Software)
Policy
2. E-Mail,
Informatio
n Transfer
& Social
Media
Policy
3. HR Policy
4. Business
Continuity
and
Backup
Policy
5. Clear
Screen &
Clear Desk
Policy
6. Network,
Internet,
Wi-Fi, LAN,
Access
Control,
Server
Room &
Log Policy
7. Data
Security
and
Cryptograp
hy Policy
(including
Data
Centers)
8. Privacy
Policy (Non
Disclosure
with third
parties)
9. CCTV
Policy
10. Password
Policy
11. Mobile
device and
Teleworkin
g

8. A leading 1.Gap Analysis and Review of Documented Mumbai

Polyester Existing Policies Audit Report as
company in India 2. Risk Assessment and per Scope of work
Vulnerability Assessment (End of :
Point, Server, Network, Total no. of End
Firewall, Point Computers
Routers, Switches, E-mail, :67
Website, Web Application, Servers: 04
Mobile Firewall:01
Application, Software, Back-up, Switches: 03
CCTV etc.) Web application:
3. Penetration Testing 01
4. Exploitation of Wi-Fi :03
Vulnerabilities CCTV-DVR:
( In the System and 09-01
Networks).
5. Detailed Documented IT
Security
Audit Report and Actionable
Items etc.( Top Critical
Vulnerability, End Point
Security,
Server Related Vulnerability,
Network, Internet and Wireless
Security.
6. Web Application Software
Security
7. Physical Access Control and
Security
8. Conceptual Guidance( IT
Security Standards and
Controls
etc.)
9. Information Security
Training
and Awareness
9. IT Security Audit Vulnerability assessment and ----------- Jaipur
of Typing penetration Testing, Manual &
Software tool based audit, flow of the
Functionality& application & other technical
IT security observations
guidelines to be
followed during
Online
Examination /
Computer Based
Assessment

Project Value:
NA

10. Online 1. Physical / Logical Security Documented Jaipur

Examination of the online examination Audit Report as
Security Audit system per Scope of work
2. Vulnerability Assessment of :
Project Value : and Penetration Testing Total no. of End
NA End Point, Server, Point Computers
Network, Firewall, :5270
Routers, Switches, E-mail,
Website, Web Application,
Mobile Application,
Software, Back-up, CCTV
etc.)
3. Exploitation of
VulnerabilitiesIn the
System and Networks.

11. Online Cyber Security Audit of Documented Ajmer

Examination Evalution Centers Audit Report as (Four
&Evalution Audit (Physical & Logical per Scope of work Centers)
of Public Service Security) of :
Commission Total no. of End
Point Computers
:185
Servers: 04
CCTV-DVR:
24-04
12. Online Cyber Security Audit of Documented Jaipur &
Examination Evalution Centers Audit Report as Jodhpur
&Evalution Cyber per Scope of work
SecurityAudit of of :
Public Service Total no. of End
Commission Point Computers
:91
Servers: 02
CCTV-DVR:
18-02

13. Vulnerability Vulnerability assessment and IT Security Audit Jaipur

Assessment & penetration testing of online Report of
Penetration examination software on four Examination
Testing of Online different operating system Software
Examination (Win-10, Win 8, Win 7 & Win –
Software XP )

14. A leading multi Communication Security Documented Jaipur

Metallurgy Testing, Audit Report as
Company of Vulnerability assessment and per Scope of work
Rajasthan penetration testing of web of :
application, ERP etc. Total no. of End
Point Computers
:64
Servers: 05
Firewall:01
Web Application
:1
Wi-Fi :02

15. One of growing Formulation of IT Security Formulation of Mumbai

TyreIndustry of Policies following IT
India Security Policies:
1. Identification
Project Value : , Asset
NA Management
& Disposal
,Acceptable
Use
(including
Software)
Policy
2. E-Mail,
Information
Transfer &
Social Media
Policy
3. HR Policy
4. Business
Continuity
and Backup
Policy
5. Clear Screen
& Clear Desk
Policy
6. Network,
Internet, Wi-
Fi, LAN,
Access
Control,
Server Room
& Log
Policy
7. Data
Security and
Cryptograph
y Policy
(including
Data
Centers)
8. Privacy
Policy (Non
Disclosure
with third
parties)
9. CCTV Policy
10. Password
Policy
11. Mobile
device and
Teleworking

16. One of leading 1.Gap Analysis and Review of Documented Jaipur

Engineering and Existing Policies Audit Report as
Professional 2. Risk Assessment and per Scope of work
Education Vulnerability Assessment (End of :
Institute of Point, Server, Network, Total no. of End
Rajasthan Firewall, Point Computers
Routers, Switches, E-mail, :2136
Website, Web Application, Servers: 04
Mobile Firewall:02
Application, Software, Back-up, Switches: 148
CCTV etc.) Wi-Fi :03
3. Penetration Testing CCTV-DVR:
4. Exploitation of 197-17
Vulnerabilities
( In the System and
Networks).
5. Detailed Documented IT
Security
Audit Report and Actionable
Items etc.( Top Critical
Vulnerability, End Point
Security,
Server Related Vulnerability,
Network, Internet and Wireless
Security.
6. Web Application Software
Security
7. Physical Access Control and
Security
8. Conceptual Guidance( IT
Security Standards and
Controls
etc.)
9. Information Security
Training
and Awareness

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

S.No Name of Tool Purpose of Tool

Nessus
1. A remote security scanning tool
Professional
2. Burp Suite Web Vulnerability Scanner
3. Acunetix Web application security Tool
4.
Free PC Audit System, hardware and software information tool.
A debian based Linux distribution designed for digital forensics and
penetration testing. It Contains tools for information gathering,
Vulnerability Analysis: Network, Web applications etc. ,
5. Kali Linux
Exploitation tools, Wireless attack , Forensics, Web application
analysis, Sniffing & Spoofing, Password Attack, Maintaining Access,
Hardware Hacking, Reverse Engineering etc.
6. Backtrack 5 R3 Old Distribution of Kali Linux
Ubuntu based Operating Systems developed for penetration
7. Backbox Linux
testing and security assessment
Light weighted Linux Operating System for Digital Evidence &
8. DEFT Linux
Forensics
Network Security Scanner, Port Scanner & Network Exploration
9. Nmap
Tool
Network Packet Analyzer used for network troubleshooting, packet
10. Wireshark
capturing and analysis
Microsoft
Security Used to verify necessary security checks patch compliance for
11. Baseline Windows operating system, Internet Information System (IIS) and
Analyzer SQL Server
(MBSA)
12. Super Scan Network Port Scanning Tool
13. OWASP- ZAP Web application security scanner
OWASP Mantra
14. Security a collection of hacking tools, add-ons and scripts based on Firefox
Framework
15. Metasploit Penetration testing tool to find, exploit, and validate vulnerabilities
16. Aircrack-ng A complete suite of tools to assess Wi-Fi network security
17. Ettercap Tool for man in the middle attacks
Cisco OCS Mass
18. scanning, fingerprinting and exploitation tool
Scanner
19. W3af web application security scanner
20. Wikto web server scanner
21. Airmagnet Wireless Network Monitoring and WiFi Troubleshooting
22. Paros web proxy to web application vulnerability
Audits the security of network devices such as switches, routers,
23. Nipper
and firewalls
A computer networking utility for reading from and writing to
24. Netcat
network connections using TCP or UDP
25. Cain & Abel A password recovery tool
26. Mobisec Mobile Application Security framework
27. SQLMAP SQL injection Vulnerability exploiting tool
28. DNSenum DNS enumeration tool
29. Knockpy Subdomain enumeration tool
Web technologies including content management systems (CMS)
30. whatweb
identification tool
A DNS meta-query spider that enumerates DNS records, and sub
31. Subbrute
domains
32. Recon-ng Web Reconnaissance framework
33. enum4linux Enumerating information from Windows and Samba systems.
Bowser Add-ons
34. Mozilla Firefox and Google chrome browser based add-on
/ extensions
Social
35. Engineering Tools for Social-Engineering attacks
Tool Kit
36. WinHEX Universal hex editor for forensics & data recovery applications
Android
37. Android devices Simulation
Emulator
Java De-
38. Decompiler for the Java programming language
compiler
39. APK Inspector Android applications analysis tool
40. APK Analyzer Android applications analysis tool
41. Cydia impactor iOS applications analysis tool
42. Brutus Password Cracking tool
43. Fiddler HTTP debugging proxy server application
44. Skipfish web application security reconnaissance tool
45. Cmsexplorer Web Security Testing
46. Joomscan Joomla Vulnerability Scanner
Software library for the Transport Layer Security (TLS) and Secure
47. Openssl
Sockets Layer (SSL) protocol
multi threaded java application to brute force directories and files
48. Dirbuster
names on web/application servers
a command line tool to transfer data to or from a server, using any
49. Curl of the supported protocols (HTTP, FTP, IMAP, POP3, SCP, SFTP,
SMTP, TFTP, TELNET, LDAP or FILE)
50. Tcpdump command-line packet analyzer
51. Fimap Local file inclusion (LFI) and Remote file inclusion (RFI) exploitation
tool
52. SwfScan Vulnerability scanner for flash file based application
54. Ssltest SSL/TLS and PKI testing tool
55. Hping a command-line oriented TCP/IP packet assembler/analyzer
56. Scapy a packet manipulation tool for computer networks
digital forensics, intrusion detection or security monitoring
57. Loki
tool
a fuzzing penetration testing tool for HTTP SOAP(Simple Object
58. Wsfuzzer
Access Protocol ) based web services
59. App Scan web security testing and monitoring tool
60. Pwdump Password cracking tool
Network intrusion detection system (NIDS) software for Linux and
61. Snort
Windows
62. WebScarab Web application security testing tool
63. Whisker CGI scanner
Helix
64. Digital forensics tool
(Forensics)
Browser extension for Mozilla Firefox that facilitated the live
65. FireBug debugging, editing, and monitoring of any website's CSS, HTML,
DOM, XHR, and JavaScript
66. NStalker Web Application Security Scanner
67. Snmp Walk A command-line tool to collect SNMP data
68. Santoku Linux based Mobile Forensics tool
69. IronWASP Web application vulnerability testing tool
70. Bile-Suite Bi-directional Link Extractor
71. Maltego Information gathering tool
72. SEAT Search Engine Assessment Tool
73. Achilles web application security testing tool
74. Sandcat Penetration Testing Browser
75. Pixy Vulnerability Scanner for PHP Applications
76. OWASP CLASP Principle or a set of principles for application level security project
77. Firecat A network penetration testing tool fo reverse TCP tunnels
78. SAINT Penetration Testing tools
79. Inguma Penetration Testing &vulnerability discovery toolkit
80. SARA Microsoft Support and Recovery Assistant (SaRA)
81. SQL Ninja A SQL Server Injection & takeover tool
a newer version of the pwdump tool for extracting NTLM and LM
82. Fgdump
password hashes from Windows.
83. Medusa Password cracking tool
84. Wapiti Web Vulnerability Scanner
85. Havij SQL Injection Vulnerability tool
Password Cracking Tool, a parallelized login cracker which
86. Hydra
supports numerous protocols
87. Httprint Web server fingerprinting tool
88. GrendeIscan web application security testing tool
a command-line network packet crafting and injection utility for
89. Nemesis
UNIX-like and Windows systems
90. Crowbar Password Cracking (Brute force) tool
OpenVAS
(Open
91. Vulnerability A full-featured vulnerability scanner
Assessment
System)
a graphical cyber attack management tool for the Metasploit
92. Armitage
Project that visualizes targets and recommends exploit
93. Dirb For directory listing
Temper Data
94. Browser Extension for temper data
Extension
95. Wafwoof For firewall detection
96. Vega Web vulnerability scanner
DR CBS In-
97. house tools & Tools & scripts for vulnerability assessment and penetration testing
Scripts
98. LanSweeper IT Asset Management Software

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

Information as provided by Dr CBS Cyber Security Services LLP on 1 July 2021

Back
Snapshot of skills and competence of CERT-In empanelled

Information Security Auditing Organisation

M/s FIS Global Business Solutions India Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization :

FIS Global Business Solutions India Pvt. Ltd.

402, I Park, Plot No. 15,
Phase IV, Gurugram,
Haryana 122016

2. Carrying out Information Security Audits since : 2011

3. Capability to audit , category wise (add more if required)

• Network security audit YES

• Web-application security audit YES
• Wireless security audit YES
• Compliance audits (ISO 27001, PCI, etc.) NO
• Red Teaming YES
• Mobile application security YES
• Cloud security YES
• Penetration Testing and Vulnerability Assessment YES

4. Information Security Audits carried out in last 12 Months :

Govt. : - Nil -
PSU : - Nil -
Private : 100+
Total Nos. of Information Security Audits done : 100+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 20+

Web-application security audit : 100+
Mobile Security Testing : 10+
Wireless security audit : -Nil-
Compliance audits (ISO 27001, PCI, etc.) : -Nil-

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 LAs : 5
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:
OSCP 2
ECSA 1
OSWP 1
CPTE 1
CEH 9
CHFI 1
GPEN 1
Fortify SCA 1
CPISI 1
eCPPT 7
eWAPTX 2
eMAPT 1
eWPT 13
eJPT 5
RHCE 1
RHSA 1

Total Nos. of Technical Personnel : 20+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related to Information

No. Employee FIS Information security
Security
M.C.A, B.C.A, A Level,OSCP, CPTE, OSWP,
Jatin Jain 7.5 Years 9.5 Years
1 CEH, CPISI, ISO 27001
B.Tech- CSE (Computer science
5 Year, 9
Ravinder Kumar 9 Year, 3 Months Engineering),CEH, ECSA-v9, OSCP, ISO
Months
2 27001 LA, eWPT
3 Jay Shah 8 Year 10+ Year B.Tech, ISO 27001 LA, eCPPTv2
B.E. - EEE (Electrical and Electronics
EngineerM.Tech - CSIR (Cyber Security
Komal Nayi 3Year, 4 Year, 6 Months
and Incident Response) ISO 27001, CEH,
4 eMAPT, eJPT
1Year, 9 B.Tech Computer Science & Engineering,
Sumit Gupta 4Year, Months
5 Months eWPTXv1
2 Year, 4
Manish Gupta 3 Year 6 Month B.C.A, eWPT, eCPPTv2
6 Month
2 Year, 4 B.Tech- Electrical and Electronics, CEH,
Ruchika Berry 4 Year, 5 Months
7 Months eWAPT.
1 Year, 7
Rahul Sambiyal 3 Year, 5 Months BCA, MCA, eCPPTv2
8 Months
2 year, 11
Saurav Bhatt 6 Year BCA
9 months
5 Year, 6
Arpit Arora 5 Year, 6 Months B-Tech (EC), eWPT
10 Months
Karthick
7 Year 10 Year B.E CSE, CEH, GPEN, ISO 270001,eCPPTv2
11 Perumal
2 Year, 5 5 Year, 11
Shipra Verma B-Tech CSE, eWPT
12 Months Months
13 Priyanka Gupta 3 year 5 Year, 3 Months Bachelor of Engineering (B.E), eJPT, eWPT
2 Year, 5
Jayaraman M 5 Year, 6 Months B-Tech/ECE
14 Months
2 Year,
Rishi Sharma 3 Year, 10 Month M.Tech CSE
15 Months10
H R Vishwas 1 Year, 2
3Year,1 Months B.E in CSE: CEH, CHFI, ISO 27001:2013
16 Rao Months
1 year, 7
Hari Prasad 5 Year, 7 Months B-Tech
17 Months
1 Year, 5
Litty Antony 3 Years CEH v10, eWPT
18 Months
1 Year, 5
Akash Teotia 1 Year, 5 Months BCA, eWPT
19 Months
Mayank 1 Year, 5
1 Year, 5 months BSC, eWPTXv1
20 Chandelkar Months
2 Year, 9
Ankit Rawat 5 Year, 4 Months eCPPTv2
21 Months

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Due to non-disclosure agreement with Client / Customer / Business sharing

partial/full information is/are restricted to disclosure.

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary): Burp Suite
• Nmap Scan
• SQL Map
• Mass scanner
• Superscan
• Kali Linux
• Metasploit Framework, Netcat , BeEf
• Wireshark – Packet Analyser
• Tamper Data
• Directory Buster
• Nikto
• Ettercap
• Paros Proxy
• Webscarab
• Brutus
• Custom Scripts and tools
• OWASP Xenotix
• Browser Addons
• Echo Mirage
• Paros Proxy
• Fiddler Proxy
• Angry IP Scanner
• Aircrack
• Kismet
• WinHex
• Proccess Monitor
• WP-Scanner
• IBM App Scan
• Fridump
• ProxyDroid
• APKTool
• ClassDump and 100+ others

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes

FIS has its presence in more than 200 geographical locations spread across globally.
The company is headquartered in Jacksonville, Florida in the USA and multiple products
and services are being offered from outside India to meet the client requirements.
The services are being offered from the USA, UK, Australasia, European region,
Philippines to name a few.

12. Whether organization is a subsidiary of any foreign based organization? : Yes

If yes, give details

Fidelity National Information Services, Inc

13. Locations of Overseas Headquarters/Offices, if any : Yes

The company is headquartered in 601 Riverside Ave Jacksonville, Florida in the USA

*Information as provided by FIS Global Business Solutions India Pvt. Ltd. on January 4, 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s GRM Technologies Private Limited.

1. Name & location of the empanelled Information Security Auditing Organisation:

GRM Technologies Private Limited.

Registered address: 2/127 Mani Sethupattu, Sriperumbudur Taluk, Kancheepuram District,

Tamil Nadu, 601 301 India

Corporate address: No-9, 2nd floor, Shoba Homes, West Tambaram, Chennai, Tamil Nadu-
600045.India

2. Carrying out Information Security Audits since : 2013

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) - Yes

• Web-application security audit (Y/N) - Yes
• Wireless security audit (Y/N) - Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) - Yes
• Web server security audit(Y/N) - Yes
• Mobile application security audit(Y/N) - Yes
• Secure code review(Y/N) - Yes
• Secure SDLC review(Y/N) - Yes
• ERP Audit(Y/N) - Yes
• Payment Gateway audit (Y/N) - Yes
• Cloud Security Assessment(Y/N) - Yes
• Technical risk assessment(Y/N) - Yes
• Privacy assessment(Y/N) - Yes
• Physical Access Controls & Security testing - Yes
• Business Continuity Planning / Disaster Recovery Audit (Y/N) - Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : NIL
PSU : 2
Private : 20
Total Nos. of Information Security Audits done : 22

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 16+

Web-application security audit : 45+
Mobile-application Security audit : 24+
Wireless security audit : 12+
Application Threat Modeling : 2
Compliance audits (ISO 27001, PCI, SOC 2 etc.) : 8+

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 1
BS7799 / ISO27001 LAs : 8
CISAs : 5
MTech (Information Security) : 1
M.Sc. (Information Security) : 2
CEH’s : 4
OSCP : 2
CISM : 1
CDPSE : 1
CRISC : 1
CHFI : 2
ECSA : 2
PCIDSS : 1
GDPR : 4
CSA : 3
Total Nos. of Technical Personnel : 14

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. No. Name of Duration with GRM Experience in Qualifications related to

Employee Technologies Information Information security
Security
1 Babu G 3 Years 15 Years CISA, CDPSE, ISO 27001:2013 LA,
BS 10012:2017(GDPR),OSCP,ISO
22301,COBIT,ITIL v3, CEH,
ECSA,CHFI,MCSE,CCNA,PCI-DSS
Implementation,.
2 Ramesh G 8 Years 11 Years M.Sc. in Information Security, ITIL
v3, CEH, CHFI, SANS Advanced
Network Forensics and Analysis,
SANS Advanced Security
Essentials Enterprise Defender,
GIAC Certified Pen tester, GCIH.
3 Ilanko S 3 Years 12 Years M.Tech in Information
Security, CISA,CISM, OSCP,
ECSA,ITIL v3,CCCSP from CDAC
4 Poobitha R 6 Years 12 Years CEH, ISO 27001:2013 LA.
5 Sujatha K 1 Year 20 Years CISA, CISSP, ISO 27001:2013 LA
6 Indira G 2.5 Years 2.5 Years CISA, CRISC, ISO 27001 LI and
ISO 27001 LI,Risk Management,
PCIDSS, BS 10012:2017(GDPR),
7 Ashok 3 Years 3 Years ISO 27001:2013 LA, CEH, BS
Kumar 10012:2017(GDPR), CSA, NSE-1,
NSE-2, NSE-3, CSCU.
8 Shanmukh 2.5 Years 2.5 Years ISO 27001:2013 LA, BS
Reddy 10012:2017(GDPR), CSA, NSE-1,
NSE-2, NSE-3, Advanced
Penetration testing with Linux,
CSCU.
9 Prasana 1.5 Years 1.5 Years ISO 27001:2013 LA, NSE-1, NSE-
Devi 2, NSE-3, CSCU.
10 Shahana 1.5 Years 1 Year M. Sc Information Security and
Shaji Digital Forensics, CSA, ISO
27001:2013 LA,NSE-1, NSE-2,
NSE-3, CSCU
11 Vinothini P 2 months 2 months NSE-1, NSE-2, NSE-3, Advanced
Penetration testing with Linux.
12 Umesh B 1 months 1 month -
13 AmbikaG 2 months 2 months -
14 Deebika S 2 months 2 months M.Sc. Software Systems

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

1. Leading Supply GRM Technologies have examined client’s

Chain Management Information Security Controls and Client services
Service Provider controls related system as of date and throughout
the period and the suitability of the design and
2. Leading Mobility operating effectiveness of client’s controls to
Project Value <80
Platform to support achieve the related control objectives.
Lakhs
retail execution,
direct store delivery Control areas covered are
and distribution
management in a 1. Design, Implementation and Operating
unified system Effectiveness ofISO 27001, PCI-DSS,
SSAE 18 SOC 2, GDPR
3. A world leader in 2. Quarterly Internal Audit
3. Internal Vulnerability Assessment and
Conversational AI Penetration Testing
4. External Vulnerability Assessment and
Penetration Testing
5. Web Application Security Assessments
6. Mobile Application Security Assessments.
7. Secure code review.
8. Application Threat Modelling
9. Secure SDLC
10. Technical risk assessment
11. Configuration Review
12. Access Control Review
13. Firewall Rule Review
14. Secure Architecture Review Application and
Network
15. Information Security Awareness
16. Database and server configuration audit.
17. Periodic Publications of Security Emailers
18. Training Department heads on Information
security
19. Review of Information Security Policies and
Procedures
20. BCP / DR Simulation Exercise
21. Review of Secure Software Development
Life Cycle process
22. Data Privacy (GDPR)
23. External Audits

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):

Freeware Commercial

1. Arachni 18. Tcpdump 1. Acunetix

2. OWASP ZAP 19. Fimap 2. Burpsuite Professional
3. Nmap 20. SwfScan 3. Nessus
4. Nikto 21. Hydra 4. Netsparker
5. Netcat 22. John the Ripper 5. Splunk
6. W3af 23. Ssltest 6. Nipper
7. Wapiti 24. Sslstrip 7. FortiSIEM
8. Sqlmap 25. Cain and Abel 8. SOAR D3
9. Zapproxy 26. Brutus 9. Cynet
10. Skipfish 27. Airmon -ng 10. Veracode
11. Backtrack , Kali 28. Hping
12. Openssl 29. Scapy
13. Dirbuster 30. wsfuzzer
14. Wireshark 31. Firefox Extensions
15. Loki 32. Cookie editor
16. Httprint 33. Winhex
17. Curl 34. Paros Proxy

10. Outsourcing of Project to External Information Security Auditors / Experts : -No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : -No

12. Whether organization is a subsidiary of any foreign based organisation? : - No

If yes, give details
13. Locations of Overseas Headquarters/Offices, if any: Yes/No -No

*Information as provided by GRM Technologies Private Limited on 29th December 2020.

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s ANB Solutions Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

ANB Solutions Pvt. Ltd.

901, Kamla Executive Park, Off Andheri-Kurla Road,
J. B. Nagar, Andheri East, Mumbai 400 059

2. Carrying out Information Security Audits since : 2009

3. Capability to audit , category wise (add more if required)

4. Information Security Audits carried out in last 12 Months :

Govt. : 5
PSU : 1
Private : 130+
Total Nos. of Information Security Audits done : 114+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 7

Web-application security audit : 23+
Wireless security audit : 1
Compliance audits (ISO 27001, PCI, IT Act, UIDAI etc.) : 8+
Cyber Security Audit : 30
Information Security Audit : 68+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : 1
ICS/OT Audits:NIL
Cloud security Audits :1

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 1
BS7799 / ISO27001 Las : 20
CISAs : 17
DISAs / ISAs :2
CEH :9
ISO22301 IA :9
Total Nos. of Technical Personnel : more than 30

7. Details of technical manpower deployed for information security audaits in Government and
Critical sector organizations (attach Annexure if required)
Refer Annexure

Sr. Name of Employee Duration Experience in Qualifications

No. with ANB Information related to
Security Information security
1 NirmaVarma 16 years Yes • CISA
• CDPSE
• BS7799LA
2 PreetiRaut 11 years Yes • CISA
• CDPSE
• ISO 27001 LA
• ISO 22301 IA
• CISA
3 VasudhaSawant 13.7 years Yes • CDPSE
• ISO 22301 IA
• CISA
4 RashmiMaydeo 14.8 years Yes • CDPSE
• CISSP
• ISO 27001 LA
• ISO 22301 IA
5 Pradeep Patil 5 years Yes • CISA
• ISO 27001 LA
6 Vinit Shah 6 years Yes • CISA (Associate)
• DISA
• CISM

• CDPSE
• ISO 27001 LA
• CRISC
• ITIL v4_2212
• CISA (Associate)
7 Pranay Shah 6 years Yes • ISO 22301 IA
• ISO 27001 LA
8 Vaibhav Gandhi 2.5 Years Yes • CISA
• DISA
• ISO 27001 LA
· CEH
• CISA
9 Kunal Mehta 3 Years Yes • ISO 27001 LA
• CDPSE
10 Kapil Shah 2.2 Years Yes · CEH
• CDPSE
• ISO 27001
11 NehaChandak 2 Years Yes • ISO27001:2013 LA
• CISA
12 Aditeekarnik 2 Years Yes • ISO 22301:2012
• ISO 27001:2013
13 Amit Mittal 2.3 Years Yes • CISA
• ISO27001:2013 LA
• ISO22301:2012 LA
• CDPSE
14 PriyankaPurecha 2.5 Years Yes • CISA
• ISO 27001 LA
• CCNA
15 RemellaSuman 9 years Yes • ISO 27001:2013
LA
• ISO 22301 : 2012
16 SafinaShaikh 1.11 Years Yes • CISA

17 SampoornaNagamalli 15 years Yes • ISO27001:2013 LA

• ISO 27001 LA
18 HarshadMahajan 9.1 years Yes
19 GauravPandey 6 years Yes • ISO27001:2013 LA
20 Rutulbagadia 6 Months Yes • CISA
· CEH
21 TusharMuralidharKajale 2 Years Yes
22 Halashankara k 1.3 Years Yes · CEH
23 Sivarama Krishna Pampana 1.3 Years Yes · CEH
24 Nikita Parmar 10 Months Yes · CEH
25 PradeepPatil 5 Years Yes • CISA
• ISO/IEC
26 Swastika R. Dalvi 6 Years Yes 27001:2005
• ISO 22301:2012
BCMS
27 Pooja Vijay Goshimath 2 years Yes · ISO 27001:2013
· ISO 22301:2012
28 SwapnilBhide Yes · CEH
29 RiteshChandraprakashAsthana Yes · CEH
· ISO 27001 LA
30 Ashish Gupta 3.4 Years Yes
• CDPSE
· CISA
· CISA
31 Dunger Singh Rajpurohit 3.4 Years Yes · ECSA v10

32 TejasNimavat 2 year Yes

33 SreekanthAbburi 1.5 Years Yes · CEH
· ECSA
• CCNA

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

1. For one of the largest private banks in India conducted:

• Vulnerability assessments for more than 1000 system (operating systems,
databases, network devices)
• Internal assessment for more than 20 web banking applications
• Hardening review of more than 5000 systems (operating systems, databases,
network devices)
• PROJECT VALUE: RS. 1 CRORE

2. Forone of the government owned information technology company in India conducted:

• NMS (Network Management System) Audit
• Inventory Audit
• SLA Monitoring Audit
• Security Audit of various networks.
• Vulnerability assessment & penetration testing on the identified components
• Reviewing configuration of network components such as router, firewall, IDS, proxy
server, NMS, HDMS etc.
• Physical and Environmental verification.
• Operations and Management Process and Control Audit
• PROJECT VALUE: RS. 7 CRORE

3. For a department of government of South Africa performed:

• Establishing IS Policy & Procedures
• Review and Establishing Cyber Security Framework
• Vulnerability Assessment and Penetration Testing
• Detailed Security Configuration Review of entire IT Infrastructure
• PROJECT VALUE: RS. 1 CRORE

4. For one of the renowned commodity exchange in India performed:

• Application Security Audit for 5 applications
• IT General Control and Datacenter operations Audit
• Vulnerability assessment of 200+ system and Penetration Testing for 12 websites
• Business Continuity and Disaster Recovery Review

5. For some of the largest telecom companies in India conducted:

• Core Telecom Network and IT security for datacenter and applications
• Compliance to IT Act
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

SN Type of Tool Tool Name

1 Freeware • Nmap
• Snmp Walk
• Metasploit
• Cookie Editor
• Echo Mirage
• Winhex
• Kali Linux Framework
• Wireshark
• APK Analyser
• SQLMAP
• Dirbuster
• OWASPZAP
• W3AF
• MobSF
2 Commercial • Nessus Professional
• Burp Suite Professional
• ARSIM
• Lansweeper - License Compliance Auditing Software
3 Proprietary • Scripts for Oracle, Linux, AIX, Solaris, Windows

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by ANB Solutions Pvt. Ltd. on 28th June 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s BDO India LLP

1. Name & location of the empanelled Information Security Auditing Organization :

BDO India LLP

Mumbai, National Capital Region (NCR),
Bengaluru, Chennai, Hyderabad, Kolkata, Pune

2. Carrying out Information Security Audits since : 2013

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
• Cyber Forensics : Yes
• Mobile security audit : Yes
• Secure SDLC review : Yes
• Secure Code review : Yes
• Vulnerability Assessment and Penetration Testing (VAPT) : Yes
• Business Continuity Planning / Disaster Recovery Audit : Yes
• Cloud security and application audits : Yes
• Red Teaming : Yes
• Social Engineering Assessment / Phishing Simulation : Yes
• Operational Technology (OT) [SCADA] Audits : Yes
• IT General controls and Application controls audit : Yes

4. Information Security Audits carried out in last 12 Months :

• Govt. : 15+
• PSU : 10+
• Private : 50+
• Total Nos. of Information Security Audits done : 75+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

• Network security audit : 22

• Web-application security audit : 41
• Wireless security audit : 10
• Compliance audits (ISO 27001, PCI, etc.) : 26
• IT General controls and Application controls audit : 14
• Mobile security audit : 15
• Secure SDLC review : 03
• Secure Code review : 05
• Vulnerability Assessment and Penetration Testing (VAPT) : 30
• Business Continuity Planning / Disaster Recovery Audit : 04
• Cloud security and application audits : 08
• Red Teaming : 05
• Social Engineering Assessment / Phishing Simulation : 04
• Operational Technology (OT) [SCADA] Audits : 02
• Cyber Forensics : 07

6. Technical manpower deployed for informationsecurity audits :

• CISSPs : 2
• BS7799 / ISO27001 LAs : 22
• CISAs : 4
• DISAs / ISAs : 3
• Any other information security qualification:
o OSCP : 5
o CEH : 12
o CBCP : 1
o CHFI : 1
o CISEH : 4
o CPTE : 3
o CIPT : 1
o CCNA : 4
o CCNP : 2
o CCIE : 1
o CISC : 1
o ITIL : 2
o OSWP : 1
o ECES : 1
o SLAE : 1
o ECSA : 2
• Total Nos. of Technical Personnel : 32

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Experience
Duration
S. in Qualifications related to
Name of Employee with BDO
No. Information Information security
India LLP
Security

1. Mubin Shaikh 1 year 20 years CISA, CISSP, CBCP, ITIL

2. Saumil Shah 2 year 20 years CA, CISA

ISO 27001: 2019 LA, ISO

3. Virendra Singhi 1 year 5 years
31000:2018

OSCP, OSWP, CEH, ECES,

4. Nipun Jaswal 1 year 10 years
ITIL, SLAE
ISO 27001:2013 LA, ISO
5. Saurabh Mehendale 2 years 9 years 9001:2015 LA, ISO
27701:2019, CISA, CEH, CHFI,

6. Nivesh Singh 1year 4 years ISO 27001:2013 LA, OSCP

7. Vibhav Dudeja 7 months 3.5 years OSCP

8. Nikhil Joshi 1 year 8 years CCNA, CCNP

ISO 27001:2013 LA, CEH,

9. Abhijeet Barve 2 years 7 Years
CCNA

10. Rohit Date 9 months 2 years OSCP

11. Salman Syed 1 year 1 year OSCP, CEH

12. Prashant Kate 1 year 16 years CEH, ECSA, CHFI & ITIL

CCNA, CCNP, MCSA, ISO

13. Surajit Pal 3 months 14 years
27001, AWS Cloud Architect

14. KarthikeyanChandrasekar 1.5 Years 7 Years ISO 27001:2013 LA, C-Star

ITIL, ISO 20000 & ISO 27001

15. Kalpesh Mehta 2 Years 11 Years
LA

16. Anurag Kumar 9 months 5 Years ISO 27001 LA

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

1. Engagement Details - Cyber Security Advisory services for the IT Software&

Services Multi-national Company. Our engagement covered following various
activities:
1. Gap Assessment
2. IT Governance Audit
3. ISO 27001: 2013 Implementation
4. External IPs Penetration Testing
5. Web Application Security Testing
6. Source Code Review
7. Configuration assessment
8. Architecture Review
9. Firewall Ruleset review
10. Deep Web & Dark Web Scanning
11. Red Teaming Exercise
12. SDLC Process & Procedure
13. Incident Management Table-Top Exercise

2. Engagement Value: Confidential

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

NessusProfessional Airmon-ng CainandAbel Havij Zapproxy JohntheRipper

BurpSuite Arachni CSRFTester HOIC Paros KaliLinux
Splunk Backtrack Curl Hping W3af Loki
Metasploit Brutus Dirbuster Httprint Wapiti ProxyTool
Netcat OpenVas Fimap Hydra Sslstrip THCSSL
Wireshark Nikto Scapy SwfScan Ssltest Sqlmap
wsfuzzer Nmap Skipfish Tcpdump OWASPZAP Openssl

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by BDO INDIA LLPon 8th April 2021.

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Ernst & Young LLP

1. Name & location of the empanelled Information Security Auditing Organization:

Ernst & Young LLP

Address: 14th Floor, The Ruby 29, Senapati Bapat Marg Dadar (West)
Mumbai, Maharashtra – 400028

2. Carrying out Information Security Audits since : 2001

3. Capability to audit , category wise (add more if required)

• Network security audit : Y

• Web-application security audit : Y
• Wireless security audit : Y
• Compliance audits (ISO 27001, PCI, etc.) : Y
• Mobile Application Security audit : Y
• Secure configuration audit (Server, Firewall, etc.) : Y
• Source Code Review : Y

4. Information Security Audits carried out in last 12 Months :

Govt. : 30+
PSU : 20+
Private : 100+

Total Nos. of Information Security Audits done : 150+

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

• Network security audit : 50+

• Web-application security audit : 50+
• Wireless security audit : 20+
• Compliance audits (ISO 27001, PCI, etc.) : 20+
• Mobile Application Security audit : 20+
• Secure configuration audit (Server, Firewall, etc.) : 10+
• Source Code Review : 10+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 5+
BS7799 / ISO27001 LAs : 50+
CISAs : 10+
DISAs / ISAs : NA
Any other information security qualification : 100+

(OSCP, CEH, CISM, DCPP,SANS, OSWP etc.)

Total Nos. of Technical Personnel : 400+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related

No. Employee Ernst &Young Information Security to Information security
LLP
1 Burgess S Cooper 5+ 20+ CISA, CISM, CGEIT,
CIPP, CISSP
2 Vidur Gupta 6+ 19+ CRISC, CISM, CISA,
Certificate of Business
Continuity Institute
(CBCI), DSCI Certified
Privacy Lead Assessor
(DCPLA)
3 Kartik Shinde 10+ 20+ CEH,CISSP, GCFW-
SANS Institute
4 Rajesh Kumar D 14+ 20+ CRTP (Pentester
Academy)
5 10+ 14+ CISA, ISO 27001 LA,
Navin Kaul BS25999, CEH,
SABSA, TOGAF9.0
6 6+ 10+ CISA, ISO 27001 LA,
Dhairya Giri ISO2000O LI, CIPR,
ISO 9000
7 2+ 15+ CPenT, LPT Masters,
CEH
Masters, CHFI, ECSA,
CTIA, ECIH, CASE,
CND,
Rapid7 Certified
Vadivelan Sankar Nexpose
Administrator,
Certified
Secure Programmer
(.net
& Java) , ISO
27001:2013
Lead Auditor,
8 6+ 10+ OSCP,OSWP ,CEH
RHCE (Red Hat
Certified
Girish Nemade Engineer ), OCA
(Oracle
Certified Associate)
ISO 27001 Certified
9 2+ 7+ CEH, CCSE, Security
and
Privacy by Design
Arvind Singh Practitioner, Enterprise
Design Thinking
Practitioner,
IBM QRadar SIEM
Foundations
10 Rahul Singh 3+ 6+ CISE, ECSA, ISO
27001 LeadAuditor
11 3+ 7+ CEH, ECSA, ITIL,
Raghav Bisht CASP+,
COBIT5, CPTE, CPTC

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

The client is managing the indirect taxation platform for GST to help taxpayers in India. EY is
service provider for Business/ IT controls Assessment and Governance, Risk, Compliance (GRC)
forthe IT Ecosystem.

Project Value : INR10 Cr+

9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

Commercial

• Acunetix,
• Burp,
• Nessus
• AppScan
• IP 360
• Checkmarks

Open source/Freeware tools

• BackTrack,
• Kali Linux,
• SQLMap,
• nmap
• Wireshark

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : NA

12. Whether organization is a subsidiary of any foreign based organization? : No

Ernst & Young LLP is separate entity registered in India with Registrar of Companies under Ministry
of CorporateAffairs. EY’s Global Headquarter is in London.

Address
25 Churchill Place
Canary Wharf
E14 5EY London

13. Locations of Overseas Headquarters/Offices, if any : Yes

Address
25 Churchill Place
Canary Wharf
E14 5EY London

*Information as provided by Ernst & Young LLP on 06 April 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Kochar Consultants Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

Kochar Consultants Private Limited - Mumbai

2. Carrying out Information Security Audits since : 2005

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
• IT General Controls Review (Y/N) : Yes
• Cyber Security Audit (Y/N) : Yes
• Vulnerability Assessment/Penetration Testing (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : Nil
PSU : 1
Private : 40+
Total Nos. of Information Security Audits done : 40+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 2

Web-application security audit : 10
Compliance audits (ISO 27001, PCI, etc.) : 5
IT General Controls Review : 40+
Process Reviews : 1
Regulatory Compliance Audits - Exchange Members : 25+
(Annual Compliance System Audit, etc. )
Cyber Security Audits : 15+
Audit of Wallet Companies as per RBI guidelines : 2
EKYC Audits as per UIDAI Guidelines : 2

6. Technical manpower deployed for information security audits :

CISSPs : Nil
BS7799 / ISO27001 LAs : 5
CISAs : 10
DISAs / ISAs : 2
Any other information security qualification : 1
Total Nos. of Technical Personnel : 14

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience Qualifications related

No. Kochar in to Information
Consultants Information security
Security
1. Pranay Kochar Jul-06 10 CISA, DISA
2. Sona Shah Jul-06 8 DISA
3. Mithun Lomate Mar-10 6 CISA, COBIT Assessor
4. Vidya Kamath Feb-16 12 CISA, ISO 27001 LA
5. Pankaj Dhiman May-16 4 CISA
6. CISA, CISM, ISO 27001
Kamlesh Kale Jul-16 6
LA
7. Arvind Vira CISA, CISM, ITIL V3F,
Dec-17 6
ISO 27001 LA, CCNA
8. Sumil Bavad Feb-19 1 CISA
9. Latika Shetty Mar-19 2 CISA
10. Kishore Gaikwad Nov-19 1 ISO 27001 LA
11. Fernando de Navarro
Nov-19 8 CISA, ISO 27001 LA
Menezes
12. Prachi Jadhav June-20 3 CEH
13. Tanmay Surepally Nov-20 1 CISA
14. Dhaval Ashar Jan-21 2 CISA, CIA

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Client: Leading Commodity Exchange

Scope of Work:

Sr. Activities
Reviewing and carry out necessary changes of Standard Operating Procedure (SOP) for all the
1.
departments of the organization as per latest ISO 27001:2013 standards for its improvement.
Review and carry out necessary changes of Information Security Policies / procedures / Plans /
2.
Risk Management report / Guidelines etc. and its implementation.
Carry out Internal audit for each department and effectiveness of controls implemented based on
3.
scope defined on ISO 27001:2013 standards
4. Review implementation of Cyber security policy and implementation of SEBI guidelines
5. Vulnerability Assessment and Penetration Testing (VA & PT).
Reviewing and updating BCP, DRP for new changes, if any and Provide BCM training to all
6.
employees.
7. Meeting each department for review of BIA and carry out changes in BIA as per the requirement.
Carry out Internal audit for each department and effectiveness of controls implemented as per
8.
TOR of SEBI circular CIR/CDMRD/DEICE/01/2015 dated November 16, 2015, excluding VA & PT.
Review of observations reported during audit reports (ISO 27001:2013 and Annual System
9.
Audit), and actions taken for the recommendation, if any and submit closure report.
Presentation of audit findings with recommendations to the Management along with its
10.
compliance status.

Locations: Mumbai, Project Value: 15 lakhs.

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

• Commercial Tools
o Nessus – Vulnerability Scanner
o Burp Suite, Acunetix - Web application auditing
o Passware: Password Cracking

• Freeware Tools
o Nmap, Superscan and Fport - Port Scanners
o Metasploit framework, Netcat, BeEF , Cain & able, Hydra, John the ripper - Penetration
Testing & Password cracking
o Process explorer, Sigcheck - Windows Kernel & malware detection
o Netstumbler , Aircrack-ng suite & Kismet – WLAN Auditing
o OpenVas, W3af, Nikto - Vulnerability scanner
o Wireshark – Packet Analyser
o SQL Map
o Kali Linux and all tools inbuilt into it.

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : No
If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by < Kochar Consultants Private Limited - Mumbai> on

<06/04/2021>

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Suma Soft Private Limited

1. Name & location of the empanelled Information Security Auditing Organization:

Suma Soft Private Limited

Suma Center, 2nd Floor,
OppositeHimali Society, Erandawane,
Pune, Maharashtra – 411 004.
Tel: +91.20.40130700, +91.20.40130400
Fax: +91.20.25438108
Email: [email protected]

2. Carrying out Information Security Audits since : 2008

3. Capability to audit, category wise (add more if required)

• Cyber Security Audits : Yes

• Information Security Assessments : Yes
• Web Application Security Testing : Yes
• Mobile Application Security Testing : Yes
• API Security Testing : Yes
• Vulnerability Assessment/Penetration Testing of IT Infrastructure : Yes
• Network Security Audits : Yes
• Wireless Security Testing : Yes
• Compliance Audits (ISO 27001, PCI, BCMS etc) : Yes
• Software License Compliance Audits : Yes
• Compliance - IT Audits
(Based on guidelines issued by RBI, IRDA, SEBI, Stock Exchanges) : Yes
• Digital Forensic Investigations : Yes
• Secure Source Code Analysis as a Service : Yes
• Security Monitoring as a Service : Yes
• Third Party Security Assessments / Information Security Due Diligence : Yes
• Cloud Security &Compliance Assessment : Yes
• Digital Risk / Dark Web Assessment : Yes
• Breach & Attack Simulation as a Service : Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : 0
PSU : 0
Private : 24
Total Nos. of Information Security Audits done : 24

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network Security Audit : 04

Web Application Security Testing : 17
Android Mobile Application Security Testing : 11
iOS Mobile Application Security Testing : 06
Digital Forensic Investigation : 01
IRDA Compliance audits : 01
Cloud Security Compliance Assessments : 09
Secure Source Code Reviews : 01

6. Technical manpower deployed for informationsecurity audits:

CISSPs :-
BS7799 / ISO27001 Las : 3
CISAs : 4
DISAs / ISAs : 1
CEH : 9
CEH, ECSA : 2
OSCP : 2
OSWP : 1
Any other information security qualification:
CCSE, CCI, ACE, ITIL, RHCE, CCNP, CCNA,MCP
Total Nos. of Technical Personnel : 16

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related

No. Suma Soft (in Information Security to Information
yrs) security
01 Surendra Brahme 21 21 FCA, CISA, DISA
02 C. Manivannan 21 21 CISA
CISA, ISO27001 LA,
Milind
03 8.5 19 CDPSE, ACE, CCNA,
Dharmadhikari
CSQP
CISA, ISO27001 LA,
04 Anil Waychal 21 17 ITIL, RHCE, Sun
Solaris
05 Narendra Bhati 7 8.6 OSCP, OSWP, CEH
OSCP, CEH, ECSA,
IBM Certified
06 SumitIngole 7 8
Specialist - Rational
AppScan
CEH, ECSA, CCNA,
07 Suraj Waghmare 1.10 5
ISO27001 LA
08 AmeyNaniwadekar 4.2 5 CEH, MCP
Rajnikant CEH, CCNA, CCNP,
09 3.6 4.5
Bhandare ACSE
Omprakash
10 2.3 2.3 CEH
Deshmukh
11 SanketKaware 0.6 1.8 -
12 Kapil Gurav 1 2 -
13 Nakul Ronghe 0.3 1.5 CEH
14 Tushar Shinde 0.6 3.6 CEH
15 SaeelRelekar 0.1 1.2 CEH
16 Yogesh Date 2.6 0.6 -

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

 Client: PSU organization from Financial Services industry involved in Primary

market

Type of Audit: Network Security Audit

Scope of Work: The scope of our audit included review of following areas –

• DC Infrastructure & Network Audit,

• LAN Infrastructure
• Vulnerability Assessment of 280+ internal IP addresses including
routers, switches, firewalls, servers etc.
• Penetration Testing of 55+ public facing IP addresses
• Conduct Vulnerability Assessment and Penetration Testing
• Finalization of report and submission of the same to the client
management.

IT Environment: 350+ IP address

 Client: Co-operative Bank

Type of Audit: Security Audit of Network, Web application, Mobile Application

and NPCI Agent Audit
Scope of Work: The scope of our audit included review of following areas –
• DC Infrastructure & Network Audit
• DR Site Audit
• Intranet Applications Audit
• Banking Agent Audit
• Vulnerability Assessment / Penetration Test and Desktop Security
Scanning
• Android Mobile Application Security Audit
• Client Location Site Security Audit (LAN)

 Client: Provider ofEnterprise Human Capital Management (HCM) SaaS platform

Type of Audit: Security Audit of Network, Web application, Mobile Application, Secure
Source Code Review, Cloud Security Testing

Scope of Work: The scope of our audit included review of following areas –
• Conduct Vulnerability Assessment and Penetration Testing on Web
Application
• Conduct Vulnerability Assessment and Penetration Testing on Android Mobile
Application
• Conduct Vulnerability Assessment and Penetration Testing on Network
Infrastructure.
• Test vulnerabilities in web sites and applications to ensure that all the false
positives and inaccuracies are removed.
• Analyze and execute advanced testing techniques against all verified
vulnerabilities to penetrate through the web-based application.
• Perform re-testing after receiving confirmation from the developers on fixing
of issues
• Finalization of report and submission of the same to the client management
• Conduct Vulnerability Assessment on Azure Cloud VM’s
• Conduct Secure Source Code Review and Remove false positive from results
• Perform re-testing after receiving confirmation from the developers on fixing
of issues

IT Environment: 1 Web Application (40+ Modules), Android & iOS Applications,300+ IT

assets, 150+ Cloud Assets in Microsoft Azure

 Client: Private Organization in end-to-end Logistic Solution

Type of Audit: Security Audit of Web & Mobile Applications, APIs and AWS hosted IT
Infrastructure

Scope of Work: The scope of our audit included review of following areas –
• Conduct Vulnerability Assessment and Penetration Testing on Web
Application
• Conduct Vulnerability Assessment and Penetration Testing on Android Mobile
Application
• Conduct Vulnerability Assessment and Penetration Testing on Network
Infrastructure.
• Tests vulnerabilities in web sites and applications to ensure that all the false
positives and inaccuracies are removed.
• Analyze and execute advanced testing techniques against all verified
vulnerabilities in order to penetrate through the web-based application.
• Perform re-testing after receiving confirmation from the developers on fixing
of issues
• Finalization of report and submission of the same to the client management

IT Environment: 5 Web Applications, 3 Mobile Apps, 150+ APIs, 100+ virtual hosts in AWS

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Commercial

• Burp Suite Professional

• Nessus
• Qualys
• NamicSoft
• Checkmarx

Freeware

• Kali Linux
• Metasploit
• Sqlmap

10. Outsourcing of Project to External Information Security Auditors / Experts : No

No. We do not outsource our engagements to external consultants. However, we engage known
external consultants / experts in the field of information Security to work alongside our team
based on specific skills required for the engagement. Project Management and delivery of the
engagement is done by Suma Soft.

For this purpose, we use Confidentiality and Non-Disclosure Agreements before engaging the
consultants for assignments with defined scope of work and with clear knowledge of the client.
Also, the consultants need to adhere to IT Security and other Policies of Suma Soft and also of
the client during the course of the engagement.

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Suma Soft has partnered with some niche cyber security companies from the USA and Israel to
become their channel partner India.

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Suma Soft Pvt. Ltd on 7th April 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s AGC Networks Limited

1. Name & location of the empanelled Information Security Auditing Organization:

Name: AGC Networks Limited

Location: Essar House, 11, K. K. Marg, Mahalaxmi,
Mumbai-400034, Maharashtra, India

2. Carrying out Information Security Audits since : <2017>

3. Capability to audit, category wise (add more if required)

• Network Security Audit : (Y)

• Web-Application Security Audit : (Y)
• Wireless Security Audit : (Y)
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : (Y)
• Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : (Y)
• ICS/OT Audits : (Y)
• Cloud security Audits : (Y)
• Secure Code Audit : (Y)
• Network Architecture Review : (Y)
• Secure Design Audit : (Y)
• IOT Security Audit : (Y)
• Red Team Audit : (Y)
• Mobile Application Security Audit : (Y)
• Real time Security Assessment : (Y)

4. Information Security Audits carried out in last 12 Months:

Govt. : 1
PSU : NA
Private : 10
Total Nos. of Information Security Audits done : 11

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network Security Audit : 5

Network Infrastructure Audit : 2
Web-application security audit : 11
Mobile Application Security Audit : 3
Wireless security audit : 1
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 7
Cloud security Audits : 1

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 1
BS7799 / ISO27001 LAs : 4
CISAs : 3,
DISAs / ISAs : NA
Any other information security
qualification:CEH(8),ECIH(3),CHFI(1),CISM(2)
Total Nos. of Technical Personnel : 14
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Sr. Name of Duration with Experience in Qualifications related

No. Employee <AGC Information Security to Information security
Networks
Ltd>
1 Anant Bhat 3.3 Years 10.3 years (Total CISSP, CISA, CISM,
Exp 18+) CEH v10, IBM
QRADAR SIEM, Azure
Cloud Certified
Foundation (AZ-900),
CCNA.

2 Sachin Ratnakar 11.6 Years 16.4 Years (Total CISA,ISO Lead Auditor
Exp 25+)
3 Kris Coutinho 9.7 Years 11.7 years(Total Exp CISA,CISM,ISO Lead
12+) Auditor
4 Darshan 1.1 Years 4 Years CEH
Sagwekar
5 Satya Narayan 5.10 Years 11 Years CEH, ECIH,CCNA,AZ-
Yadav 900,IBM QRadar
certified,McAfee SIEM
certified,TrendMicro
XDR Certified, Sophos
edr certified, Splunk
fundamentals certified
6 Deepak Joshi 3.7 Years 3.7 Years CEH, ECIH, McAfee
SIEM Certified, Sophos
EDR Certified, Splunk
Fundamentals
Certified
7 Akash Shinde 1.7 year 2.10 years CEH
8 Saim Tanki 1.7 year 1.7 years IBM-Cyber Threat
intelligence, IBM-
Penetration Testing,
Incident Response and
Forensics, Cisco Cyber
Security Essential.
9 Anuj Worlikar 1.7 year 1.7 year CEH
10 Rohan Chache 8 months 8 months CEH, CCNA
11 Appasaheb Patil 2 months 2 months CEH
12 Chandrasekhar 2.7 years 2.7 years Splunk fundamentals
Kommu certified,Trend Micro
Apex Central for
Administrators,Azure
Az-900,Palo alto
Cortex XSOAR IT
Admin
13 Gayatri Jadhav 2.3 Years 4.3 Years ISO Lead Auditor
14 Nishigandha 2 Months 4 ISO Lead Auditor
Jagtap

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Company: One of the largest Manufacturing Company in India.

Scope/ Volume/ Locations/ Complexity

 Infrastructure security review (LAN/WAN) of 4+major locations

 Entire Security Architecture and Posture Review.
 Server Security review. (Physical & Virtual)
 Configuration audit (Core Network devices and Security Device)
 Vulnerability Assessment of Network devices
 Suggestions for improvement and future roadmap.
 Real Time Analysis and Audit
 Penetration testing of key applications

9. List of Information Security Audit Tools used (Commercial/ freeware/proprietary): QUALYS,

NESSUS, WIRESHARK, IBM APP SCAN, KALI LINUX, OWASP ZAP, SANTOKU OS, BURP SUITE Pro
etc.

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes

A. AUSTRALIA: -

1. MELBOURNE (Suite 2, Level 3 West Tower,608 St Kilda Rd,Melbourne, Victoria, 3004)

2. SYDNEY (Level 8, Avaya House,123 Epping Rd,North Ryde, NSW, 2113)

B. PHILIPPINES: -

1. AGC Networks Philippines, Inc., An Essar Enterprise 4th Floor, Jaka Building, 6780 Ayala
Avenue, Makati City – 1226)

C.SAUDI ARABIA: -

1. Building no.113, Al Narjes Complex, Abu Bakr Road, Riyadh, KSA

D. KENYA: -

1. The Oval, 2nd Floor, Westlands | Nairobi | Kenya

E. NEW ZEALAND: -

1. Floor 17, 120 Albert Street, Auckland Central, Auckland 1010, New Zealand

F.UAE: -

1. DUBAI (Emaar Business Park, Building No. 4, Office # 508, PO Box 58569, Sheikh Zayed
Road, Dubai, United Arab Emirates)
2. ABU DHABI (AGC Networks L.L.C. Al Nayadi Building 115, Office No. 701 Sheikh Rashid Bin
Saeed Street (Airport Road) Abu Dhabi, United Arab Emirates)

G.USA: -

1. DALLAS (222 W Las Colinas Blvd, Suite 200 North Tower, Irving, Texas, 75039, Texas,
USA)
2. FLORIDA (7970 Bayberry Rd, Suite 5, Jacksonville, Florida 32256)
3. MINNESOTA (10050 Crosstown Circle, Suite 600 Eden Prairie, MN 55344)
4. MINNESOTA (9155 Cottonwood Lane N Maple Grove, MN 55369)

H. SINGAPORE

1. AGC Networks Pte Limited 50 Raffles Place, # 32-01 Singapore Land Tower Singapore 048623.

*Information as provided by <AGC Networks Limited> on July 1,2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Cyber Security Works Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization:

Registered Office: Cyber Security Works Pvt. Ltd

No.3, III – Floor, E- Block, 599, Anna Salai ,Chennai – 600 006.

Corporate Office: Cyber Security Works Pvt. Ltd

No.6, 3rdFloor, A- Block, IITM Research Park
Taramani , Chennai – 600 113

2. Carrying out Information Security Audits since : 2008

3. Capability to audit, category wise (add more if required)

Network Vulnerability Assessment / Audit Yes

Web-application security Assessment / Audit (Y/N) Yes
Wireless security audit (Y/N) Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) Yes
SDLC Review and Code Security Review Yes
Application Penetration Testing Yes
Network Penetration Testing Yes
Information Security policy review, development and assessment Yes
Mobile Application Security Assessment and Penetration Testing Yes
Data Mining for Vulnerable Patterns from Complex and Large-Scale Networks Yes
Ransomware Assessments Yes
Red Team Assessments Yes
IoT Security Assessments Yes
SCADA and Critical Infrastructure Assessments Yes
Social Engineering Assessments Yes
Cloud and Virtual Security Assessment Yes
Electronic Discovery and Digital Forensics Yes
Malware Synthesis and Analytics Yes
Incident Response Yes
AUA/KUA Compliance audit Yes
e-Sign Compliance audit Yes

4. Information Security Audits carried out in last 12 Months:

Govt.: 11
PSU : 5
Private : 344
Total Nos. of Information Security Audits done : 360

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit: 57

Web-application& Mobile Applications security audit: 287
Wireless security audit: 2
Compliance audits (ISO 27001, PCI, etc.): 14

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 1
BS7799 / ISO27001 LAs : 4
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification: 15
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. CSW Information Security Information security
1 Ravi Pandey 9.7 Years 10.8 Years ISO 27K LA, ISO 27K
LI PCI-QSA, PCI-ASV
Certified
2 Sridhar 11.11 Years 29.10 Years CISA, CISSP, ISO 27K
Krishnamurthi LA
3 Gunnam Ramesh 8.10 Years 8.10 Years ISO 27K LA, PCI-ASV
Certified
4 Arjun Basnet 7.3 Years 7.3 Years PCI-ASV Certified
5 Ravichandran R 2.6 Years 18.8 Years CISA, CFE, CEH,
CCISO, CPISI, ECSA,
ISO LA
6 Sathish Kumar 7 Years 7 Years
7 Bonthala Satya 5.8Years 5.8 Years CompTIA Pentest+
Suvarna
8 DereddyMaheswari 5.8Years 5.8Years
9 Rakesh Kumar M 3.11 Years 3.11 Years
10 Dilip Raja Peddu 2.3 Years 2.3 Years
11 Raj Kumar Shah 2.8 Years 3.4 Years
12 Lourdhu Raj 2.8 Years 2.8 Years
Periyanayagam
13 Raj Kumar T M 2.8 Years 2.8 Years
14 Vasantha Kumar T 2.1 Year 3.4 Years CHFI, CIE, ECSA
15 Mohamed Yasir 1.9 Year 1.9 Year
Hashim
16 Shiva Rohit 1.6 years 1.6 years
Guntuku
17 Maria Daniel Raj I 0.11 year 0.11 years

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

 Vulnerability assessment and Penetration testing of network infrastructure and web

applications for a large Financial Services Company with offices across 68 Locations in
India. (We cannot declare the name of organization as we have NDA singed with them)

 Complexity: Project involved of Network Security Assessment, Internal and External

Vulnerability Assessment and Penetration Testing, Security Configuration Review,
Application Penetration Testing, Mobile Application Security Assessment.

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):

Commercial Tools
 Acunetix
 Nessus
 Nexpose
 Burp Suite Pro
 Qualys

Proprietary

 Securin ASM- SaaS based attack surface management platform.

 VapSploit - Data mining tool for network infrastructure security assessment.
 WebSploit - Data mining tool for web infrastructure security assessment.

Freeware Tools:

 Nmap
 Netcat
 Snmp Walk
 Metasploit
 Kali Linux
 Paros
 Burp Suite
 Brutus
 Nikto
 Firewalk
 Dsniff
 SQL Map
 John the ripper
 Paros
 Wikto
 Ethereal
 Netcat
 Openvas
 W3af
 OWASP Mantra
 Wireshark
 Ettercap
 Aircrack – Ng
 Cain & Abel
 Ironwasp
 OWASP Xenotix
 Fiddler
 Tamperdata
 Social Engineering Toolkit

10. Outsourcing of Project to External Information Security Auditors / Experts : No ( If yes,

kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes

Yes, we have partners for providing information security services in the respective
countries.

I. Partner with ICE Information Technology to provide Information Security Services in UAE
ICE Information Technology
P.O. Box: 120661, Dubai, UAE
P.O Box: 31078, Abu Dhabi, UAE

II. Partner with RiskSense Inc. to provide Information Security Services in USA
RiskSense Inc
4200 Osuna Road NE, Suite 3-300
Albuquerque, NM 87109, USA

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Cyber Security Works Pvt Ltd on 16th April 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Deccan Infotech (P) Ltd.

1. Name & location of the empaneled Information Security Auditing Organization:

Name- Deccan Infotech (P) ltd

Address-13J, Jakkasandra Block 7TH Cross,
Koramangala, Bangalore-560034

2. Carrying out Information Security Audits since : < 1996>

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) < YES>

• Web-application security audit (Y/N) < YES>
• Wireless security audit (Y/N) < YES>
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) < YES>
• Mobile Security Audits < YES>
• Regulatory Audits < YES>

4. Information Security Audits carried out in last 12 Months :

Govt. : <number of> 15

PSU : <number of> 00
Private : <number of> 60
Total Nos. of Information Security Audits done : 75

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit: <number of> 19

Web-application security audit: <number of> 50
Wireless security audit:<number of> 02
Compliance audits (ISO 27001, PCI, etc.):<number of> 04

6. Technical manpower deployed for informationsecurity audits :

CISSPs : <number of> 01

BS7799 / ISO27001 LAs : <number of> 06
CISAs : <number of> 02
DISAs / ISAs : <number of> 00
Any other information security qualification:<number of> 03
Total Nos. of Technical Personnel : 12

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related

No. Employee <Deccan Information Security to Information security
Infotech (P)
ltd>
1. Mr. Dilip 06/05/1996 24 yrs C|CISO, CRISC, CISM,
Hariharan CISA, CEH, CHFI, CFE,
CCNA, ISO 27001
Lead Auditor &
Implementer, ISO
9001:2008 LEAD
AUDITOR, BS 15000
IMPLEMENTER, SANS
certified in hacker
techniques, exploits &
incident handling
2. Arjun Bhaskaran 08/11/2017 18 yrs ISO 27001:2013
Information Security
Management System
3. Mr. Amit Gupta 01/09/2017 25 yrs ISO 27001:2013
Information Security
Management System
4. Mr. Rajesh Kumar 02/02/2018 3.2 yrs ISO 27001:2013
M Information Security
Management System
5. Mr. Gautam D. 07/02/2019 2 Yr ISO 27001:2013
Hariharan Information Security
Management System

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

• Web applications Security audit for more than 100 sites of A government organisation with
different databases and web development technologies amounting to approximately 30 Lakhs.

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):

1. Burp Suite
2. NMAP
3. Netsparker
4. John The Ripper
5. NetCat
6. PW DUMP
7. Wireshark
8. OWASP ZAP
9. KALI Linux
10. Nessus
11. TCP Dump
12. Nexpose – Commercial tool
13. Brutus
14. Metasploit - Commercial
15. Mozilla Tools for web app audits
16. Fiddler
17. Dir buster
18. Nipper
19. Nikto
20. W3AF
21. Android tamer / Drozer / Geny motion
22. Immuniweb Mobile scanner
23. Mobile Security framework

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by <Deccan Infotech (P) ltd > on <15-April-2021>

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s SISA Information Security Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

SISA INFORMATION SECURITY PRIVATE LIMITED

No. 79, Road Number 9, KIADB IT PARK,
Arebinnamangala Village, JalaHobli Bengaluru, Karnataka India - 562149

2. Carrying out Information Security Audits since : 2001

3. Capability to audit , category wise (add more if required)

• Network security audit : (Y)

• Web-application security audit : (Y)
• Wireless security audit : (Y)
• Compliance audits (ISO 27001, PCI, etc.) : (Y)
• Forensics Investigation & Analysis : (Y)
• Red Team Assessment : (Y)
• Web Application Penetration Testing : (Y)
• Mobile Application Penetration Testing : (Y)
• Network Penetration Testing : (Y)
• Network Vulnerability Assessment : (Y)
• Web Application Automated Vulnerability Assessment : (Y)
• WAP Application Penetration Testing : (Y)
• Thick Client Penetration Testing : (Y)
• Firewall Configuration Review : (Y)
• Wireless Penetration Testing : (Y)
• Server Configuration Review : (Y)
• Database Configuration Review : (Y)
• Source Code Review : (Y)
• Email Configuration Review : (Y)
• Network Architecture Review : (Y)
• Process and Policy Review : (Y)
• Incident Response : (Y)
• Spear Phishing Activity : (Y)
• Data Leakage Gap Analysis : (Y)
• Application Malware Scan : (Y)
• Network Malware Scan : (Y)
• Information Security Awareness Training : (Y)

4. Information Security Audits carried out in last 12 Months :

Govt. : None
PSU : 10+
Private : 350+
Total Nos. of Information Security Audits done : 360+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 200+

Web-application security audit : 200+
Wireless security audit : 5+
Compliance audits (ISO 27001, PCI, etc.) : 300+
Forensics Audit : 25+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 4
BS7799 / ISO27001 LAs : 21
CISAs : 3
DISAs / ISAs : 1
Any other information security qualification : 32
Total Nos. of Technical Personnel : 120
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration Experience Qualifications related to

No. Employee with in Information security
SISA Information
Security
1 Dharshan 20 Years 18 Years CISA, CISSP, PCI QSA, Core PFI,
Shanthamurthy SANS GWAPT, OCTAVE Authorized
Advisor/Assessor
2 Renju Varghese 14.6 Years 14.6 Years CISA, PCI QSA, ISO 27001 LA, ISO
Jolly 27001 LI, CPISI, PCI SSF, PA - QSA,
P2PE QSA, OCTAVE IMPLEMENTER,
SANS GCFA, VISA/MASTERCARD
APPROVED COREFORENSIC
INVESTIGATOR
3 Kaushik Pandey 7 years 7 years CISA, PCI-QSA, IS027001 LA, CPISI
AUTHORIZED TRAINER
4 Yogesh Patel 6.4 Years 7 Years CORE PFI, VISA SECURITY
ASSESSOR, PCI QSA, PCI QPA, P2PE
QSA, GCFA – GIAC CERTIFIED
FORENSIC ANALYST, ISO 270001 LA
& LI
5 Vivek Singh 5.4 Years 5.4 Years CEH V8, CERFITIFIED PROFESSIONAL
Chauhan HACKER - IIS, CERFITIFIED
PROFESSIONAL FORENSICS ANALYST
- IIS, CERFITIFIED INFORMATION
SECURITY CONSULTANT- IIS,
DEGITAL FORENSIC INVESTIGATOR –
ASCL
6 Saravana S 1.2 Years 11 years CISSP,CEH V10, AWS SOLUTION
ARCHITECT, GDPR DATA PROTECTION
OFFICER, CPISI, PCI ASV, ISO 27001
LA
7 Nelson Yaragal 1.6 Years 11 years CISA, ISO 27001 LA, ISO 27001 LI,
CPISI
8 Sudeep Devashya 1.6 Years 12 Years ISO 27001 LA, ISO 27001 LI, CPISI

9 Aman Srivastava 1.9 years 6 years CISSP, PCI QSA, ISO 27001 LA, ISO
27001 LI, CEHV7, ITIC3,CCNP
SECURITY, JNCIS SECURITY
10 Prajwal Gowda 6 Years 6 Years PCI QSA, ISO 27001 LA, ISO 27001
LI, CPISI - S LEAD TRAINER

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Client Project Value in

Compliance INR
BPO/Services PCI DSS, Information Security Audit 1.01 Cr

Medical devices and PCI DSS, Information Security Audit ,

Health care Network and Web Security Testing 1.12 Cr

PCI DSS, Information Security Audit , -

Network and Web Security Testing,
Payment Solution
Provider 1.02 CR

PCI DSS, Information Security Audit ,

Network and Web Security Testing,
Financial Sector
Organization 0.80 Cr
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial Tools Port Scanning Network & System Social Engineering

Vulnerability
Assessment

• Nessus - Nmap - Metasploit - Social-Engineering

Commercial Toolkit (SET)
• Burp Suite -Hping3 - Nessus
Professional
• Microfocus Fortify
- Nipper
• Quays Guard

Privilege Exploitation Application Threat Profiling &

Escalation Security Risk Identification
Assessment

- Cain & Abel - SQL Map • Burp Suite -Risk Assessment

Professional (RA)
- Nipper - Metasploit • OWASP ZAP
• Nikto
• SQLMap
• SSL Scan
• Directory Buster
• MobSF
• Drozer
• Frida
• Objection
• Echo Mirage
• Fiddler
• TCP Relay
• Microsoft
Sysinternal Tools
• Wireshark
• Hopper
• Microsoft Devskim
• Brakeman
• Graudit
• GoSec
• DevAudit
• Bandit
• Application
Inspector
Data Discovery MDR Red Team Wireless
Penetration
Testing
- SISA Radar - ProACT - OSINT Tools - Wapiti
- Harvester
-DNSrecon - Aircrack-ng

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes

AMERICAS SISA Information Security Inc.
Las Colinas The Urban Towers,
222 West Las Colinas Boulevard,
Suite 1650, Irving, Texas 75039, USA
Tel: +1 (214) 308-2146

MIDDLE EAST and AFRICA SISA Information Security WLL

Gulf Business Center, Suite #1119,
Al Salam Tower, 11th Floor, Building 722,
Road 1708, Block 317, Kingdom of Bahrain.
Tel: +973 32 333 856

SISA Information Security

Novotel Business Park, Tower 2,
1st Floor, Unit No. 43,
Dammam – 32232-6140, Saudi Arabia.
Tel: +973 32 333 856

SISA Information Security FZE

P.O.Box 37495, Ras Al Khaimah,
United Arab Emirates.
Tel: +973 32 333 856
Mobile: +91 98458 54094

EUROPE SISA Information Security Ltd.

81 Bellegrove Road, Welling,
Kent – DA16 3PG,
United Kingdom.
Tel: +44 20 3874 1591

ASIA PACIFIC SISA Information Security Pte. Ltd.

101 Cecil Street, #17-09,
Tong Eng Building,
Singapore – 069533.
Tel: +65 3163 1024

SISA Information Security Pty. Ltd.

‘9A’, 139 Minjungbal Drive,
Tweed Heads South,
NSW – 2486, Australia.
Tel: +61 (2) 9161 2963

*Information as provided by SISA Information Security Private Limited on 16/04/2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s TUV-SUD south Asia Pvt. ltd

1. Name & location of the empanelled Information Security Auditing Organization :

TUV-SUD south Asia Pvt. ltd

2. Carrying out Information Security Audits since : 2018

3. Capability to audit , category wise (add more if required)

• Network security audit: Yes

• Web-application security audit: Yes
• Wireless security audit : Yes
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): Yes
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) Yes
• ICS/OT Audits:Yes
• Cloud security Audits: Yes

4. Information Security Audits carried out in last 12 Months:

Govt. :Nil
PSU : Nil
Private : 10
Total Nos. of Information Security Audits done : 10

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit: 33

Web-application security audit: 54
Wireless security audit: 2
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): 46
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.): 1

6. Technical manpower deployed for informationsecurity audits :

CISSPs : Nil
BS7799 / ISO27001 LAs : 3
CISAs : 1
DISAs / ISAs : Nil
Any other information security qualification:CCSP (1) , PCI QSA (2)
Total Nos. of Technical Personnel :

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related

No. <organization> Information Security to Information security
1 Mr. Amit Kadam 2 22 CISA / ISMS
LA/CCSSP/PCI DSS
2 Mr. Atul 3 12 MCSA, CCNA, IVTL v3,
Srivastava COBIT 5, ISO27001
Lead Auditor,
ISO27001 Lead
Implementer, PCI QSA
3 Mr. Kaushal Meher 3 4.5 CEH, ISO27001 Lead
Auditor
4 Ms. Archana Agre 1 2 CNSS Certified
5 Mr. Prajwal Shetty 1 3.5 ECSA (EC Council
Certified Security
Analyst)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Category Organizations Location

Insurance Sector 5 PAN-India

Payment Corporation 10 Mumbai, Chennai, Hyderabad

9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

1. Nessus
2. NMAP
3. SQL map
4. Burp suite
5. NIPPER

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No

12. Whether organization is a subsidiary of any foreign based organization? : Yes

If yes, give details : We are a subsidiary of TÜV SÜD group head Office in Germany

13. Locations of Overseas Headquarters/Offices, if any : Yes

All locations are on the web sites. Locations | TÜV SÜD in India (tuvsud.com)

*Information as provided by TÜV SÜD south Asia Pvt. Limited on28 June 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s ControlCase International Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization :

ControlCase International Pvt. Ltd.,

Corporate Center, Wing A, 4th floor, unit no. 407, J
. B. Nagar, Andheri-Kurla Road, Andheri (East),
Mumbai 400059, Maharashtra.

2. Carrying out Information Security Audits since : 2005

3. Capability to audit , category wise (add more if required)

• Network security audit: Y

• Web-application security audit: Y
• Wireless security audit: Y
• Compliance audits (ISO 27001, 27017, 27018, 22301, 27701, PCI DSS, PA DSS, PCI
SSA, PCI SLC, P2PE, PIN, TSP, 3DS, ASV, HITRUST, HIPAA, SOC, NIST 800-53, 800-171,
CSA STAR, GDPR, CCPA etc.) : Y
• Finance Sector Audits (SWIFT, ATMs, API, Payment Gateway, Banks, Insurance
companies etc.) : Y
• ICS/OT Audits : Y
• Cloud security Audits : Y
• Web Application Source Code Review: Y
• Advanced Penetration Testing Training: Y
• Virtualization Security Assessment: Y
• Mobile Application Security Audit: Y
• IoT Security Audit: Y
• Segmentation Penetration Test: Y
• Social Engineering: Y

4. Information Security Audits carried out in last 12 Months :

Govt. : 3
PSU : 3
Private : 500+
Total Nos. of Information Security Audits done : 500+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 100+

Web-application security audit : 400+
Wireless security audit : 10+
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 1000+
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : 100+
ICS/OT Audits : 2
Cloud security Audits : 100+

6. Technical manpower deployed for information security audits :

CISSPs : 5
BS7799 / ISO27001 LAs : 37
CISAs : 15
DISAs / ISAs : 0
CISM: 16
CEH: 7
CHFI: 1
PCI QSA: 33
PCI PA QSA: 5
PCI SSA: 5
PCI SLCA: 9
PCI ASV: 5
PCI 3DS: 2
PCI P2PE QSA: 3
PCI CPSA-Physical: 4
PCI CSPA-Logical: 4
PMP: 2
CBCP: 1
CCSFP: 1
CCSK (CSA Star): 2
CCSP: 1
CDPSE: 9
CCNA: 5
ITIL: 2
Total Nos. of Technical Personnel : 100+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related to Information

No. Employee ControlCase Information security
Security
1. Satyashil Rane 12+ Years 20+ Years PCI QSA, PA QSA, PCI SSA, PCI SLCA,
P2PE, CISSP, CEH, ASV, ISO 27001 LA
2. Rajkumar 8+ Years 9+ Years MS Cyber Law and Info Sec, CISSP, ASV,
Yadav ISO LA
3. Shashank 10+ Years 10+ Years CISSP, PCI-AQSA, PCI-ASV, ISO 270001
Vaidya LA, ISO 270001 LI
4. Vaibhav 10+ Years 10+ Years CEH, ECSA, ASV, PCI AQSA, ISO 27001 LA,
Mahadik ISO 270001 LI
5. Chaitany 11+ Years 13+ Years ISO 27001 LA, ISO 270001 LI, PCI QSA
Kamble
6. Sushant 7+Years 7+Years OSCP
Kamble

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Sr.No Client Description of services ( Project Value

Relevant to Scope of Work in
this RFP, give reference
number only)
1. One of the largest Continuous Compliance Which Confidential
Financial Service includes
Provider in India PCI certification,
Fire wall rule set review,
Configuration scanning of IT
Assets,
Application Security scanning,
Log Monitoring and automated
alerting,
Internal vulnerability scan,
External vulnerability scan,
Internal and external penetration
testing,
Review and updating of policies,
Annual security awareness
trainings,
Risk assessment
2. One of the largest PCI DSS Certification Confidential
bank in Vietnam Application Penetration Test
Internal vulnerability scan,
External vulnerability scan,
Internal and external
penetration testing
3. One of the largest Application Security Review Confidential
bank in Brunei Code review
4. One of the largest Compliance as a Services – CAAS Confidential
payment transaction Which includes
service provider in PCI certification,
Mauritius Fire wall rule set review,
Configuration scanning of IT
Assets,
Application Security scanning,
Log Monitoring and automated
alerting,
Internal vulnerability scan,
External vulnerability scan,
Internal and external penetration
testing,
Review and updating of policies,
Annual security awareness
trainings,
Risk assessment

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial:
• Rapid 7 Nexpose
• QualysGuard External Scanner
• Tenable Nessus Security Scanner
• Netsparker Professional
• Rapid7 Nexpose Enterprise edition
• Nmap
• Burp Suite Professional
• Nipper

Freeware / Open Source (Includes but not limited to below):

• Kali Linux Framework – Nmap, Netcat, cryptcat, Hping, Sqlmap, JTR, OpenVAS, SET, MSF,
Aircrack suite, Dirbuster, Cain
• Fiddler
• Charlse Proxy
• Metaspolit
• Mobile Security Framework
• L0phtcrack Password Cracker
• OpenVas
• W3af
• Directory Buster

Proprietary:
ControlCase SkyCAM - ControlCase SKYCAM is a consolidated framework that quickly and cost-
effectively enables IT governance, risk management and compliance (GRC) with one or several
government or industry regulations simultaneously. It allows IT organizations to proactively address
issues related to GRC and implement a foundation that is consistent and repeatable.
ControlCase Compliance Manager (CCM) - Built upon the ControlCase GRC (CC-GRC) platform
and provides an integrated solution to managing all aspects related to compliance. CCM allows
organizations to implement the processes, integrate technologies and provide a unified repository
for all information related to Compliance.
Card Data Discover (CDD) - ControlCase Data Discovery (CDD) addresses key need of Credit
Card Data Discovery and is one of the first comprehensive scanners that not only searches for credit
and debit card data on file systems, but also in most commercial and open source databases, and all
this searching is done WITHOUT installing any agents on any scanned system. It scans the whole
enterprise from one location.
ControlCase Compliance Scanner - ControlCase Compliance Scanner allows QSAs/Auditors and
consultants to streamline and automate the process of evaluating PCI compliance during onsite
engagements. Results from leading vulnerability scanners and application scanners, along with
cardholder data search features are processed by the Compliance Scanner to pre-populate
approximately half the controls of PCI DSS.
ControlCase ACE - ControlCase Automated Compliance Engine allows assessors and customers to
collect compliance evidence automatically from cloud and non-cloud environments to satisfy various
Certification/compliance related requirements. It is capable not only automatically collecting the
evidence but also determining compliance status and providing pinpointed recommendations to
remove non-compliances.
10. Outsourcing of Project to External Information Security Auditors / Experts : No
( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : Yes

If yes, give details - , ControlCase International Pvt. Ltd is subsidiary of ControlCase Holdings

13. Locations of Overseas Headquarters/Offices, if any : Yes,

ControlCase LLC, 12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

*Information as provided by ControlCase International Pvt. Ltd. on July 23, 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Netrika Consulting India Pvt. Ltd.

1. Name & location of the empaneled Information Security Auditing Organization:

M/s Netrika Consulting India Pvt. Ltd.

Global HQ: Plot no.2, Industrial Estate, Udyog Vihar, Phase-IV, Gurugram,
Haryana, India. PIN: 122015
Registered Office Address: 2nd Floor, 25, BLK-BK 25, Mandir, Shalimar Bagh,
New Delhi (110088).
Regional Offices:
Mumbai: Accord Classic 510, above Anupam Stationery, Arey Road, Goregaon
East, Mumbai - 400063 (Ph: +91-22-49035900)

Bengaluru: Unit No 205 A, Carlton Towers, 01 Old Airport Road, Bangalore -

560008 (Ph: +91-80-43728750)

2. Carrying out Information Security Audits since : 2013

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N): Y

• Web-application security audit (Y/N): Y
• Wireless security audit (Y/N): Y
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N): Y
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N): Y
• ICS/OT Audits (Y/N): Y
• Cloud security Audits (Y/N): Y
• Application Security Testing: Y
• Mobile & API Security Testing: Y
• Secure Configuration Reviews: Y
• Cyber Forensics and Investigations: Y

4. Information Security Audits carried out in last 12 Months:

Govt.:15
PSU:incl. Above
Private:15
Total Nos. of Information Security Audits done: 30+

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit :7

Web-application security audit : 25
Wireless security audit :3
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) :4
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) :2
ICS/OT Audits :0
Cloud security Audits :1

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 1
BS7799 / ISO27001 LAs : 5
CISAs : 1
DISAs /ISAs :0
Any other information security qualification:CEH/CISC/CPFA/eWPTX/OSCP: 5
Total Nos. of Technical Personnel : 10
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related

No. <organization> Information Security to Information security
1 Rajesh Kumar ~2 Years 20+ Years CISSP, CISA, CEH,
CFE, CDPSE etc.
2. Nikit Jain 3 Years 4 Years CEH, CISC, CPFA
3. Mukesh Kumar 0.5 Years 7 Years CEH, EWPTX, OSCP
3. H. S. Rawat 2.5 years 10 years CEH, ISO27001LA
5. Rahul Khattar 1 Years 10+ Years ISO27001LA

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

A leading Logistics Company in India, covering comprehensive Cyber Security Posture

Assessment, Internal/External Network, Application VAPT, Business Continuity Assessment,
End-point configuration review etc. Project Scope covered corporate office and sample regional
offices with project value around 8L.

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Nmap/Nessus/Wireshark/OpenVAS/SQLMap/Metasploit/Burpsuite/Brutus/Hydra/MobSF/Drozr/K
aliLinux/Manual Scripts etc. and many more inducted as needed for project scope.

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any: Yes

a. UAE: SAIF Zone, Q1-06-141/C, PO Box 124932, Sharjah Airport Free Zone
b. SINGAPORE: Regus Vision Exchange, 2 Venture Drive Level. # 24-01- #24-32, Singapore
(608526)

*Information as provided by Netrika Consulting India Pvt Ltd on 25-July-2021.

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s NG TECHASSURANCE PRIVATE LIMITE

1. Name & location of the empanelled Information Security Auditing Organization:

Name: NG TECHASSURANCE PRIVATE LIMITED

Address: Shop No. F-07(107), First Floor, Atlanta Shopping Mall,Althan
Bhimrad Road, Surat, Gujarat - 395017

2. Carrying out Information Security Audits since : 2016

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Mobile application security audit (Y/N) : Yes
• IT general controls review (Y/N) : Yes
• Secure Configuration audit (Y/N) : Yes
• Vulnerability Assessment & Penetration Testing (Y/N) : Yes
• Policy review against best security practices and regulatory requirement (Y/N) : Yes
• IT GAP assessment(Y/N) : Yes
• Information security risk assessment. (Y/N) : Yes
• Compliance audits (RBI, NABARD) (Y/N) : Yes
• Information security awareness&training (Y/N) : Yes
• Data Migration Audit (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : Nil
PSU : Nil
Private : 36
Total Nos. of Information Security Audits done : 36

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 17

Web-application security audit : 57
Mobile application security audit : 07
IT general controls review : 07
Secure Configuration audit : 12
Vulnerability Assessment & Penetration Testing : 24
Policy review against best security practices and regulatory requirement : 09
IT GAP Assessment(Y/N) : 07
Information security risk assessment. (Y/N) : 01
Compliance audits (RBI, NABARD) : 34
Information security awareness & training : 25
Data Migration Audit : 01

6. Technical manpower deployed for informationsecurity audits:

CISSPs : Nil
BS7799 / ISO27001 LAs : 02
CISAs/ DISAs / ISAs : 02
Any other information security qualification (CEH/ M. Tech etc) :10
Total Nos. of Technical Personnel : 12
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S.No. Name of Duration with NG Experience in Qualifications related to

Employee TechAssurance Pvt. Information Security Information security
Ltd
1 Niraj Goyal >5 years >7 years CEH, ISA
2 Diti Patel > 1.5 year >1.5 years M Tech (CS)
Gaurav
3 >2 years >3 years ISMS LA
Goyal
4 Neha Goyal >5 years >5 years CEH
Adarsh
5 >1.5 year >1.5 years M Tech (CS)
Desai

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

For one of the reputed Financial Institution of the country, we have conducted Vulnerability
Assessment & Penetration Testing, Web and Mobile Application Testing, Compliance Audits with
live on all the delivery channels, having owned Data Centre and having 400+ IPs.

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Commercial Tools
Burp Suite Professional
Nessus Professional

Open-Source/Freeware Tools
Kali Linux
Wireshark
OWASP ZAP
Vega
Nmap
Web Scarab
Aircrack suite
Nikto
MBSA
JhonTheRipper
Hydra
DirBuster
SQLMap
Metasploit
Nox Emulators
TestSSL
Nipper-NG

Proprietary
Custom Developed Shell & Python Scripts

10. Outsourcing of Project to External Information Security Auditors / Experts : No

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? :

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by M/s NG TechAssurance Private Limited on 26/July/2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s OXYGEN CONSULTING SERVICES PRIVATE LIMITED

1. Name & location of the empanelled Information Security Auditing Organization:

OXYGEN CONSULTING SERVICES PRIVATE LIMITED

COSMOS, E/701, Magarpatta City, Hadapsar, Pune 411028

2. Carrying out Information Security Audits since : 2007

3. Capability to audit, category wise (add more if required)

• ICS/OT Security Review: Y

• UIDAI AUA/KUA Audit: Y
• Network security audit: Y
• Wireless security audit: Y
• Systems Migration Audit: Y
• IT/Cybersecurity Roadmap: Y
• Data Privacy/Protection Audit: Y
• Web-application security audit: Y
• IT/Systems/Cybersecurity Audits: Y
• Internal Audit/Risk based Audit: Y
• Network/System/Application VAPT: Y
• IT General controls (ITGC) Audit: Y
• IT Governance/ COBIT/ IT-GRC Audit: Y
• 3rd Party/ Outsourcing/Vendor audit: Y
• Secure SDLC and Secure code review: Y
• Storage of Payment System Data Audit: Y
• Cybersecurity/Infosec Awareness Review: Y
• Cloud security,Outsourced DC and DR site audits: Y
• Server/Firewall/Database/Email Configuration Review: Y
• RBI/SEBI/IRDA/NBFC/Stock Brokers/DP Compliance audit: Y
• CSOC/DLP/FW/IPS/WAF/PIM/SIEM/Security Products Audit: Y
• Cyber Resilience/Business Continuity/Disaster Recovery Audits: Y
• Functional Audits (CBS/Treasury/BBPS/CTS/In-House Software) Audits: Y
• Compliance audits (ISO/IEC 27001, ISO 22301, ISO 27701, PCI, GDPR etc.): Y
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway,SEBI,NBFCetc): Y

4. Information Security Audits carried out in last 12 Months:

Govt.:Nil
PSU:Nil
Private:87
Total Nos. of Information Security Audits done:87

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Cloud security Audits: 6

Web-application security audit: 5
Network security/ VAPT/Config audit: 30
Systems &Cybersecurity audit: 64
Compliance audits (ISO 27001/22301, PCI, GDPRetc.): 4
Finance Sector Audits (Swift,ATMs, API, Payment Gateway, SEBIetc.):46

6. Technical manpower deployed for informationsecurity audits:

CISSPs: 1
ISO27001 LAs: 3
CISAs: 4
CISMs: 2
CEH/CDPSE/CGEIT/FBCI/Prince2/ITILv3: 1
Total Nos. of Technical Personnel: 6
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration Experience in Qualifications related to Information security

No. with Information
OCSPL Security
1 Sanjiv Kumar ~ 14 Years 24+ years CISSP,CISA,CGEIT,CISM,FBCI,CDPSE,ISO27001LA,
Agarwala ISO22301LA, ITIL, ISO9001LA
2 Sachin Prakash 5+ Years 14+ Years CISA, CEH
Jadhav
3 Chandrashekhar ~ 1 Year 24+ Years CISA, ISO27001 LA, PRINCE2, ITIL v3, ISO9001LA
Pulekar
4 Sumukh Bhagwat ~ 1 Year 10+ Years ISO27001 LA
5 Aparna Joglekar < 1 Year 15+ Years CISA,CISM
6 Shradha Agarwala ~14 Years 5+ Years ISO27001 IA

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Largest Project / Client Project Scope/details

ISMS/ISO27001 consulting for an engineering services Security Policies, SOP, ISMS Mandatory
MNC having offices in APAC, Europe and North America documentation, risk assessment facilitation,
consulting support for control implementation,
VAPT, Customer specific requirements, ISMS
internal audits, ISMS awareness training,
external audit support. Project duration: 12
months with total project value around 20
Lakhs. Excludes logistics costs

Systems audit for a leading Small Private Bank Audit scope included CBS, ATM, Internet
Banking, Mobile Banking, SWIFT, FOREX,
TREASURY, Dealing, DEMAT, AML, ALM, NPA,
CTS, RBI and NPCI requirement, PSS, IT Act
2000 and amendments, Privacy policy, Risk
Management, IT infrastructure, DC, DR, HRMS,
Reconciliation, In-house applications, Policy
review, IT Governance, IT Strategy, OS,
Database security, BCP/DR, Payment systems,
Mobile App, Risk Assessment, SOC/SIEM,
PIM,WAF, DLP, Audit as per RBI Cybersecurity
framework, VAPT of Network, Critical desktops,
Public IP address, Applications, ISO27001
controls, Physical security. Project duration (end
to end): around 6 months with total project
value < 20 Lakhs

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Tools used Usage

Nessus Infrastructure Scanning
Burpsuite Web Application VAPT
Wireshark Infrastructure Scanning/Sniffing
WHOIS & DOM Tools DNS Foot-printing tools
Qualys SSL Web Application SSL security
WINDOWS OS TOOLS/UTILITIES In-built Windows tools/Utilities
Uniscan Web Application VAPT
Zaproxy Web Application VAPT
John the Ripper Password cracking
Hping Multi-purpose tool
Nexpose, Vulnerability Assessment
Ethereal Network Sniffing
Nmap/Zenmap Portscanning
Nikto Penetration Testing
Immuniweb Mobile App security testing
Sqlmap Penetration testing/ DB Scanner
DirBuster Directory Buster
Skipfish Web Application VAPT
WebScarab Web Application Scanning
Metasploit Penetration Testing
Netcat Multi-purpose tool
Acunetix Web Application VAPT
N-Stalker Web Application VAPT
Customized scripts/commands/OS tools Multi-purpose

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by OXYGEN CONSUTING SERVICES PRIVATE LIMITED on 26 July2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Peneto Labs Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

Peneto Labs Private Limited

Registered Office: NO.S2, GREENVILE APARTMENTS MURUGESA, NAICKEN STREET
SENTHIL NAGAR EXTN, CHROMPET, Chennai, 600044
Operation Address: Level 8 & 9, Olympia Teknos , No - 28, SIDCO Industrial Estate,
Guindy, Chennai 600032,TAMILNADU.

2. Carrying out Information Security Audits since : 2017

3. Capability to audit , category wise (add more if required)

4. Information Security Audits carried out in last 12 Months :

Govt. : 0
PSU : 0
Private : 17+
Total Nos. of Information Security Audits done :17+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 10+

Web-application security audit : 25+
Mobile Application security assessment : 5+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:
CEH: 5
SANS GPEN: 1
SANS GCIH: 1
SANS GWAPT: 1
SANS GRID: 1
OSCP: 2
OSCE: 2
OSWP: 1
CREST CRT: 1
Total Nos. of Technical Personnel :9
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. Peneto Labs Information Information security
Pvt Ltd Security
1 Parthiban Jegatheesan 3 Years 4 12 Years OSCP,OSCE,GCIH,GWAPT,
Months ISO 27001 Lead
Auditor(ISMS LA)
2 Shankar 3 Years 4 Years ISO 27001 Lead
Ramakrishnan Auditor(ISMS LA),IBM
QRadar
3 ShanmugaPriya 2 Years 2 Years CEH
4 Selvamchristober 3 Years 3 Years CEH
5 Mohamed saqib 2 Years 2 Years CEH
6 Bala Kumar 3 Years 8 Years OSCP,OSCE,CREST CRT,
OSWP
7 KarthikeyanMurugesan 1 Year 8 Years CEH,CISSP
8 MeenakshiSundaram 7 Months 1 Years CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Peneto Labs signs a non-disclosure agreement with its customers. Hence we are in no
position to share this information. Kindly contact us in this regard for customer
feedback/reference or contract requirements.

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Tool Name Description/Notes URL

Network port scanner capable of

nmap detecting open TCP and UDP ports https://nmap.org/
exposed by a system.

Linux distribution providing hacking

Kali Linux www.kali.org
tools.

Automated network vulnerability

Tenable https://www.tenable.com/products/nessus-
scanner for the fast detection of
Nessus vulnerability-scanne
security issues.

Testing suite adopted for detecting

Burp Suite
issues affecting web application and https://portswigger.net/burp/
Professional
web services.

Micro Focus
Fortiy for code review projects https://www.microfocus.com/
Fortify

Achilles, Hydra, OWASP, Mantra

IronWASP, Paros Proxy

, John the Ripper, Pwdump, Cain and

Able, Maltego, w3af , Metasploit
Community Edition

Other Tools Webinspect, Dsniff, MobSFWebScarab Available in Kali Linux

Firewalk ,NetCat ,Whisker

Hping , Wikto

HTTPrint, Nikto, Wireshark

HTTrack

Private tools, internally developed,

that are used to bypass some of the
Private Tools common security controls, and that N/A
will aid in achieving the objectives set
for the engagement.

10. utsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Peneto Labs Pvt Ltdon August 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Security Spoc LLP

1. Name & location of the empanelled Information Security Auditing Organization :

Security Spoc LLP, Level 18 Tower A,

Building No. 5 DLF Cyber City Phase III, Gurgaon, Haryana, 122002 India

2. Carrying out Information Security Audits since : 2020

3. Capability to audit , category wise (add more if required)

• Network security audit : Yes

• Web-application security audit : Yes
• Wireless security audit : Yes
• Compliance audits (ISO 27001,RBI, PCI, etc.) : Yes
• OT & IoT Security Assessment : Yes
• Mobile Application Security Testing : Yes
• Payment Gateway audit : Yes
• Privacy Impact Assessment : Yes
• Secure SDLC Review : Yes
• Source Code Review : Yes
• Cloud Security Assessment : Yes
• Data Centre and Physical Security Assessment : Yes
• Open Source Threat Intelligence : Yes
• Information Security Audit : Yes
• Cyber Security Audit : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 0
PSU : 1
Private : 15
Total Nos. of Information Security Audits done : 16

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 8

Web-application security audit : 6
Mobile-application security audit : 4
Wireless security audit : 2
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 2
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : 2
ICS/OT Audits : NA
Cloud security Audits : 2

6. Technical manpower deployed for informationsecurity audits :

CISSPs : NA
BS7799 / ISO27001 LAs : 3
CISAs : 1
DISAs / ISAs :NA
CISM: 1
CEH: 6
ECIH: 1
Crest CPSA: 1
OT Security: 2
Any other information security qualification:ECSA, OSCP, AWS Security, Azure,
Crest CPSA
Total Nos. of Technical Personnel: 12
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. Security Spoc Information Security Information security
LLP
1 Shivani Mehta 1.6 Years 3 Years ISO 27001 LI
2 Ishvaku Shukla 1.2 Year 3 Years CEH
3 Sumit Sharma 1.7 Year 8.9 Years CISM, OSCP, ISO
27001
4 Meshach 1 Year 6 Years CEH, CREST CPSA,
Marimuthu ECSA
5 Sarfuddin 1.3 Year 2 Years CEH
6 Dhruv Gupta 0.7 Year 8.5 Years ISO 27001, CEH, ECIH
7 Sachin Chauhan 0.2 5 Years CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

AWS Cloud Security Assessment for online Storage Provider:

• 18 Servers
• 1 Firewall
Number of Hosts
• 4 VPCs
Configurations
• 2 Bastion/Jump Host
• 1 VPN Server

• EC2
• S3 Bucket
• Key Management Solution
• Active Directory
Cloud Services Audited • AWS Single Sign-On
• O365 and Email Security
• NACLs and Security Groups
• AWS Cognito
• Identity and Access Management

Cloud Architecture Review • Current Architecture of Organization was audited for

Security lapses

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

• Commercial Tools:Nessus, Burp Suite

• Freeware Tools:Kali Linux, MobSF, Wireshark, Nipper, Powershell Empire, Virus Total,
Drozer, Frida & Objection, Inspeckage, APKtools, Shodan, Nmap, Metasploit, Nikto, ZAP,
Responder, ImpacketSearchsploit, Maltego, LFIsuite, SQLMAP and etc.
• Proprietary Tools:AutoPentest, ProminentX

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Security Spoc LLP on 17-Aug-2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Software Technology Parks Of India

1. Name & location of the empanelled Information Security Auditing Organization :

Software Technology Parks Of India,

1st Floor, Plate B, Office Block-1,
East Kidwai Nagar, New Delhi-110023
Website URL: http://www.stpi.in
Ph:+91-11-24628081
Fax:+91-11-20815076

2. Carrying out Information Security Audits since : January 2013

3. Capability to audit , category wise (add more if required):

Network security audit (Y/N) Yes
Web-application security audit (Y/N) Yes
Wireless security audit (Y/N) Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) ISO
27001-
Yes
Web-server security audit (Y/N) Yes
Source Code Reviews (Y/N) Yes
IT Application / ERP Audits (Y/N) Yes
IT Security & Infrastructure Audits (Y/N) Yes
Vulnerability Assessments & Pen Testing (Mobile/WebApps) (Y/N) Yes
Mobile Security Audit (Y/N) Yes

The following are in detailed list of different security services provided by STPI.

IT Audit & Compliance Services Assessment Services

• OWASP compliance Security • Web Apps Security Assessment &
audit of web applications and Vulnerability Assessment
web services
• Penetration Testing
• Infrastructure audit in • Perimeter Security Testing
compliance to Center for
• System hardening
Internet Security (CIS),
National Institute of Standards • Wireless Network Assessment
and Technology (NIST), ISMS • Host configuration review
etc. (Window, Linux, Cisco,
Juniper...)
• OWASP compliance security
audit of mobile applications • Network Product (Routers,
Switches, Firewall etc.)Security
Audit
• Malware Analysis
• Policy Gap Analysis

4. Information Security Audits carried out in last 12 Months:

Govt. :4
PSU :0
Private :3
Total Nos. of Information Security Audits done :7
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 2

Web-application security audit : 3
Desktop Configuration Audit : 1
Network Product Security Audit : 1

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 LAs : 31
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : Refer Below Table
Total Nos. of Technical Personnel : 40+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S.No. Name of Employee Associated with Experience Qualifications related to Information

STPI Since in security
Information
Security
1 Ms. Kavitha C April 2000 21+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
2 Mr. Jaya Prakash May,2001 20+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
3 Mr. N S Siddaiah January, 2000 21+ • ISMS Auditor/ Lead Auditor,
• ISO/IEC 27001 Certified ISMS
Professional (STQC-CISP),
• Certified Network Security Manager
(CNSM)
• Certified ISO 20000-1:2018
Awareness & Implementation
4 Ms.Komala.C.N September,200 16+ • Trained on Network Security and
5 VAPT by Internet Society of India
Bangalore Chapter
• Certified Software Team Lead
Program
• Trained on the following
o IMS-ISO 27001 (ISMS)
Implementation.
o IMS-ISO 27001 (ISMS)
Internal Auditor.
o Integrated Management
System Implementation ISO
9001:2008, ISO
27001:2005, ISO
20000:2011
5 Mr.Jogender Singh September,200 15+ • ISMS –LA
6 • ISMS-CISP
• Certified Network Security Manager
• CEH
• CCNA Security
• Participation Certificate for
o SANOG 26 –
Security/DNSSEC Workshop.
o Network Security VAPT
Workshop – CSI Bangalore
Chapter 2014.
o IPv6 Deployment Workshop
by APNIC 2011
o SANOG 30 – Network
security workshop 2017
o Network Security Workshop
by INNOG – 2018.
o CDAC- Vulnerability
Assessment and Prevention
Training 2021.
6 Mr. Dipak Kumar August,2008 12+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
7 Mr.Sudhakar.T September,200 16+ • ISMS –LA
5 • ISMS-CISP
• Certified Network Security Manager.
8 Mr.Jimnesh P July,2006 15+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager.
• MCP
• LAN Implementation and
Administration from NITC-IBM ACE
Centre
9 Mr.Jayateerth R November,2007 14+ • CCNA
Joshi • Participation Certificate for the
following.
o Red Hat Enterprise
Virtualization.
o IPV6 Deployment workshop.
10 Mr.Suresh Kumar J March,2008 13+ • Participation Certificate for the
following.
o Red Hat Enterprise
Virtualization.
o IPV6 Deployment workshop.
o BigData and Cyber Security
o Domain Name System (DNS)
Security
11 Mr. Achyut Dutta December,2005 20+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager.
12 Mr. Ajay S Bhosle October,2000 21+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
13 Mr. Ashish May, 1998 23+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
14 Mr.Umanath.G.B October, 2006 18+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
15 Mr. G Senthil August,2006 15+ • ISMS-CISP
• Certified Network Security Manager
16 Mr. Jitendra Kumar March,2001 21+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
17 Mr. K Kuppuraj July,2000 21+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
18 Mr. KalidindiVenkata December,2005 16+ • ISMS-CISP
Chandra Varma • Certified Network Security Manager
19 Mr. M Madhan September,200 19+ • ISMS –LA
5 • ISMS-CISP
• Certified Network Security Manager
20 Mr.Mahesh M May, 2001 20+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
21 Mr. Maneesh Kumar July,2008 13+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
22 Mr. April,2006 17+ • ISMS –LA
MayankShrivastava • ISMS-CISP
• Certified Network Security Manager
23 Mr. Nikhil Kumar Rai October,2008 17+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
24 Mr. Nitin Kumar Rai May,2011 10+ • ISMS-CISP
• Certified Network Security Manager
25 Mr.Pramodsa.MM November,2011 10+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager

26 Mr. Prafull D Patinge August,2008 13+ • ISMS –LA

• ISMS-CISP
• Certified Network Security Manager
27 Mr. Praveen Kumar August,2008 12+ • ISMS –LA
Dwivedi • ISMS-CISP
• Certified Network Security Manager
28 Mr. R Pattabiraman November,2005 16+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
29 Mr. Rahul Singh March,2011 12+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
30 Mr. Rajeeva Kumar September,200 15+ • ISMS-CISP
6 • Certified Network Security Manager
31 Mr. Rajesh Behl April,1998 25+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
32 Mr. Rajib Kr. Das September,200 15+ • ISMS-CISP
5 • Certified Network Security Manager
33 Mr. Rakesh Dubey October,2008 21+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
34 Mr. Rakesh Kumar September,200 15+ • ISMS –LA
Verma 6 • ISMS-CISP
• Certified Network Security Manager
35 Mr. Ramesh Yerukula November,2006 19+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
36 Mr. S Govindarajan February,1999 22+ • ISMS-CISP
• Certified Network Security Manager
37 Mr. November,2006 18+ • ISMS –LA
SachinVishwanathPur • ISMS-CISP
nale • Certified Network Security Manager
38 Ms. Sangeeta October,2006 14+ • ISMS –LA
Hemrajani • ISMS-CISP
• Certified Network Security Manager
39 Mr. December,2008 15+ • ISMS –LA
SoumyaRanjanMoha • ISMS-CISP
nty • Certified Network Security Manager
40 Mr. Tapas July,2005 16+ • ISMS-CISP
RanjanBarik • Certified Network Security Manager
41 Mr. V May,2008 20+ • ISMS-CISP
Ganapathieswaran • Certified Network Security Manager
42 Mr. V Viswa Sai July,2006 16+ • ISMS –LA
• ISMS-CISP
• Certified Network Security Manager
43 Mr. Veerabhadra September,200 16+ • ISMS-CISP
5 • Certified Network Security Manager
44 Mr. VIRENDRA March, 1998 23 • ISMS-CISP
SINGH • Certified Network Security Manager

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Network Infrastructure Audit: Network Infrastructure Security Audit and Assessment was
carried out for M/s All India Council for Technical Education (AICTE), New Delhi which includes
the following.

 Server Audit /OS Audit: More than 120 Servers/Desktops.

 Network Audit: w.r.t Switch, Router, Firewall, UTM/IDS/IPS/WAF/LLB/SAN, and
ADC etc.
 Configuration & Policy Audit: User Management Policy, Offline, Backup policy,
Network Policy documentation audit etc.
 Client Audit: Anti-Virus, Desktop (i.e.Service Packs and Security Updates,, Auditing
and Account Policies, Security settings, Available services, File system and
permissions, Administrative templates, Network configuration, Windows components
and Standard Software check etc.), Group Policy etc.

Web Application Security Audit:Web application Security Testing against OWASP Top 10
standards was carried out for the following Customers.
 Central Institute of Temperate Horticulture (CITH)
 Office of the Accountant General (A & E) Karnataka.
 Bangalore Metro Rail Corporation Ltd(BMRCL), Bengaluru

Desktop Configuration Audit:Desktop configuration audit for M/s Technacle IT Services Pvt.
Ltd, Bengaluru which are hosted on AWS cloud.

Network Product Security Audit:Security audit along with malware analysis has been carried
out for Metro Ethernet Ring (MER) Switch of the customer M/s. Tejas Networks, Bengaluru.

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Freeware Commercial
1. Zapproxy • Burpsuite Professional
2. Nmap • Acunetix
3. Nikto • HCL AppScan
4. Sqlmap
5. Kali Linux
6. Sslscan
7. Arachni
8. Dirbuster
9. Fimap
10. Cain and Abel
11. Hydra
12. Httprint
13. Wapiti
14. Curl
15. Airmon-ng
16. Greenbone Security
Manager(GSM)
17. Openvas
18. Nipper
19. Lynis
20. MBSA
21. Vega
22. Paros
23. John the Ripper
24. Shcheck
25. nmapAutomator, etc.

10. Outsourcing of Project to External Information Security Auditors / Experts : NA(If yes,
kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : NA

12. Whether organization is a subsidiary of any foreign based organization? :NA

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any :No

Lead centre for all other STPI centers and Security Audit Certificate Issuance
Centre

Software Technology Parks of India (STPI)

No.76 & 77, 6th Floor, Cyber Park, Electronic City,
Hosur Road, Bengaluru - 560100 Karnataka

STPI Jurisdictional Directors Registered Offices Locations in India with complete address
Name of Address for Communication Contact Number
Jurisdiction

Noida Ganga Shopping Complex, 91-120-2470502,

Sector-29, Noida - 201303 Uttar 2470403
Pradesh
Bengaluru No.76 & 77, 6th Floor, Cyber 080-66186000-6007
Park, Electronic City, Hosur Road, 91-80-28521161 (Fax)
Bengaluru - 560100 Karnataka
Hyderabad 6Q3, 6th Floor, Cyber Towers, 91-40-23100502
Hitech City, Madhapur,
Hyderabad - 500081Telengana
Pune Plot No.P-1, Rajiv Gandhi Infotech 91-20-22981000
Park, MIDC, Hinjawadi, Pune -
411057 Maharashtra
Guwahati Near L.G.B.I Airport, Borjhar, 91-361-2841269,
Guwahati - 781015 Assam 2841374
Bhubaneswar STPI ELITE Building, IDCO Plot 0674-2623000
No.2/A, Industrial Area,
Gothapatna, Post-Malipada,
District-Khurda, Bhubaneswar-
751003
Chennai No. 5, III Floor, Rajiv Gandhi 91-44-39103525
Salai, Taramani, Chennai -
600113 Tamilnadu
Gandhinagar 9th floor, GIFT One Tower, Block- 91-79-66748531,
5C, Zone-5, GIFT City, 66748532
Gandhinagar-382355 (Gujrat)
Thiruvananthapuram C-21, Thejaswini Building, 91-471-2700707
Technopark Campus, Karyavttom,
Thiruvananthapuram – 695581
Kerala

*Information as provided by Software Technology Parks of India on 28.07.2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Sumeru Software Solutions Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

M/s Sumeru Software Solutions Private Limited

1st Floor "Samvit",
Near The Art of Living International Center,
21st KM Kanakapura Main Road,
Udayapura, Bangalore – 560082
Karnataka, India

2. Carrying out Information Security Audits since : January 2002

3. Capability to audit , category wise (add more if required)

4. Information Security Audits carried out in last 12 Months:

Govt. : 15
PSU : 29
Private : 140
Total Nos. of Information Security Audits done : 184

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit: 82

Web-application security audit: 52
Source Code Review- 26
Cloud Security Assessment: 20
Compliance audits (ISO 27001, PCI, etc.): 8

6. Technical manpower deployed for information security audits :

CISSPs : 1
BS7799 / ISO27001 LAs : 1
CISAs : 1
DISAs / ISAs : NA
CEH- 2
OSCP- 1
GPEN-1
GREM-1
GMOB-1
CIPR-1
Total Nos. of Technical Personnel : 16

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Duration Qualifications
Experience in
S. Name of with Sumeru related to
Information
No. Employee Software Information
Security
Solutions security
1 Sandeep Erat 18.3 Years 18.3 Years CISA, CRISC
2 Rajeev 16.3 Years 16.3 Years ISO 27001 LA
3 Shashank Dixit 13 Years 13 Years OSCP, CISSP
Sengoda Krishna GPEN, GREM, GMOB,
4 13 Years 13 Years
Kumar eCPPT, eWPT
ISO 27001 LI, BS
10012 LI, HP ArcSight
5 Ajan Kancharla 5.3 Years 8.4 Years
Administration, CIPR,
CEH, PIMS GDPR
6 Siva T 5.10 Years 9.2 Years -
7 Snehan 3 Years 3 Years -
Dhwani R.
8 3 Years 3 Years CEH
Girwalkar
9 Madhavan M 2.4 Years 2.4 Years -
10 Kavinkumar R 2 Years 2 Years -
11 Prasath R 2 Years 2 Years -
12 Muthuselvan B 2.4 years 2.4 Years -
13 Amritha S 2 Years 2 Years -
14 Nandakumaran 2.4 Years 2.4 Years -
15 Thilakesh M 2.4 Years 2.4 Years -
16 Swetha 2.4 Years 2.4 Years -

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Sumeru Software Solutions Private Limited is providing Cyber Security services for the last 20+
years for various clients including large public sector organizations, and State government
departments in India. As part of our services we perform end to end design implementation,
review and operations services across various aspects of Cyber security.

Project Value (s): Confidential

Project Details

S. No Project Scope of Work Location

Web Application Assessment

Mobile Application
1 Private Sector bank Assessment, Secure Code Bangalore
Review, Network Assessment
and ISMS implementation.

Web Application Assessment

Mobile Application
2 Fintech Company Assessment, Secure Code Hyderabad
Review, Network Assessment
and ISMS implementation.

Nonbank Financial Companies Red Team Assessment, VAPT

3 Mumbai
(NBFCs) Threat Hunting

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Freeware Commercial

• Nmap • Nessus
• Nikto • Burpsuite
• Netcat
• Metasploit
• Sqlmap
• Kali Linux
• Dirbuster
• Wireshark
• John the Ripper
• Visualcodegrepper
• Bandit
• Apktool
Freeware Commercial

• dex2jar

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any: Yes

Subsidiary Company Address:

Sumeru Solutions Inc.
4000 Legato Road Suite 1100
Fairfax, VA 22033 US

* Information as provided by Sumeru Software Solutions Private Limited on 19/01/2022

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s AURISEG CONSULTING PRIVATE LIMITED

1. Name & location of the empaneled Information Security Auditing Organization :

AURISEG CONSULTING PRIVATE LIMITED

Registered Office Address : No 81, Maveeran Duraiswamy Street, Poonga Nagar,

Thiruvallur 602001, Tamilnadu

Postal Address : A4 Tower, Door No 8A, Olympia Grande, GST Road, Pallavaram,
Chennai 600043

2. Carrying out Information Security Audits since : <2014>

3. Capability to audit , category wise (add more if required)

• Network security audit Yes

• Web-application security audit Yes
• Wireless security audit Yes
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) Yes
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) Yes
• ICS/OT Audits Yes
• Cloud security Audits Yes
• Social Engineering Assessment / Phishing Simulation : Yes
• Red Teaming : Yes
• Mobile and API Security Audit ; Yes
• Forensics/Incident response/Compromise Assessment : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : Nil
PSU : 4
Private : 30
Total Nos. of Information Security Audits done : 34

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 10+

Web-application security audit : 25+
Wireless security audit : 2+
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 4+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : 5+
ICS/OT Audits : 2+
Cloud security Audits : 8+
Secure Source Code Review : 10+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 2
BS7799 / ISO27001 LAs : 2
CISAs : 2
DISAs / ISAs : <number of>
Any other information security qualification: CEH, PenTest+, CISC and
CISM,CREST-CPSA,OSCP and ECSA.
Total Nos. of Technical Personnel : 15+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. No. Name of Duration with Experience in Qualifications related

Employee <organization> Information Security to Information security
1 Srinivasan M.S 6.5 Years 15 Years CISSP,CISA,CISM, OSCP,
CREST-CPSA and CDPSE
2 Giri V.V 2 Years 15 Years CISSP,CISM,OSCP & ISO
27001 LA
3 Sudhakar 3.5 Years 4 Years CEH
Rajendran
4 Jeyarajan 5 Years 12 Years MCSE
5 Umashankar 2 Years 7 years CEH
6 Prasanna 01 Years 12 Years AWS Security Certified –
Gurumurthi Specialty
7 CIBI Soorya 01 Years 02 Years CEH
8 Stephan 01 Year O1 Years
9 Gurpreet kaur 01 Year 01 Year CISC
10 Swetha lakshmi 06 months 01 Year CEH
11 Sunil Modhave 6 Months 20+ Year CISA,ISO 27001 Lead
Auditor
12 Hari Boopathi 2 Years 4 Years CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value. It is covered following various activities

1. ISO 27001: 2013 Implementation

2. External Penetration Testing
3. Web Application Security Testing
4. Source Code Review
5. Security Configuration Review
6. Deep Web /Dark Web Scanning
7. Red Teaming Exercise
8. SDLC Process and Procedure
9. Incident Management Table -Top Exercise
10. Threat Hunting/Incident Response/ Compromise Assessment
11. Network Devices Configuration Review / Architecture Review

Project Assessment Value

Life Sciences group Vulnerability Assessment and Project Value <40 lakhs
Penetration Testing
Automotive Group Application Security Audit
IT Industry Application Security Audit
Embedded Systems Internal Vulnerability
Industry Assessment and Penetration
Testing
Financial Services OS hardening and Policy
Compliance check

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

S. No Tools List Commercial/Open

Source/Freeware
1 Burp Suite Commercial Version

2 Tenable Nessus Professional Commercial Version

3 Kali Linux Open Source

4 MobSF Open Source

5 FRIDA Open Source

6 Objection Open Source

7 OWASP ZAP Open Source

8 Wireshark Open Source

9 Cain & Able Open Source

10 SQL Map Open Source

11 Prowler – AWS Security Audit tool Open Source

12 Metasploit Open Source

13 Vooki DAST Open Source

14 Exploit DB

15 Customized Scripts

16 Nikto Open Source

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by <AuriSEG Consulting Private Limited on 24/07/2021.

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Nangia & Co LLP

1. Name & location of the empanelled Information Security Auditing Organization :

Nangia & Co LLP,

A-109, Sector 136, Noida 201301, India.

2. Carrying out Information Security Audits since : 2017

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 2+
PSU : 3
Private : 25+
Total Nos. of Information Security Audits done : 35+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 5+

Web-application security audit : 5+
Wireless security audit : 2+
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 8+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : 2+
ICS/OT Audits : 2
Cloud security Audits : 2

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 1
BS7799 / ISO27001 LAs : 5
CISAs : 8
DISAs / ISAs : 2
Any other information security qualification : 10
Total Nos. of Technical Personnel : 16

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related

No. <organization> Information Security to Information security
1 Shrikrishna Dikshit 1.10 Years 18 years CISA, CISM, CDPSE,
CBCP, CEH, BS7799 LA
2 Pushpendra 1.9 Years 16 Years ISO 27001 LA
Bharambe
3 Asif Balasinor 1.10 Years 9 Years CISSP, OSCP, CEH,
AWS Certified Solutions
Architect - Associate
4 Aditya Thontakudi 1.8 Years 6 Years CISA
5 Karan Pandya 1.8 Years 6 Years CISA
6 Sahil Khan 1.7 Years 2 Years CEH
7 Nitin Bhojankar 1.10 Years 6 years CISM, CCNA, CCNP,
ISO 27001 LA,
8 Rachit Shukla 0.2 Years 10 Years CISM, ISO 27001 LA

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

• Systems Audit for a leading company & it’s subsidiaries in India rendering
guaranteed clearing and settlement functions concerning transactions in G-Secs, money,
derivative markets, and foreign exchange.

Project Value < INR 15 Lakhs

• Business Continuity & Disaster Recovery Review for a leading Media & Entertainment
company in India

Project Value < INR 10 Lakhs

• Application Security Assessment, Vulnerability Assessment & Penetration Testing for a

leading Media & Entertainment company in India

Project Value < INR 10 Lakhs

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial Tools:

• Nessus

• Acunetix

• Burp-Suite

• Netsparker

The above list of tools is indicative.

Freeware Tools:

• Xprobe

• Dnssecwalker

• Tcpdump/tcpshow

• Dsniff

• Ettercap

• Ethereal

• Fping/ Hping

• Queso

• Nmap

• SuperScan

• Netwag

• Firewalk

• Q-Tip

• SQLMap
• Jack the Ripper

• NGS SQLCrack

• HydraCain and Abel

• Metasploit

The above list of tools is indicative.

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No

( If yes, kindly provide oversight arrangement (MoU, contract etc.)) NO

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No NO

12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No NO

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes/No NOT APPLICABLE

*Information as provided by Nangia & Co LLP on 26thJuly 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Panacea InfoSec Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization:

Panacea InfoSec Pvt. Ltd.,

226, Pocket A2, Sector 17, Dwarka, New Delhi - 110075

2. Carrying out Information Security Audits since : 2012

3. Capability to audit, category wise (add more if required)

: YES
AEPS security audit
API Security audit : YES
Application and Network Security architecture audit : YES
Black Box PT : YES
Finance Sector Audits (Swift, ATMs, API, Payment Gateway
: YES
etc.)
Cloud Security Architecture audit : YES
Cloud security Audits : YES
ICS/OT Audits : YES
Scada Security Testing : YES
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI,
: YES
etc.)
Cyber Forensics : YES
Docker VAPT : YES
HIPAA audit : YES
Information Security Policy Formulation & Assessment : YES
Kiosks system security testing and audit : YES
Microservices security testing : YES
Mobile Application Security Audit : YES
Network security audit : YES
Payment Switch security testing and audit : YES
POS application security testing and audit : YES
POS Device Security testing and audit : YES
RBIPSS audit : YES
Red Team Test : YES
Secure Code Review : YES
Segmentation PT : YES
Server/Device Configuration Review : YES
Server/Device Hardening Review : YES
Thick Client Application security testing & audit : YES
Web-application security audit : YES
Wireless security audit : YES
SIEM/SOC Implementation : YES

4. Information Security Audits carried out in last 12 Months:

Govt. : 12
PSU : 5
Private : 400+
Total Nos. of Information Security Audits done : 3000+
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

AEPS security audit : 15+

API Security audit : 105+
Application and Network Security architecture audit : 5+
Black Box PT : 20+
Finance Sector Audits (Swift, ATMs, API, Payment
: 25+
Gateway etc.)
Cloud Security Architecture audit : 7+
Cloud security Audits : 36+
ICS/OT Audits : 3+
Scada Security Testing : 2+
Compliance audits (ISO 27001, IEC 62443, IEC 27019,
: 340+
PCI, etc.)
Cyber Forensics : 2+
Docker VAPT : 140+
HIPAA Audit : 9+
Information Security Policy Formulation & Assessment : 125+
Kiosks system security testing and audit : 16+
Microservices security testing : 25+
Mobile Application Security Audit : 215+
Network security audit : 800+
Payment Switch security testing and audit : 18+
POS Device & Application Security Testing : 30+
RBIPSS audit : 20+
Red Team Test : 6+
Secure Code Review : 170+
Security Architecture : 6+
Segmentation PT : 350+
Server/Device Configuration Review : 650+
Server/Device Hardening Review : 550+
Thick Client Application security testing & audit : 145+
Web-application security audit : 460+
Wireless security audit : 21+
SIEM/SOC Implementation : 15+

6. Technical manpower deployed for information security audits:

CISSPs : 1
BS7799 / ISO27001 LAs : 9
CISAs/CISM : 4
DISAs / ISAs : 0
CEH/OSCP/ECSA/CCNA : 20
Any other information security qualification : 25
Total Nos. of Technical Personnel : 65+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Below are some of resources details.

S. List of Duration Experience in Qualifications related to Information

NO. Employees with Panacea Information Security security
CISSP, PCI QSA, PCI 3DS, PCI ASV,
1 Ajay Kaushik 9 Years 17+ years
CISM (2010-2016)
2 Jitender Khanna 7+ Years 17+ years PCI QSA, ISO 27001-LA
3 Chandani Mishra 4+ Years 10+ years B.Tech, MSCLIS, CEH, OSCP, PCI ASV
B.Tech, MSCLIS, PCI QSA, PCI QPA,
4 Himanshu Mishra 3+ Years 10+ years
ISO 27001-LA, ISO 27001-LI
PCI QSA, PCI QPA, PCI SSLCA, SWIFT
5 Akshay Ahuja 5+ year 5+ years
CSCF, ISO 27001 LA & LI
B.Tech, MSCLIS, AWS Security
Manmohan
6 5+ year 9+ years Specialist, Certified In defend (DLP),
Swarup
Juniper Network Security SPIRING
CISM, CISA, CCNA, CCNA(S), PCI
7 Sammy Njeru 4+ Years 12+ years
QSA
PCI QSA, LA 27K:2013, LA 25999,
Syed Faiyaz
8 4 years 16+ years MCSE+I, MCA, M.Sc. in computer
Hussain
science
9 Vipul Arya 3+ Years 8+ years LA-ISO27001
10 Ankita Singh 3+ Years 3+ Years B.Tech, M.Tech, eWPTX, ECSA
Bikash K
11 3+ Years 3+ Years B.Tech, OSCP, CEH
Rouniyar
12 Devendra Bhatla 3+ Years 3+ Years B.Tech, OSCP, CEH
B.Tech, CEH, PGDA in Wireless,
13 Jatin Kumar 3+ Years 7+ years
CompTIA CySA+
14 Kriti Vaid 3+ Years 3+ years B.Tech
Kailash D
15 4+ Years 4+ years B.Tech, MSCLIS, PCI QSA
Agrawal
Nehanshu S
16
Chauhan 5+ year 5+ years PCI QSA, ISO 27001 LI
17 Prabhat Hudda 1.5 Years 1.5 Years B.Tech, CEH, Pentest+
Sanat Kumar
18 4+ Years 4+ years B.Tech, PCI QSA
Dwivedi
Raghvendra
19 3+ Years 3+ years B.Tech
Shukla
20 Pariskhit Prasad 1 Year 5+ Years B.Tech, MSCLIS, CEH OCA ,OCP
21 Rajat Shirish 1 Year 3 Years B.Tech, ISO 27001 LA
Shubham
22 3+ Years 3+ Years B.Tech, eCPTX, ECSA
Vashisht

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

1. One of overseas Leading Public/Private-Sector Banks - PCIDSS Compliance,

Managed Services (Quarterly, Annual), Secure Code Review, Application Security
Assessment
2. One of Largest BPO (Global) - PCIDSS Compliance, Managed Services (Quarterly,
Annual)
3. One of India’s Leading Aviation Companies – PCIDSS Compliance, Application
Security Assessment, Infrastructure Security Assessment
4. One of India’s Leading FMCG Companies – PCIDSS Compliance, Application Security
Assessment, Infrastructure Security Assessment, Consulting for ISO 27001
Implementation
5. One of Leading Telecom Service Provider – PCIDSS Compliance, Application
Security Assessment, Infrastructure Security Assessment, Consulting for ISO 27001
Implementation
6. One of India’s Leading Payment-Switch Companies – PCIDSS Compliance, RBIPSS
Audit, Application Security Assessment, Infrastructure Security Assessment
7. One of India’s Leading Public/Private-Sector Banks - PCIDSS Compliance, RBIPSS
Audit, Managed Services (Quarterly, Annual), SIEM Service, Secure Code Review,
Application Security Assessment, Consulting for ISO 27001 Implementation
8. One of India’s Leading e-commerce platform - PCIDSS Compliance, Managed
Services (Quarterly, Annual), SIEM Service, Secure Code Review, Application Security
Assessment

Project Value: Confidential

Maximum Count handled under Single project:
No. of Systems (Server, Desktops, Network Devices) Scanned: 87,000
No. of Applications: 80

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Tool License Type Purpose

Burp Suite Pro Licensed Application Security Testing
Nessus 5 Pro Licensed Vulnerability Assessment
Qualys Guard Licensed Network and Application VA
Qualys Container Security Licensed Container/Docker Vulnerability Assessment
Rapid7 Insight VM Licensed Vulnerability Assessment
AppUse 4.3 Open source Mobile Application Pen Test
MobSF Open source Mobile Application Pen Test
Echo Mirage Open source Network Proxy
Kali Linux Rolling Edition Open Source VAPT
Nipper Open Source Network Configuration File
Nmap Freeware Port Scanner
SoapUI Freeware Web Services
Helix3 Freeware Computer Forensics
Oxygen Forensic Suit Commercial Mobile forensic
ProDiscover Forensic Commercial Computer Forensics
Rapid 7 Metasploit Community N/W and Application Pen Test

10. Outsourcing of Project to External Information Security Auditors / Experts: No

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes

Multiple Partners in multiple countries. We can only share information if Cert-IN

assures that this would not be published publicly.

12. Whether organization is a subsidiary of any foreign based organization? No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any: Yes

Panacea InfoSec Kenya Limited

PO.BOX 10608 00400 NBI,
Nation Center Kimathi ST,
Nairobi, Kenya

*Information as provided by Panacea InfoSec Pvt. Ltd. on 01-September-2021.

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Varutra Consulting Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

Varutra Consulting Private Limited

II floor, West Wing, Marigold Premises, Marisoft III,
Kalyaninagar Pune 411014, Maharashtra, India

2. Carrying out Information Security Audits since : 2012

3. Capability to audit , category wise (add more if required)

• Network Vulnerability Assessment and Penetration Testing -(Y/N) : Yes

• Network and Application Security Architecture Review-(Y/N) : Yes
• Red Team Assessment-(Y/N) : Yes
• Deep and Dark Web Assessment- (Y/N) : Yes
• Wireless Penetration Testing-(Y/N) : Yes
• AWS, Firewall, Network Devices and Server Configuration Audit- (Y/N) : Yes
• Application (Web + Mobile) Security Assessment and Penetration Testing-(Y/N) : Yes
• Application (Web + Mobile) Source Code Review-(Y/N) : Yes
• Application Threat Modeling-(Y/N) : Yes
• API Penetration Testing- (Y/N) : Yes
• Secure Development Lifecycle Consultancy -(Y/N) : Yes
• Cloud Security Testing(Application & Network, Cloud platforms
-AWS, Oracle, Google, Azure)-(Y/N) : Yes
• Software Product Reverse Engineering-(Y/N) : Yes
• IoT Security Testing -(Y/N) : Yes
• Social Engineering and Phishing Diagnostic-(Y/N) : Yes
• Process Consulting (ISO 27001, , Virtual CISO) –(Y/N)
RBI SAR, Regulatory audit as per guidelines by RBI, IRDA, SEBI, UIDAI etc Audits:Yes
• Virtual CISO Consulting (Y/N) : Yes
• Compliance Audits( SOC 1 & SOC 2 Audits, PCI-DSS Audits, IT Security Audits) :Yes
• Managed Security and SOC Services, C-SOC -(Y/N) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : <number of> : 20+

PSU : <number of> : NA
Private : <number of> : 460+
Total Nos. of Information Security Audits done : 480+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 107+

Web-application security audit : 210+
Source Code Review : 20+
Network Devices/Firewall Secure Configuration Audit : 40+
Mobile Application Penetration Testing : 40+
API PenTesting : 20+
Compliance audits (ISO 27001, RBI SAR Audits, etc.) : 7+
Other(Server Technical Audits, Application & Network Security Architecture Review,
Secure SSDLC Consulting ) : 20+
Red Team Assessment :2
Skill Staff Augmentation : 6+
6. Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 LAs : 6
CISAs : 3
DISAs / ISAs : NA
Any other information security qualification : 20+
Total Nos. of Technical Personnel : 45+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. Varutra Information Security Information security
1 Consultant 1 7 years 7 years Masters in IT, Certified
Ethical Hacker, ISO
27001 – Lead Auditor
2 Consultant 2 1.9 years 2 .9 years ISO 27001 – Lead
Auditor
3 Consultant 3 1 years 5 years CEH, ISO 27001, NSE 1,
NSE 2, AWS security
fundamentals and
CNSS,CISA
4 Consultant 4 3.9 years 3.9 years BE (Computer Science),
Certified Ethical Hacker
5 Consultant 5 3.4 years 3.4 years CEH v9, AWS Security
Fundamentals
6 Consultant 6 1.6 years 1.6 years BE (Computer Science),
Certified Ethical Hacker
7 Consultant 7 1.9years 2.9 years CEH
8 Consultant 8 3 years 1.3 years BSc Computer Science)
CISC, CPH, CPFA
9 Consultant 9 7 months 8.5 years BE, CEH
10 Consultant 10 1 year 5.4 years CEH and Security+
Certifications

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

1. Application and Network Security Testing: Conducted Security Assessment for 17+
applications and 560+ IP addresses for one of the leading global provider of software
engineering and IT consulting services headquartered United States.

2. Application and Network Security Testing: Activity involved Network Penetration

Testing for 270 IP addresses, Application Penetration Testing for 28+ applications, IPS
and IDS diagnostic review, conducting DOS attack for Multinational Corporation that
provides business consulting, information technology and outsourcing services globally.
Reported several High to Low severity vulnerabilities along with the detailed reports.

Complexity: The complexity was high for testing the large number of applications and IP
addresses having various types of platforms, services, application hosted in the
infrastructure of the client globally. Discovered several High to Low severity
vulnerabilities along with the detailed reports.
Cost: Confidential
Category: Private
3. External Network Penetration Testing: Conducted External Network Pentest on the
Cloud and On premise devices ,servers for one of the leading software company.
Complexity: Scope of IP address addresses 500+,found High to Low severity
vulnerabilities and provided guidance to client to get the remediation done in time.
Cost: Confidential
Category: Private

4. Managed ISMS Consulting: Performing ISMS Consulting, management, improvisation

and for one of the largest manufacturer organization in India for all locations, plants &
offices across India and assist client in being secure and compliant to CIA triad.

Complexity: Scope of work for all plants, locations and vast infrastructure in scope.
Duration of project 1 year.
Cost: Confidential
Category: Private

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial Tools

Vulnerability Assessment & Penetration Testing – Rapid 7 Nexpose, Nessus

Professional, Firesec etc.

Application Security Assessment - Burpsuite, Acunetix WVS etc.

Freeware Tools

Vulnerability Assessment & Penetration Testing – Nessus, Nmap, OpenVAS, MBSA,

Nipper, KaliLinux, AirCrack, Helix (Forensics) etc.

Application Security Assessment – W3af, Nikto, BurpSuite, FireBug, SQLMap, N-

Stalker, WebScarab, Powerfuzzer, AppSpider, IBM Appscan, HP WebInspect etc.

Proprietary Tools

MASTS - Mobile Application Security Testing Suite: Security Testing Suite for android
mobile applications.

MVD-Mobile Vulnerability Database, provides mobile operating system level vulnerabilities

for Android, iOS, Blackberry and Windows platforms.

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes

We have partnered with various international security solutions which we are reselling:
1. HP Fortify
2. IBM Qradar
3. Burp Suite
4. Rapid7

12. Whether organization is a subsidiary of any foreign based organization? : Yes

If yes, give details

Varutra Consulting P. L. is a part of Infoshare Systems Inc, since October 2018. Varutra operates
the business as single entity as Private Limited company and is a subsidiary entity of Infoshare
Systems Inc.

13. Locations of Overseas Headquarters/Offices, if any : Yes

1. California:- Head Office- Infoshare Systems Inc, 26040 Acero, Suite 111, Mission Viejo,
CA, USA – 92691 Contact Number: (714) 606 0005
2. Branch Office in US : - 9505 East 59th Street Suite # B, Indianapolis In 46216, Telephone :
317-986-4928

*Information as provided by Varutra Consulting Private Limited on 26-07-2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Information Security Management Office (ISMO)

1. Name & location of the empanelled Information Security Auditing Organization:

Information Security Management Office (ISMO),

Department of Information Technology Electronics & Communication, Haryana,
SCO No. 109-110, First Floor, Sector-17-B, Chandigarh – 160017
https://haryanaismo.gov.in, email: [email protected]

2. Carrying out Information Security Audits since : 2014

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
• Penetration Testing : Yes
• Vulnerability Assessment : Yes
• Information security policy review and assessment
against best security practices : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 72
(Application under Security Audit at present : 34+
PSU : 5
Private : 0
Total Nos. of Information Security Audits done : 77

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 0

Web-application security audit : 77
Wireless security audit : 0
Compliance audits (ISO 27001, PCI, etc.) : 0

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 LAs : 3
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 06
(CEH)
Total Nos. of Technical Personnel : 7

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration Experience in Qualifications related to

No. Employee with ISMO Information Security Information security
(DITECH)
1 Amit Kumar 7 years 3 7 years 3 months ISO 27001 (ISMS) LA, CHFI,
Beniwal months (17+ years of total IT CEH v10, STQC (CISP),
experience) MCITP, MCTS, Cyber Law
2 Pardeep Singh 7 years 7 years ISO 27001 (ISMS) LA, CEH
(12+ years of total IT v10, STQC (CISP), CCNA,
experience) CCNA (Security), MCP
3 Vinay Kinger 2 years 2 years CEH v10, RHCSA, B.Tech
(8+ years of total IT
experience)
4 Parveen Kumar 2 years 2 years CEH v10, B.Tech
(7+ years of total IT
experience)
5 Amit Kumar 2 years 2 years CEH v10, Fortinet NSE 1 & 2,
Chawla (7+ years of total IT JNCIA, B.Tech
experience)
6 Sudipta 2 years 2 years10 months B.E. (Electronics), PGDM (IIM
Choudhury (22 + years of total IT Bangalore), PMP, ITIL V3,
experience) CEH v10,
7 Sanjay Singh 9 months 6 years3 months ISO 27001 (ISMS) LA,Six
Kuntal (12 + years of total IT Sigma White Belt
experience) Certification, CCNA, B.E.
(Electronics&Communication),
Fortinet NSE 1 & 2

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Information Security Audit of Hospital Management Information System (HMIS) called

‘e-Upchaar’ of State Health System Resource Centre, Health Department Haryana.
Number of User Roles : 58
Number of Modules : 24
Application Pages : 4216
Complexity : Medium
Location : Panchkula, Haryana
Project Value : Not Available

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Commercial Tools:
• Burp Suite Professional
• Netsparker Consultant Edition
• Nessus Professional
• Core Impact
Freeware/Open Source Tool:
• Nikto • NMAP
• OWASP ZAP • Sqlmap
• DIRB • Nipper-ng
• Wireshark • Test SSL
• Metasploit • Aircrack-ng
• Toolsavailable with Kali Linux

10. Outsourcing of Project to External Information Security Auditors / Experts : No (If yes, kindly
provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? : No

If yes, give details

12. Whether organization is a subsidiary of any foreign based organization? : No If yes, give
details

13. Locations of Overseas Headquarters/Offices, if any : No

Note: Information provided by Information Security Management Office (ISMO), DITECHason 27

July 2021.

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Risk Quotient Consultancy Private Limited

1. Name & location of the empanelled Information Security Auditing Organization ::

Risk Quotient Consultancy Private Limited,

Unit 9, Building No:2, Sector 3, Plot No: 1,
Millennium Business Park, Mahape, Navi Mumbai, 400701

2. Carrying out Information Security Audits since : 2012

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) - Y

• Web-application security audit (Y/N) - Y
• Wireless security audit (Y/N) - Y
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) - Y
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N) Y
• ICS/OT Audits (Y/N) Y
• Cloud security Audits (Y/N) Y

4. Information Security Audits carried out in last 12 Months :

Govt. : 0
PSU : 0
Private : 16
Total Nos. of Information Security Audits done : approx. : 100+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit: 2

Web-application security audit: 7
Wireless security audit: 2
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): 24
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.): 1
ICS/OT Audits: 0
Cloud security Audits: 4

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 2
BS7799 / ISO27001 LAs : 8
CISAs : 3
DISAs / ISAs : 0
Any other information security qualification:CEH, CISM, CSOC, CCSK, ISO 22301
Total Nos. of Technical Personnel : 15

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related

No. Employee <organization> Information Security to Information security
1 Chaitanya Kunthe 10 years 16 Years CISSP,CISA,(CBCP),
Diploma in Cyber
Laws, Digital Evidence
Analyst, ISO 27001 -
2013 LA,ISO 22301 LA
2 Deepanjali 6 Years 10 Years ISO 27001:2013 LA
Chaitanya Kunthe Certified,ISO 22301 LA
Certified
3 Trupti Desai 8 Years 13 Years ISO 27001 LA,ISO
22301 LA,BCP/DR,
PCIDSS
4 Jerin Jose 5 years 5 years CEHv8,ISO 27001 LA,
ISO 22301 LA, CCSK
5 Atique Ur Rahman 3 Years 4 Years CEHv9,ISO
Shaikh 27001:2013 LA,
Trained on Red Hat
6 Shoba 2 months 16 Years ISO 27001:2013 LA,
Govindarajan ISO 22301 LA , CISA,
CISSP
7 Nandini 6 months 6 Months ISO 27001:2013 LA,
Srivastava Master of Cyber Law
and Information
Security
8 Shweta Kumari 6 months 2 Years Master in Cyber Law
and Information
Security
9 Shakti Mohanty 1 Year 30 Years CISA,CISM,PMP

10 Apoorv Dubey 2 Years 7 Years ISO 27001:2013 LA

11 Srikanth Appala 1 year 1 year BSc. – Forensic
Science, CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Large Capital Market broker – Ensuring that information security, cyber security and business
continuity controls are implemented, monitored and maintained for 7 locations across India.
Managing the audit calendar and auditing of 700+ IT general controls through the year.
Project value – INR 60 Lakhs

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Technical assessment tools-

Nessus, Burp suite, Kali Linux, Proprietary scripts, SonarQube, Fortify etc.
Audit and assessment tools -
Raven (proprietary audit tool), 4Phish (proprietary ethical phishing tool developed internally),
4CEE (proprietary risk management tool), 4Sure (proprietary risk scoring tool for cyber
insurance companies)

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes - Contract

( If yes, kindly provide oversight arrangement (MoU, contract etc.)) – The contracts are agreed
upon on per project basis as and when required

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : Yes

If yes, give details - Risk Quotient Private Ltd, 205 Balestier Road, 02-06, The Mezzo,
Singapore 329682

13. Locations of Overseas Headquarters/Offices, if any : Yes

Risk Quotient Private Ltd, 205 Balestier Road, 02-06, The Mezzo, Singapore 32968

*Information as provided by Risk Quotient Consultancy Private Limited on 27 July 2021.

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s CyberSRC® Consultancy LLP

1. Name & location of the empanelled Information Security Auditing Organization :

CyberSRC® Consultancy LLP,

Address: Unit 605, 6th floor, World Trade Tower Sector 16, Noida, Uttar Pradesh-
201301 .
Contact Person: Vikram Taneja, CEO and Managing Director
Email id: [email protected]

2. Carrying out Information Security Audits since : 2018 onwards

3. Capability to audit , category wise (add more if required)

• Network security audit - Yes

• Web-application security audit - Yes
• Wireless security audit - Yes
• Cloud Security Audit - Yes
• Mobile Application Security Audit - Yes
• Compliance audits (ISO 27001,IEC 27019 PCI, etc.) - Yes
• System& IT Audits - Yes
• SOX & ITGC Testing - Yes
• Data Protection Audit (GDPR and others) - Yes
• Data Localization Audit - Yes
• Social Engineering Test - Yes
• Secure Code Review - Yes
• Data Center Security Audit & Assessment - Yes
• External Threat Intelligence - Yes
• Database Security Audit & Assessment - Yes
• Risk Assessments - Yes
• SCADA VAPT - Yes
• IOT Security Testing - Yes
• Honeypot Security As Service - Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 0
PSU : 0
Private : 100+
Total Nos. of Information Security Audits done : 100+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

6. Technical manpower deployed for informationsecurity audits:

BS7799 / ISO27001 LAs : 4

CISAs : 1
CEH/ CCNA/App Security/CNSS : 6
Python Scripting& Tool development : 1

Cloud Security : 1
Total Nos. of Technical Personnel : 13
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. CybeSRC Information Security Information security
1 Vikram Taneja 3.7 Years 11.7 Years CISA, CEH, CIPM,
COBIT, ISO 27001 LA,
ISO 27701
Implementer, certified
GDPR practitioner, ITIL
V3(f) certified, 6 Sigma
(Green belt) certified.

Trained on GRC
Platform RSA Archer.
2 Anshul Ghildiyal 1.7 yrs 2.5+ yrs ISO270001 LA, B.tech
LLB (Specialization
Cyber Law)

Trained in AWS
Security Fundamentals
and Compliances
3 Barun Agarwal 1.2 yrs 2.0+ yrs ISO270001 LA, CEH,
B.tech LLB
(Specialization Cyber
Law),

Trained in AWS
Security Fundamentals
and Compliances,
Fortinet’s NSE 1 & NSE
2 Network Security
Associate
4 Rishabh Bhowmick 8+ Months 3.0 +yrs CEH V10, B.tech
Computer Science,
ICSI Network Security
Specialist
API academy security
architect

Trained in AWS
Security Fundamentals
and Compliances,
Fortinet’s NSE 1 & NSE
2 Network Security
Associate,
5 Abhimanyu 1+ Years 1+Years ISO270001 LA, CEH
Agrawal B.Tech,LLB
(Specialization Cyber
Law)
6 Suyash Bajpai 1+Year 1.5+ Years CEH V10, BCA,
Fortinet’s NSE 1 & NSE
2 Network Security
Associate

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

We have supported and provided our services to clients with complex environment upto size of
20,000 employees company and, in various sectors including BFSI, Insurance, Healthcare,
Digital Payment companies, Fintech, SAAS companies, Manufacturing and other business
sectors.

Sno. Client Description Project Description Project Value

1) One of the largest Complex System Audit against INR 6,50,000/-

rural Fintech company stringentcyber & information security
in India (listed requirements from RBI for Pre
company) Payment Instrument and Bharat Bill
Payment System and, GST-GSP
Application Audit.The scope of work
spannedtomultiple locations,
departments and complex IT
environment including cloud and
hybrid servers, e-wallet and payment
applications.

2) Company located in - Complex VAPT Testing Non disclosure

50+ countriesin environment for the following
domains of CRM and scope of work in multiple
sales automation. geographical locations:
1) Servers – 25+
2) Laptops/Desktops- 500+
3) Applications- 4+
(including ERP System)
4) Network devices –
Firewalls/Switches/Router
s – 15

- ISO 9001 consultancy and

support for multiple location.

3) South-East Asia’s The following was scope of project: Non disclosure

largest cloud
telephony company - VAPT & Security Assessment
of IT Infrastructure and
applications
1) Web and Mobile
Applications – 3
2) Cloud Security
Assessment (servers)-
100
3) Server Hardening check-
100+
- General Data Protection Act (
GDPR) consultancy and
implementation support for
600+ employees spanned in
multiple geographical
locations.
- ISO 27001 Consultancy and
advisory services with
certification support for
multiple year support deal

4) One of the US listed The scope of work included Non disclosure

company in domain RCM/control design and revamp,
On-Demand software ,management testing of Application
solutions & E- & IT General controls for Test of
commerce services design and effectiveness, supporting
based company with SOX compliances & audit with scope
multiple offices in included in the testing is as following:
India.
- Applications – 19
- Servers – 100+
- Controls- 54
- Test cases (Work papers) –
700+

5) One of largest Grey and Black box testing of the Non disclosure
Automobile complex IT environment & production
Components site with scope of work included:
manufacturing
company in India - VAPT & Security Assessment
(listed company) of IT Infrastructure and
applications
1) Server- 25+
2) Web Applications- 10+
3) Firewalls- 40+

6) International The overall contract period is 3 years INR 12,00,000

organization with with the following scope of work:
SAAS based products
1) Applications (Grey box
testing) – 8 Applications
(annually)
2) Servers – 50+ (annually)
3) Mobile Application (IOS &
Android) – multiple
applicatiosn

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Freeware/Open Source Commercial Proprietary tool

tools tools

Web: Nikto, dirbuster. dirsearch Web: Brupsuite Threat Intelligence tool

, OWASP ZAP, firefox professional and (Cybersrc-TI®)
browser extensions, others,
SQLMAP, burp suite Vulnerability management
extensions, Shodan, Network: Nessus system tool(Cybersrc-
Archini, Wfuzz, Wafw00f VMS®)
and many GitHub scripts
And other tools as per
like HTTProbe and lazy s3
client environment. Python based Scripts
developed for auditing
Mobile: Mobsf, Drozer, Android purposes.
Debug Bridge. apktool ,
cyndia , Frida and
objection

Network: Nmap, Wireshark,

Metasploit, OpenVAS and
nessus

Cloud : AWS- Scoutsuite, PACU

Azure - scoutsuite,
azurcar, powerzure

And other tools as per client

environment

10. Outsourcing of Project to External Information Security Auditors / Experts: No (

If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes

We have Foreign- Virtual Office for correspondence of international customers, address:

London(UK)- Kemp House 152-160 City Road, London EC1V 2NXice

We have tie up with foreign company for Phishing Simulation Services for our customers,
Knowbe4.inc KnowBe4 USA 33 N Garden Ave, Ste 1200 Clearwater, Florida 33755

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : Yes

Address: London(UK)- Kemp House 152-160 City Road, London EC1V 2NXice

(This is correspondence office -virtual office)

*Information as provided by CyberSRC® Consultancy LLP, 26July 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s CYRAAC Services Private Limited

1. Name & location of the empanelled Information Security Auditing Organization:

CYRAAC Services Private Limited

2. Carrying out Information Security Audits since : 2017

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) -Y

• Web-application security audit (Y/N) -Y
• Wireless security audit (Y/N) -Y
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N)- Y
• Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N - Y
• ICS/OT Audits (Y/N) -Y
• Cloud security Audits (Y/N) -Y

4. Information Security Audits carried out in last 12 Months:

Govt. : 6
PSU : 2
Private : 151
Total Nos. of Information Security Audits done : 159

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 70

Web-application security audit : 100
Wireless security audit : 5
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 29
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : 2
ICS/OT Audits : 2
Cloud security Audits : 27
Technical manpower deployed for informationsecurity audits : 14
CISSPs : 1
BS7799 / ISO27001 LA : 4
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification:
Offensive Security Certified Professional - 1
Certified Ethical Hacker - 5
Certified Information Security Manager –2
CBCP - 1
Total Nos. of Technical Personnel :14

6. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Name of Employee Duration with Experience in Qualifications related

S.
<organization> Information to Information
No.
Security (years) security
1. Murari Shanker 39 months 32 CISM
2. Suresh P 22 months 21 TOGAF 9
3. Deepti Bhatia 37 months 6 CISSP, CISA
Venkateshwaran 25 months 8 CISA
4.
Prabhakaran
5. Ram Prasad 39 months 13 CEH, CHFI
Anamika Patil 39 months 3.3 OSCP, CEH, ISO
6.
27001 LA
7. Varun Mokashi 24 months 2 CEH
8. Uday Naik 24 months 3 CEH
Name of Employee Duration with Experience in Qualifications related
S.
<organization> Information to Information
No.
Security (years) security
Ashutosh Nath 20 months 2 CEH
9.
Rimal
10. Kalyani B 6 months 6 ISO 27001 LA
Bharat 45 months 7 CISM, CBCP
11.
Srinivasaraghavan

7. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Information Systems Audits for a Bank

Scope:

• Audit against requirements and circulars - RBI Cyber Security Framework,

Gopalakrishna Committee Recommendations
• Audit againstStorage of Payments Systems Data
• e-Sign Audit
• Audit against UIDAI requirements
• Vulnerability Assessment and Penetration Testing
• Red Team Assessment
• Application Security Assessment
• Cloud Security Audit
• Data Privacy
• Security Operations Audit

Locations: India

8. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Tool User
Nessus Professional Infrastructure Scanning
Burp Suite Penetration Testing / Web Application Scanning
Metasploit Penetration Testing
Charles Infrastructure Scanning
Nikto Penetration Testing
SQLmap Penetration Testing / DB Scanner
W3AF Web Application Scanning
AirCrack-ng Infrastructure Scanning
Netcat Multipurpose Tool
TCPDUMP Infrastructure Scanning / Sniffer
Wireshark Infrastructure Scanning / Sniffer
Kismet Infrastructure Scanning
WebScarab Web Application Scanning
OpenSSL Toolkit Infrastructure scanning
Fiddler / Firebug Web Application Scanning
SQLNinja Penetration Testing / DB Scanner
Nirsoft Suite Multipurpose Toolset
Sysinternals Suite Multipurpose Toolset
Frida Mobile Application Penetration testing
Drozer Mobile Application Penetration testing
QARK Mobile Application Penetration testing
MobSF Mobile Application Penetration testing
SuperAndroidAnalyzer Mobile Application Scanning
Postman API Penetration Testing
Tool User
FuzzAPI API Scanning
Astra API Penetration Testing
Fortify SCA Secure Code Review
PMD Secure Code Review
Checkstyle Secure Code Review
FingBugs Secure Code Review
Source meter Secure Code Review
SonarQube Secure Code Review
VCG Secure Code Review
Prowler Cloud Configuration Review
Scout Suite Cloud Configuration Review
Custom Scripts Multipurpose

9. Outsourcing of Project to External Information Security Auditors / Experts: No

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No

12. Whether organization is a subsidiary of any foreign based organization? No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any: No

*Information as provided by CYRAAC Services Private Limited on 25 July 2021

Murari Shanker

Co-Founder and CTO

Authorized Signatory

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s ESSENTIAL INFOSEC PRIVATE LIMITED

1. Name & location of the empanelled Information Security Auditing Organization:

M/S ESSENTIAL INFOSEC PRIVATE LIMITED

Corporate address (Mailing Address):

1st Floor, Plot No. 16, Near SBI BANK Behind Sultanpur Metro Station, New Delhi
110030
Website: www.essentialinfosec.com
Mobile: +91 79855 34793
Email: cert[at]essentialinfosec.com

Registered Address:
Flat No. 304, Plot No. 2, Shivam Palace, Mamdapur -Neral, Tal. Karjat, Dist. Raigad,
Raigarh MH 410101
Mobile: +91 88283 69600
Email: anurag[at]essentialinfosec.com

2. Carrying out Information Security Audits since : 2018

3. Capability to audit, category wise (add more if required)

Network security audit (Y/N) : YES

Web-application security audit (Y/N) : YES
Wireless security audit (Y/N) : YES
Compliance audits (ISO 27001, PCI, etc.) (Y/N) : YES
Application VAPT - (Vulnerability Assessment & Penetration Testing) (Y/N) : YES
Network VAPT - (Vulnerability Assessment & Penetration Testing) (Y/N) : YES
Mobile Application VAPT - (Y/N) : YES
IOT Security Testing (Y/N) : YES
Social Engineering Assessment(Y/N) : YES
Secure Code Review (Y/N) : YES
Local Host Security Assessments(Y/N) : YES
Device Security Audit & Assessment(Y/N) : YES
Telecom Security Audit & Assessment(Y/N) : YES
Risk Assessments(Y/N) : YES
ERP Security Audit & Assessment(Y/N) : YES
Infrastructure Security Audit(Y/N) : YES
Big Data Security Audit & Assessment(Y/N) : YES
Cyber forensic Analysis(Y/N) : YES
Security Architecture Review(Y/N) : YES
Data Center Security Audit & Assessment(Y/N) : YES
Cloud Applications VAPT(Y/N) : YES
Threat Assessment(Y/N) : YES
SOC - Security Operation Center Type 1 & 2 Assessment(Y/N) : YES
Managed Security Service(Y/N) : YES
Automotive Security Audit(Y/N) : YES
AI - Artificial Intelligence Security Audit(Y/N) : YES
ML- MACHINE LOG AUDIT(Y/N) : YES
Data Localization Security Audit(Y/N) : YES
Ransomware Rescue Analysis & Forensic Investigation(Y/N) : YES
API Security Audit(Y/N) : YES
Network Performance Testing(Y/N) : YES
GDPR Compliance Audit(Y/N) : YES
Root Cause Analysis(Y/N) : YES
ISNP Audit(Y/N) : YES
AUA/KUA Audit(Y/N) : YES
AEPS and AADHAAR pay Micro ATM Audit(Y/N) : YES
IT/OT Infrastructure Audit(Y/N) : YES
e-Sign Compliance audit(Y/N) : YES
Thick Client Security Audit(Y/N) : YES

4. Information Security Audits carried out in last 12 Months : 16

Govt. : Nil
PSU : Nil
Private : 16
Total Nos. of Information Security Audits done: : 16

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 5+

Web-application security audit : 8+
Mobile Penetration Testing : 2+
Compliance audits (ISO 27001, PCI, etc.) : 1+

6. Technical manpower deployed for information security audits :

CISSPs : Nil
BS7799 / ISO27001 LAs : 1
CISAs : Nil
DISAs / ISAs : Nil
Any other information security qualification:
CCIE : 1
Ec-Council CEH : 12
AWS Security : 1
ITIL : 1
CSSA : 1
CCNA/CCNP : 5
Total Nos. of Technical Personnel : 16

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. No. Name of Duration with Experience in Qualifications related

Employee Essential InfoSec Information to Information
Security security

1. Pawan Srivastav 2020 4.5+ Years CEH, CSSA

2. Anurag Bajpai 2020 11.5+ Years CEH, ITIL, MCITP,
Fortinet NSE
3. P. Kumar 2020 4.5+ Years CEH
4. Dipender 2020 3.5+ Years CEH, Fortinet Network
Security, AWS Solution
Architect
5. Sachidanand 2021 12+ Years CEH, MCP
6. Vikas 2021 7+ Years CCIE, CCNP, Certified
Engineer
7. Vivek 2021 7+ Years CCNA
8. Gitesh 2021 4+ Years CEH, CCNP
9. Sikhar 2021 6 Months CEH
10. Aastha 2021 6 Months CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Due to non-disclosure agreement with Client, Business/scope are restricted to disclosure.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

1 Acunetix Commercial
2 Nessus Commercial
3 Snappytick Commercial
4 Burpsuite Pro Commercial
9 enumIAX Freeware
5 arp-scan Freeware
6 Dig Freeware
7 Ffuf Freeware
8 enum4linux Freeware
10 EyeWitness Freeware
11 Faraday Freeware
12 Fierce Freeware
13 Gophish Freeware
14 GoLismero Freeware
15 hping3 Freeware
16 ident-user-enum Freeware
17 InSpy Freeware
18 masscan Freeware
19 Metagoofil Freeware
20 Nmap Freeware
21 Rust Scan Freeware
22 OSRFramework Freeware
23 Postman Freeware
24 Recon-ng Freeware
25 Social Engineering Toolkit Freeware
26 SMBMap Freeware
27 SPARTA Freeware
28 testssl.sh Freeware
29 Sublist3r Freeware
30 Hashcat Freeware
31 theHarvester Freeware
32 URLCrazy Freeware
33 Wireshark Freeware
34 Xplico Network Forensics Freeware
35 BBQSQL Freeware
36 cisco-global-exploiter Freeware
37 jSQL Freeware
38 Lynis Freeware
39 openvas Freeware
40 sqlmap Freeware
41 Netcat Freeware
42 LinPEAS Freeware
43 WinPEAS (Privilege Escalation Audit) Freeware
44 Yersinia Freeware
45 Armitage Freeware
46 Backdoor Factory Freeware
47 BeEF Freeware
48 Commix (Command Injection Exploiter) Freeware
49 Crackle (Bluetooth Audit tool) Freeware
50 Searchsploit Freeware
51 Linux Exploit Suggester Freeware
52 Windows Exploit Suggester Freeware
53 Maltego Freeware
54 Metasploit Framework Freeware
55 RouterSploit Freeware
56 Aircrack-ng Suite Freeware
57 Bluetooth-arsenal Freeware
58 Airgeddon Freeware
59 kalibrate-rtl (GSM) Freeware
60 KillerBee Freeware
61 wpascan Freeware
62 DirBuster Freeware
63 fimap Freeware
64 FunkLoad Freeware
65 hURL Freeware
66 w3af Freeware
67 XSStrike Freeware

10. Outsourcing of Project to External Information Security Auditors / Experts: No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No

12. Whether organization is a subsidiary of any foreign based organization? No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any: No

*Information as provided by < Essential Infosec Private Limited> on <26/07/2021>

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s ISECURION Technology & Consulting PVT LTD

1. Name & location of the empanelled Information Security Auditing Organization :

ISECURION Technology & Consulting PVT LTD

2nd floor, #670, 6th Main Road, RBI Layout, J.P. Nagar 7th Phase, opp. Elita
Promenade, Bengaluru, Karnataka 560078

2. Carrying out Information Security Audits since : 2015

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Mobile application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Read Team Assessment (Y/N) : Yes
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N): Yes
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N) : Yes
• ICS/OT Audits (Y/N) : Yes
• Cloud security Audits (Y/N) : Yes
• Secure Code Review (Y/N) : Yes
• Cloud Security Audit (Y/N) : Yes
• Penetration Testing (Y/N) : Yes
• IOT Security Testing(Y/N) : Yes
• Firewall Configuration review(Y/N) : Yes
• Deep Web /Dark Web Monitoring(Y/N) : Yes
• SOC2 Audit & Certification(Y/N) : Yes
• ISO 27001 Implementation & certification(Y/N) : Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : 0
PSU : 0
Private : 100+
Total Nos. of Information Security Audits done : 100+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 10+

Web-application security audit : 70+
Wireless security audit : 5+
Compliance audits
(ISO 27001, IEC 62443, IEC 27019, PCI, SOC2, GDPR etc.) : 10+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : 2+
Cloud security Audits : 3+
Secure Code revie : 2+
Firewall Configuration review : 10+
IOT Security Testing : 3+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:CEH: 5, ISO 27001 LI:1

Total Nos. of Technical Personnel :8

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. ISECURION Information Security Information security
1 Manjunath NG 5.5 Years 13 Years ISO 27001 LI, CEH,
CCNA, MCSE
2 Sachin Kumar S 2.5 Years 3.4Years CEH, CPT
3 Aghilesh B 2 .4 Years 2.4 Years NASSCOM Application
Security Analyst
4 Mukul Trivedi 4 Months 2.4 Years CEH
5 Pramod 6Months 5 Years VPA,IIHT-CCP, IBM-
Raghunathan CCS
6 Cephas Joseph 2 Months 4 Years CEH, CPFA, CISC
7 Rajesh Kannan 6 Months 01 Years CEH, CCNA, Comptia
N+, CCNP, MCP,
MCDST
8 Kasireddy 4 Months 01 Years
Venkateswarlu

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Vulnerability Scan for Major BPO Company across 5 locations which consist of nearly 1000 Assets
which includes Servers, Desktops, Network & Security Devices.

Performed Audit of 25+ Applications for a Largest Data Indicators in Europe across different
environments and Technology.

Quarterly External Penetration Testing Activity for Major Indian e-commerce company from
various perspective of their External infrastructure, Web & Mobile applications.

Project Value (s): Confidential

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):

• Nmap
• Nessus Pro
• Nikto
• Metasploit
• Sqlmap
• BurpSuite Pro Edition
• Acunetix Pro
• OWASP Zed Attack Proxy
• Webscarab
• Kali linux OS
• Paros
• Wikta
• Sublister
• W3AF
• Android Tamer
• AppUse
• MobSF
• APKTool
• Drozer
• LogCat
• Cyberduck
• FileZilla
• Xposed Module SSLUnpinning
• Echo Mirage
• Prcoess Monitor
• Regmon
• Mallory
• Wireshark
• TCP relay
• WinHex
• Java Snoop
• mimikittenz
• DomainPasswordSpray
• nishang
• PowerSploit
• ADRecon

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by ISECURION Technology & Consulting PVT LTD on 27-07-2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Netmagic IT Services Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization :

Netmagic IT Services Pvt. Ltd.

Lighthall 'C' Wing, Hiranandani Business Park, Saki Vihar Road,
Chandivali, Andheri (East) Mumbai 400 072

2. Carrying out Information Security Audits since : 2006

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : YES

• Web-application security audit (Y/N) : YES
• Wireless security audit (Y/N) : YES
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : YES

4. Information Security Audits carried out in last 12 Months :

Govt. : 50+
PSU : 100+
Private : 150+
Total Nos. of Information Security Audits done : 200+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 100+

Web-application security audit : 200+
Wireless security audit : 50+
Compliance audits (ISO 27001, PCI, etc.) : 10+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : NA
DISAs / ISAs : NA
Any other information security qualification:(GCFA/CCISO/CEH/CHFI)
Total Nos. of Technical Personnel : 45+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related to

No. Employee <organization> Information Information security
Security
1 Srinivas Prasad 12 years 12 years CISC, CPH, CPFA, ISO
27001 LA, CPISI
2 Bhushan 9 years 16 years ISO 27001 LA, CISC
Pandloskar
3 Neeraj Pathak 3 years 16 years CISSP, CCNP, CCDP
4 Sandeep Kand 1 year 4 year ISO 27001 LA
5 Jaspreet Singh 3 years 5 years CEH, Cyberlaw, CTIA,
Bassan

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Out of 25+ large projects of Netmagic, one of the largest and complex project was to carry out
Information Security with following detail scope.

The scope of entire activity includes:

• Vulnerability Assessment / Penetration Testing
• Configuration Audit of Network Devices
• Technical /Configuration Assessment of (Windows and Unix) Servers
• Policy and Process review & Audit
• Red Team Assessment
• Breach Assessment

9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

Open Source

• Webscarab/Paros/Burp
• Grendle scan/Nikto/w3af
• KALI Linux
• Dir buster
• WebSecurify

Commercial

• Nessus
• Hacker Guardian
• Netgear Wi-Fi Scanner

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

YES

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No

12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No

If yes, give details

YES.NTT LTD.

13. Locations of Overseas Headquarters/Offices, if any : Yes/No

*Information as provided by <Netmagic IT services Pvt Ltd> on <26.07.2021>

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s NetSentries Infosec Solutions Private Limited

1. Name & location of the Empanelled Information Security Auditing Organization:

NetSentries Infosec Solutions Private Limited

Bangalore Address:
No 185/7, 2nd Floor, Chandra Plaza,
8th F Main, 3rd Block Jayanagar
Bangalore 560011

Cochin Address:
No.5, 4th Floor, Wing II
Jyothirmaya Building, Infopark SEZ Phase-II,
Cochin 682303

2. Carrying out Information Security Audits since : 2016

3. Capability to audit, category wise (add more if required)

Network security audit (Y/N) Yes

Web-application security audit (Y/N) Yes

Wireless security audit (Y/N) Yes

Compliance audits (ISO 27001, PCI, etc.) (Y/N) Yes

SWIFT CSP Security Audits Yes

ATM/CDM/ITM Security Audits Yes

RPA Security Assessments Yes

Security Operations Center Audits Yes

IOT/OT Security Audits Yes

Red and Purple Team Assessments Yes

Cloud Security Audits Yes

Security Engineering Reviews Yes

Secure Code Reviews (SAST, SCA, DAST, IAST) Yes

Detailed List of Services offered By NetSentries with respect to Information Security.

Services Details
• Network Penetration testing
Infrastructure Security Assessment
• IOT/OT Security Assessments
• SCADA/ICS Security Assessments
• Web Application Security Assessment
• Mobile Application Security Assessment
Application Security Assessment
• Application Source Code Reviews (SAST, IAST, SCA,
DAST)
• API Security Assessments
• Digital Wallets and Payment Systems Security
Assessments (Apple Pay, Samsung pay etc)
Digital Payment Systems Security • Payment Aggregators and Payment Gateway Security
Assessment Assessment
• POS terminals and POS preparation security assessments
ATM/ITM, POS, Card Production Security
• ATM/CDM/ITM/BTM security assessments
Assessments
• Payment gateway security assessment and
testing
• Card production security assessment
• External Red teaming and spear phishing
• Internal Red Teaming
Adversarial Simulations
• Purple Teaming
• Attack Surface discovery and reduction
• Business Email Compromise Simulations
• SOC assessment with content and correlation review
Security Operations Center (CSOC)
Assessment
• Threat Simulations and SOC Cyber Drills
• Enterprise security architecture review
• Security Engineering Reviews
Enterprise Security & Critical
• Enterprise email system security assessment
Infrastructure Assessments
• Core Banking systems Security Assessments
• Firewall segmentation testing
• Security baselining and control validation
• RPA and robotics security assessment
Other Advanced Security Assessments
• Cloud security assessment – (IAAS, PAAS,
SAAS)
• Blockchain, AI and ML Applications Security Assessments
• PCI DSS
• SWIFT CSP
GRC Enablement • GDPR
• ISO27K
• NIST
• RBI DPS

4. Information Security Audits carried out in last 12 Months:

Govt. 0

PSU 0

Private 100+

Total Nos. of Information Security Audits done 100+

5. Number of audits in last 12 months, category-wise (Organization can add categories

based on project handled by them)

Network security audit 100+

Web-application security audit 100+

API Security Audits 50+

Wireless security audit 5+

Compliance audits (ISO 27001, PCI, etc.) 10+

SWIFT CSP Security Audits 15+

ATM/CDM/ITM Security Audits 25+

Open Banking Security Audits 3

RPA Security Assessments 50+

Security Operations Center Audits 2

IOT/OT Security Audits 1

Red and Purple Team Assessments 5

Cloud Security Audits 3

Security Engineering Reviews 10

Secure Code Reviews (SAST, SCA, DAST, IAST) 15+

Integration Layer and Micro Services Audits 50+

6. Technical manpower deployed for information security audits :

CISSPs 1

BS7799 / ISO27001 LAs 2

CISM 2

OSCP 6

OSWE 1

CRTP 2

ECSA 2

CHFI 1

CEH 9

Qualys Certified 6

Total Nos. of Technical Personnel: 27

7. Details of technical manpower deployed for information security audits in Government

and Critical sector organizations (attach Annexure if required)

NetSentries Security Assessment Team List

Duration Experience in
Name of Qualifications related to
# with Information
Employee Information security
Netsentries Security
CISSP-AP/EP/MP, SSCP, LPT
1 Arun Thomas 5 years 18 years
Master, ECSA Practical, CHFI

2 Rupesh Nair 5 years 15 years AWS Certified Cloud Practitioner

Vamsi Kalyan PCI-ISA | ISO Lead Auditor | CCNA

3 5 years 18 years
Pothula | CCNP | CCIE(W)

4 Vidhyasagar K 2 years 5 years CISM

5 Abhinav Rajput 1 year 5 years OSCP, CCNA

OSWE; OSCP; CRTP; CEH Practical;
Qualys Vulnerability Management;
Vaibhav Joshi Qualys Web Application Scanning;
6 2 years 3 years
Qualys Policy Compliance; Qualys
PCI Compliance; Fortinet NSE2;
Fortinet NSE1

7 Mohammed Abin 2 years 3 years CEH, CRTP, CRTE

Duration Experience in
Name of Qualifications related to
# with Information
Employee Information security
Netsentries Security
8 2 years 3 years CEHv10
Anoop AJ
CEHCEH v9; Fortinet NSE 1
Network Security Associate;
Fortinet NSE 2 Network Security
9 Amal Raj P 3 years 3 years
Associate; SWIFT Customer
Security Controls Framework
v2021;

10 Enosh George 3 Years 5 years CEH

BCA (Cloud Technology and

Information Security Management);
11 2 years 2 years
Rajalakshmi KR Qualys Certified Specialist (VM,
SSBP)

12 Sindhoori Murali 1 year 2 years CEH, NASSCOM

13 Suchand Babu 4 years 5 years CISM

14 Jason Dias 1 year 7 years OSCP, CEH

CEH, ECSA, Fortinet- NSE 1,Qualys
15 Bajrang Davda 1 year 2 years
Certified Specialist
16 Divyang Chauhan 1 year 4 years OSCP, Qualys Certified Specialist

Splunk Power User 6.3; Splunk SE

17 Habshan AK 4 years 4 years I; Fortinet NSE 1; Fortinet NSE 2;
Microsoft Specialist-Hyper V

CEH, CEH Practical, CEH Master,

18 Rajpal Singh Gurjar 2 years 2 years
ECSA, NSE 1 & NSE 2
19 Arun Kumar S 2 years 2 years Qualys Certified Specialist
Qualys Certified Specialist,
20 2 years 2 years
Jamie Jacob Mathew CheckmarxCx

21 Christy Elias 3 years 3years CheckmarxCx

Muhammed Fazil
T.S
22 3 years 3years CheckmarxCx

23 Arvin Jangid 1 year 1 year OSCP

CEH V10; ISO 27001:2013 Lead
24 Madhup Bajpai 1 year 1 year
Auditor
25 Charchit Verma 1 year 1 year OSCP ; NSE-1 ; NSE-2
Archana M.Tech in Computer Science &
26 2 years 2 years
Radhakrishnan Information System,

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity,
locations etc.) along with project value.

SWIFT Security Gap Assessment, Remediation Enablement and Compliance Attestation for a
Multinational bank with more than 10 locations worldwide – Approx. Value – INR 2 Crores

PCI DSS Compliance Enablement and first-time certification assistance to the issuing business of a
large bank. Approx. Value – INR 1.5 Crores

External Red and purple Team Assessment with Remediation enablement and CSOC enhancement
services to a multi-national bank with presence in several countries. Approx. Value – INR 70
Lakhs

Application and Infrastructure Penetration testing for a conglomerate with more than 100
applications and several 100 Infrastructure components. Approx. Value – INR 2 Crores

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

NetSentries Security Assessment Tools List

Tools from Multi-paradigm Reverse Engineering Web App Exploitation
Penetration Frameworks: Tools Scanners: Frameworks:
Testing • Metasploit • IDA Pro • Qualys WAS • OWASP ZAP
Distribution • Armitage • PEStudio • Nikto • Fiddler
s: • Faraday • PEView • Arachni • Burp Suite
• Kali Linux • ExploitPack • WDK/WinDBg • W3af Pro
• Parrot OS • Pupy • OllyDbg • Wapiti • OWASP-
• BlackArch • X64dbg • WebReaver OWTF
• Kali Net • De4dot • WPScan • Wordpress
Hunter • Radare2 • Cms- Exploit
• Tails • Immunity Debugger explorer Framework
• Qubes • Frida • Joomscan • WPSploit
• Whonix • dnSpy • Secaps Suite
• binwalk • ACSTIS
• PyREEBox
• Voltron
• Capstone
• Readelf
Exploit Network Utilities: Network Utilities Cotd. Windows Transport
Frameworks • Nmap , Utilities Layer Security
ctd: • Scanless • SSH MITM • Sysinternals Tools
• SQLmap • Tcpdump • Netzob Suite • SSLyze
• Tplmap • Wireshark/Tshar • Pwnat • Windows • Tls_prober
• Weevely3 k • Smbmap Credentials • Testssl.sh
• Wappalyz • Pig • Scapy Editor
er • Netsniff-NG • Dripcap • Mimikatz Infra and OS
• WhatWeb • Intercepter-NG • Printer Exploitation • PowerSploit Vulnerability
• Wafw00f Toolkit • Windows Scanners:
• SPARTA
• Fimap • Praeda Exploit • Nexpose
• Dnsenum
• Kadabra • Routersploit Suggester • Nessus
• Dnsmap
• Kadimus • Evilgrade • Responder • OpenVAS
• Dnsrecon
• Liffy • DNSChef • Xray • Bloodhound • Vuls
• Commix • Ettercap • Empire • Qualys
• Dshell
• DVCS • Fibratus Guard
• Mitmproxy • CrackMapExec
Ripper • zarp • wePWNise
• Morpheys
• Sslstrip2 • redsnarf
• Mallory
• NoSQLma • Magic
p Unicorn
• VHostSca • DeathStar
n
• FuzzDB
Security Hash Cracking Wireless Security Anonymity Secure Code
Control Tools Assessment Tools: Tools Review tools
Evasion • John the Ripper • Aircrack-ng • Tor • Veracde
Tools • Hashcat • Kismet • Onion Scan • SonarQube
• Veil • CeWL • Reaver • I2P • Sourcemeter
• Shellsploi • JWT Cracker • Wifite • Nipe • Checkmarx
t • Rar Crack • Fluxion
• Hyperion • BruteForce
• AntiVirus Wallet
Evasion
Tool
• peCloak.p
y
• UniByAV
OSINT Tools Social Proprietary Tools
Engineering
• Maltego • NS-Segmentor - This
• Harpoon • Custom SMTP is a segmentation
• Google Servers & penetration testing
dorks Phishing suite that assess
• GHDB Frameworks effectiveness logical
• Censys • Custom segmentation
• Shodan Spearphishing controls.
• Recon-ng Exploit Payloads • NS-Hawk - This is a
• SpiderFoo OSINT and Darkweb
t threat intelligence
• ZoomEye harvesting tool
• Intrigue • NS-TIP - This a a
Threat Intelligence
Platform capable of
IOC analysis and
sharing
• NS-ElastikTA - This a
Threat Hunting and
Security Analytics
platform developed
with ELK stack

Custom Tools: In addition to the above listed tools, custom tools will be developed based
on the context of the scoped asset.

10. Outsourcing of Project to External Information Security Auditors / Experts: NO

(If yes, kindly provide oversight arrangement (MoU, contract etc.)

11. Whether organization has any Foreign Tie-Ups? If yes, give details : YES

UAE Sales Office

NetSentries Technologies FZCO
G11, TechnoHub, DTEC, Dubai Silicon Oasis
Dubai, UAE

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details.

13. Locations of Overseas Headquarters/Offices, if any: : YES

UAE Sales Office

NetSentries Technologies FZCO
G11, TechnoHub, DTEC, Dubai Silicon Oasis
Dubai, UAE

*Information as provided by NetSentries Infosec Solutions Private Limited on 26th July, 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Swadesh System Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization :

Swadesh System Pvt. Ltd.,

Address:504,5th Floor, 58, Sahyog Building,
Nehru Place, New Delhi-110019

2. Carrying out Information Security Audits since : 2007

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) YES

• Web-application security audit (Y/N) YES
• Wireless security audit (Y/N) YES
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) YES
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N) YES
• ICS/OT Audits (Y/N) YES
• Cloud security Audits (Y/N) YES

4. Information Security Audits carried out in last 12 Months :

Govt. : 0
PSU : 0
Private : 100+
Total Nos. of Information Security Audits done : 100+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 20+

Web-application security audit : 55+
Wireless security audit : 10+
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 22+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : 00
ICS/OT Audits : 00
Cloud security Audits : 00

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 00
BS7799 / ISO27001 LAs : 02+
CISAs : 00
DISAs / ISAs : 00
Any other information security qualification : 03+
Total Nos. of Technical Personnel : 20+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)- Annexure Attached.

S. No. Name of Employee Duration with Experience in Qualifications related to

<organization> Information Security Information security

01 RohitJain 12Yrs. 12Yrs. GraduateandMCSE

02 RoopaliJain 10Yrs. 10Yrs. MCA

03 GauravSharma 3Months 4Yrs. B.Tech

04 VanditSharma 2Months 2Yrs. B.Tech

05 CHRISTYMATHEW 2Months 3Yrs. B.Tech.,CEH
06 GVAISHNOCHAITANYA 3Months 3Yrs. B.Tech

07 DhruvMathpal 3Months 6Months B.Tech

08 UdayRaj 3Months 3Yrs. B.E., CEH

09 MayankGoswami 3Months 1Year B.Tech

10 MeghaGupta 10Days 1Year MBA

11 ShikhaSharma 3Years 3Years BCA/PursingMCA

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.-.-: Saija Finance Limited- 4 Server Locations, 550 + IP
addresses that includes DC, Network devices, desktops and POS locations.

9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

Acunetix Nmap/ Zenmap Hamster

Sonatype Nexus Sqlmap IP scanner
Burp suite Nikto Yersinia
SoapUI Hydra Ethereal
Nessus John the Ripper Echo Mirage
NetCraft Putty WebScarab
Qualys Whois W3af
NMAP Scapy Sparta
Metasploit Framework Pyloris Directory Buster
Netcat LOIC SMTP Ping
Kali Linux CSRF Tester Hash-Identifier
MOBSF Ollydbg SysInternals Suite
JD-GUI MBSA Santoku Linux
DEX2JAR TestSSLServer OpenVAS

APKTOOL Python / Powershell Scripts OmegaDB

SSL Qualys server lab Qualys SSL Fiddler
Wireshark/ TCPDump Ettercap WireEdit
Armitage Ferret Process Hacker

Browser Plugins Curl Dsniff

OpenZap NSLookup Lynis

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Swadesh System Pvt. Ltd. on 27.07.2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s TATA Power Delhi Distribution Ltd

1. Name & location of the empanelled Information Security Auditing Organization :

TATA Power Delhi Distribution Ltd

NDPL House, Hudson Lines
Kingsway Camp
Delhi-110 009

2. Carrying out Information Security Audits since : 2009

3. Capability to audit , category wise (add more if required)

4. Information Security Audits carried out in last 12 Months :

Govt. : 0
PSU : 0
Private : 62
Total Nos. of Information Security Audits done : 62

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit :3

Web-application security audit :5
OT Security audit :5
Compliance audits (ISO 27001, PCI, etc.) : 14
Information Security Incident Management : 14
Business Continuity Planning : 16
Risk Assessment :2
Information Security Awareness :2
Compliance audit as per statutory guidelines :1

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 LAs : 13
CISAs : 1
DISAs / ISAs :0
Any other information security qualification:CISM:1, CEH:4, CASE:6, CND:3
Total Nos. of Technical Personnel : 30+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. No. Name of Employee Duration with Experience in Qualifications related to

TATA Power- Information Security Information security
DDL
1 Aamir Hussain Khan 9 years 14 years 1. Certified Information
Security Manager
(CISM)
2. DNV-GL Certified ISO
27001:2013 Lead
Auditor - ISMS
3. NABET Certified ISO
27001:2013 Lead
Auditor – ISMS
4. EC council Certified
Ethical Hacker
5. Indian Law Institute
Certified “Online Course
in Cyber Law
6. “Vulnerability
Assessment &
Prevention” Course
from CDAC-Noida
7. US Homeland
Security Department
Certified Cybersecurity
Practices for Industrial
Control Systems
8. US Homeland
Security Department
Certified Cybersecurity
Landscape for
Managers
9. Cybrary certified
“Introduction to IT &
Cybersecurity”
2 Abhishek Bhargav 6 years 13 years 1. Certified Network
Defender
2. “Vulnerability
Assessment &
Prevention” from CDAC-
Noida
3 Tarun Bhardwaj 10 years 8 years 1. Certified Information
Security Auditor
2. ISO 27001:2013 LA
3. “Vulnerability
Assessment &
Prevention” from CDAC-
Noida
4. ISGF - Cyber
Security for Power
System Control
4 Abhishake Sharma 7 years 6 years 1.Certified Application
Security Engineer
2. ISO 27001:2013 LA
3.“Vulnerability
Assessment &
Prevention” from CDAC-
Noida

5 Parul Bahl Sawhney 6 years 6 years 1. CEH

2. ISO 27001:2013 LA
3.“Vulnerability
Assessment
&Prevention” from
CDAC-Noida
6 Vinita Gupta 10 years 6 years 1. CEH
2. ISO 27001:2013 LA
3.“Vulnerability
Assessment
&Prevention” from
CDAC-Noida
7 Akash Ahuja 10 years 4 years 1. CEH
2.“Vulnerability
Assessment
&Prevention” from
CDAC-Noida
8 Kanishka Guha 6 years 4 years 1.Certified Application
Biswas Security Engineer
2.“Vulnerability
Assessment &
Prevention” from CDAC-
Noida

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Leading The scope involved planning, organizing and scheduling ISMS No. of Teams audited-
Power Sector (ISO 27001) based audits for a large power sector utility 13
Organization comprising of Generation, Transmission and Distribution Team Details-
units being managed by a common IT Dept. Managing a Delivery Excellence
programme of ISMS audits involves planning, controlling and Enterprise Application
monitoring/overseeing it, through activities such as: Training
Enterprise Application
• Prioritizing, planning and outlining the scope of (SAP-ISU)
individual ISMS audits within the overall audit work Analytics & Insights
programme, perhaps combining wide-scope Enterprise Application
superficial ISMS audits with more tightly-focused - SAP
audits going to more depth on areas of particular Infosec / CISO
concern (e.g. longstanding issues or significant risks) HR
• Allocating suitable resources to undertake planned Legal and Compliance
and approved audits (e.g. ensuring that ISMS SAP Basis
auditors are trained, competent and motivated to do IT Infrastructure
the work to a required level of quality) Physical & e-Security
• Arranging or coordinating ISMS audits at multi-site Interaction with
organizations including multinationals and ‘group’ Secondary Data Centre
structures, where comparisons between the ISMSs in team
operation within individual business units can help Top Management
share and promote good practices
• Auditing the ISMSs of second parties such as suppliers
and business partners (note: a second party’s
ISO/IEC 27001 certification from an accredited
certification body may or may not provide sufficient
assurance across all the areas of concern, for example
there may be significant information risks or
compliance implications arising from information
services provided, or incidents and concerns may
indicate issues that deserve exploring).

Audit management activities include:

• Gaining support from management to conduct the
ISMS audit as proposed in outline, with their
agreement in principle and authority to proceed with
the detailed scoping and planning (which may lead to
a further authorization step once finalized)
• Supervising, guiding, motivating and supporting
auditors, ensuring they follow accepted audit
practices, conducting file reviews and proofreading
draft reports
• Reviewing and challenging unsubstantiated or
notable findings e.g. playing the devil’s advocate to
explore the evidence, depth of analysis and nature of
issues; proposing alternative explanations and
potential recommendations; helping auditors
evaluate the risks in the business context
• Dealing with issues that jeopardize the audit
assignment such as interpersonal problems, lack of
engagement, delays, reluctance or refusal to supply
essential information etc. (issues may be raised or
escalated by anyone involved in the process)
• Liaising with management, perhaps providing interim
updates and setting expectations for the audit
reporting phase.

Various checkpoints considered during the audit are as listed

below:

• Need, importance, expectations, awareness of ISMS

• Lists of procedures and policies
• Statement of Applicability (SoA)
• Risk assessment
• Metrics to track the performance of Information
Security Objectives
• List of information assets
• Business Continuity Plan and Disaster Recovery
(BCP-DR Plan)
• Incident Management

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial:
Nessus Pro
BurpSuite Professional
Nexpose

Freeware:
ZAP
Beef
Kali Linux
Nmap
SQLMap
Nikto
Metasploit
Hydra
Wireshark

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No

12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes/No

*Information as provided by Tata Power Delhi Distribution Ltdon 28-July-2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Amigosec Consulting Private Limited

1. Name & location of the empanelled Information Security Auditing Organization:

Amigosec Consulting Private Limited

401, Shatrunjay,
Divecha Complex, Edulji Road,
Charai, Thane(w), Maharashtra - 400601.

2. Carrying out Information Security Audits since : 2016

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) : Yes
• Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) : Yes
• ICS/OT Audits (Y/N) : No
• Cloud security Audits (Y/N) : Yes
• Mobile Application Security Audit (Y/N) : Yes
• API Security Audit (Y/N) : Yes
• Thick-client Application Security Audit (Y/N) : Yes
• Firewall Rulebase Analysis (Y/N) : Yes
• Security Audit Reviews (Y/N) : Yes
• Network Penetration Testing (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 0
PSU : 0
Private : 234
Total Nos. of Information Security Audits done : 234

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 102

(Multiple IPs)
External PT : 2
Internal VA : 50
Configuration Review : 50
Web-application security audit : 68
Wireless security audit : 0
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 0
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : 41
ICS/OT Audits : 0
Cloud security Audits : 0
Mobile-application security audit : 19
Thick Client-application security audit : 4

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 LAs : 1
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 4
Total Nos. of Technical Personnel : 5
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration withAmigosec Experience Qualifications related to

No. Consulting Private in Information security
Limited Information
Security
1 Ashish Rao 18-Aug-2014 13+ years ISO27001 LA
2 Paresh Jain 18-Aug-2014 11+years Master’s in computer
and Information
Security, C|EH
3 Pooja Chavan 1-Dec-2018 2.8+ years C|EH
4 Vaibhav Raman 1-Nov-2019 2.9+ years CPFA, CISC, C|EH
5 Sidhvick Shivalkar 17-Nov-2020 2+ years ECSA, CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Leading NBFC Investment and CreditCompany(NBFC-ICC)that deals in Financing

ofSMEs,Rural Micro Enterprisesalong with Loans for Vehicle, Home,Personal
andProperty with Pan India Presence:
• We have been successfully managing application security program for a leading NBFC
company of India.
• The scope included making an assessment plan for all the new applications introduced
by the Technology teams and assess the business-critical application on a periodic basis.
As a part of this engagement, we have dedicated security analysts and a project
manager working with the Infosec team of the client.
• We have developed a robust security process to ensure that the applications are
released with best security standards.
• The security assessment is done for all applications before they are released in product
environment. And the team is guided for security best practices to be implemented
based on the nature of application, technology stack and architecture.
• We also equip the application development teams with secure coding practices &
methodologies.

Project Highlights:
- Assessed 92 Web, Mobile Apps and APIs in previous financial year
- Co-ordinated with 3rd party product vendors
- Recommended design level security controls for complex applications
- Conducted trainings for Web & Mobile app development teams
- Created a security framework for mobile applications
- Generated compliance reports for tracking & closures.

Project Value:
In 2020-2021: ~28 Lakh (in INR)

NBFCCompanythat focuses on Consumer and MSME financing:

• We conducted an annual vulnerability management engagement for an Asset Finance
company of India. The scope of the project was to carry out security assessments of all
their application assets and the IT infrastructure.
• A security assessment calendar was planned based on the business criticality and go-
live schedules of the teams.
• In the initial phase our team was involved in creating security baseline documents for
various servers and devices present in the client environment.
• Licensed security tools were installed and configured as per the client environment for
the project.
• Periodic vulnerability scanning was conducted on monthly basis for critical assets. And
adhoc assessments were scheduled and performed for newly onboarded IT assets.
• The applications that were audited involved Intranet as well as Internet facing ones. It
included Line of Business applications integrated with 3rd party payment gateways and
payment providers, HRMS applications, and APIs.
• The detailed reports were released for each security assessment and the vulnerabilities
reported were tracked for closure with the IT teams. Re-assessments were carried out in
a timely manner.

Project Highlights:
- Assessed 20 Applications including Web and Mobile
- Performed External PT for 140+ IPs
- Performed Internal VA (Adhoc) for over 400+ IPS
- Performed half-yearly Calendar VA for over 350+ IPs
- Built baseline audit checklists for Windows and Linux as per Client policies

Project Value: In 2020-2021: 15 Lakh (in INR)

9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):

Tool name Description Type

Nessus Professional For scanning vulnerabilities in Commercial

Scanner server ports
Burp-suite Professional For Capturing Web Request & Commercial
Response, and injecting
attack payloads
SynVM For Centralized Vulnerability Proprietary
management
Owasp ZAP For Capturing Web Request & Freeware
Response, and injecting
attack payloads
NMAP For Port Scanning Freeware

SQLMap For exploiting SQL injection Freeware

parameters
DirBuster For identifying web directories Freeware
present on the server
Nikto For scanning web server for Freeware
security flaws related to
configurations
WinHex For reading browser memory Freeware

Wireshark For network analysis Freeware

POSTMAN For Web services and API Freeware

Testing
JD-GUI / DEX2JAR/ For Android Mobile App Freeware
APKTOOL reverse engineering
Drozer For dynamic analysis of Freeware
Mobile Application
MOBSF For static application security Freeware
testing
Metasploit Framework For developing and executing Freeware
exploit code for systematic
vulnerabilities on networks
and servers
Hydra/John the Ripper For password cracking Freeware

Nipper-ng For audits the security of Freeware

network devices such as
switches, routers, and
firewalls

Netcat For reading from and writing Freeware

to network connections using
TCP or UDP
Aircrack-Ng For assess Wi-Fi network Freeware
security

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by Amigosec Consulting Private Limited on 30-July-2021

BacK
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s ANZEN Technologies Private Limited

1. Name & location of the empanelled Information Security Auditing Organization:

ANZEN Technologies Private Limited

A-429, Second Floor, Vashi Plaza, Sector 17, Vashi 400703

Mobile: +91 9821775814
www.anzentech.com

2. Carrying out Information Security Audits since : 2016

3. Capability to audit , category wise (add more if required)

• Network security audit : Yes

• Web-application security audit : Yes
• Wireless security audit : Yes
• Compliance audits (ISO 27001, PCI, HIPAA, GDPR, PDPB and NIST etc.) : Yes
• Compliance implementation end to end consultancy
(ISO 27001, PCI, HIPAA, GDPR, PDPB and NIST etc.) : Yes
• Managed security services : Yes
• Risk assessment : Yes
• Mobile-application security audit : Yes
• Thick client-application security audit : Yes
• API security audit : Yes
• Micro service security audit : Yes
• Secure code review : Yes
• SAP security audit : Yes
• Red team assessment : Yes
• Firewall configuration audits : Yes
• Firewall rule review : Yes
• Network devices configuration audits (routers, switches) : Yes
• Server configuration audits : Yes
• Database configuration audits : Yes
• Cloud infrastructure security audits : Yes
• IOT device security audit : Yes
• AI/ML product security audit : Yes
• Reverse engineering : Yes
• Social engineering audits : Yes
• Phishing campaign : Yes
• Network architecture review : Yes
• Incident response : Yes
• Incident management : Yes
• Forensics investigation and analysis : Yes
• Threat hunting : Yes
• Defacement monitoring : Yes
• Network malware scan : Yes
• Information security trainings : Yes
• SOC consulting : Yes
• SIEM consulting : Yes
• Data Loss prevention implementation : Yes
• Firewall Implementation : Yes
• ATM Security solution : Yes
• Identity and access management : Yes
• MITRE ATT&CK Framework Implementation : Yes
• SSLDC Consulting : Yes
• Physical Security Audit : Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : 0
PSU : 0
Private : 260+
Total Nos. of Information Security Audits done : 260+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

6. Cloud security Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 Las : 7
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 11

CEH : 10
ITIL : 2
Prince2 Foundation & Practitioner : 1
Lean Six Sigma Green Belt : 1
Symantec STS (DLP) : 1
CCNA : 1
Certified Network Defender : 1

Total Nos. of Technical Personnel : 13+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. ANZEN Information Security Information security
Technologies
1 Ramesh Tendulkar 4 Years 25 Years ISO 27001 LA , ITIL
Foundation ,
2 Akshay Dixit 6 Years 10 Years ISO 27001 LA
3 Pooja Chandarana 4 Years 5 Years M. Tech (Information
Security), CEH, ISO
27001 LA
4 Dheeraj Meher 3 Years 8 Years CEH, ISO 27001 LA,
Symantec STS (DLP)
5 Avinash Anand 3 Years 5 Years ISO 27001 LA
6 Kushagra 1.5 Year 1.5 Year NIL
Krishnatrey
7 Esther Rani 6 Months 10 Years ISO 27001 LA
8 Gaurav Pandey 4 Months 2.5 Years CEH, ITIL
9 Bhushan Joshi 2 Years 5 Years CEH, CND ,CCNA

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

• Multi-Crore ATM, Server Security Monitoring Project for BFSI Client across multiple
locations in India.
• 1 Cr+ Value Entire Information Security Services Portfolio execution & management for
Indian setup of global retail giant.

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):

Commercial Freeware Proprietary

Nessus Pro BurpSuite BRISK
R-Studio Acunetix Custom Virtual Machines
Acunetix Owasp Zap Audit Scripts
BurpSuite Nmap PhishMeister
Nipper Studio Metasploit
Netsparker Netcat
Checkmarx Nikto
Appknox Wireshark
Encase Procmon
Autopsy Webinspect
Nessus (AWS)
Masscan
Recon-ng
apk tool
Drozer
d2j-dex2jar
jd-gui
KeyTool
JarSigner
ZipAlign
SoapUI (Community)
PostMan
Echo Mirage
Process Hacker
Regshot
Bizsploit
Mallory
JAVA Snoop
Interactive TCP Relay
WinHex tool
JetBrainsDotPeek
IDA Pro /Olly dbg
CFF Explorer
Searchsploit
SQL Map
Harvester
Sublister
Nipper Studio
Santoku VM
Android Studio

10. Outsourcing of Project to External Information Security Auditors / Experts: NO

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: NO

12. Whether organization is a subsidiary of any foreign based organization?: NO

If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : NO

*Information as provided by ANZEN Technologies Pvt. Ltd. on 28July 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Attra Infotech Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization :

Attra Infotech Pvt. Ltd,

No. 23 & 24, 2nd Floor, AMR Tech Park II, Hongasandra, Bengaluru – 560068

2. Carrying out Information Security Audits since : <January 2018 >

3. Capability to audit , category wise (add more if required)

• Network security Assessment(Y/N) : Yes

• Web-application security Assessment(Y/N) : Yes
• Wireless security Assessment(Y/N) : Yes
• Compliance audits (ISO 27001, PCI, etc.)(Y/N) : Yes
• Secure SDLC Review (Y/N) : Yes
• Secure Code Review (Y/N) : Yes
• API and Web services security assessment (Y/N) : Yes
• Mobile App Security Testing (Y/N) : Yes
• Payment Gateway Assessment(Y/N) : Yes
• Source Code Review (Y/N) : Yes
• Cloud Security Assessment (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : <number of>

PSU : <number of>
Private : <4>
Total Nos. of Information Security Audits done : 4

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : <1>

Web-application security audit : <2>
Wireless security audit : <None>
Mobile Application security audit : <1>
Compliance audits (ISO 27001, PCI, etc.) : <None>

6. Technical manpower deployed for informationsecurity audits :

CISSPs : <1>
BS7799 / ISO27001 LAs : <3>
CISAs : <None>
DISAs / ISAs : <None>

Any other information security qualification:

CPISI : <3>
CEH : <2>
Total Nos. of Technical Personnel :9

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. <Attra Infotech> Information Information security
Security
1 Lakshmikanth 2.4 CISSP, ISO 27001 Lead
Reddy Gajjala 14 Auditor
2 Bharadwaj 4.9 8 CEH
Doddaballapur
Jagannath
3 Certified Information
Security Risk Assessor,
Certified Payment Card
Security Implementer,
Certified Business
Continuity Management
Assessor, and Certified
Data Security Control
Riaz Kakroo 2.9 20 Assessor
4 CPISI, ISO27001 LA,
Deepika Wadhwani 10.6 10.6 ISO31000
5 CPISI , Certified risk
Harish professional, Purusing
Eshwarappa 6.4 6.4 ISO 27001 LA
6 CEH, Nessus Certificate
of Proficiency,
Tenable.io Certificate of
Sabareesh VK 2.7 2.7 Proficiency, (OSCP)
7 Vinoth KR 2.3 2.3 (OSCP)
8 Jeshu Rai 4.5 4.5 CPISI, Trained in CCNA
9 H Manohar Rayker 0.3 6.5 Pursuing CISSP

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Web and Mobile applications security audit for European largest card processing and payment
services provider comprising of -
• Multiple complex web application involving merchant onboarding, card Acquiring &
Issuing, End-user and Salesforce Applications with various user access levels
• Mobile applications (Android and iOS variants) for Merchants onboarding and self-service
modules for transactions
• Internal web applications for backend interface, monitoring, and admin activities
• Total Project Value = 2.75 Million USD (Security testing was a large part of the overall
project)

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial Proprietary Opensource

• Rapid7 InsightVM • CyberSecurus • Nmap
• Nessus Professional • Phishing simulator • Sqlmap
• Burp Suite Professional • Custom scripts and • OWASP Zed Attack
• Nipper Studio codes developed on Proxy
• ManageEngine need basis • Nikto web scanner
• Darktrace Antigena • Weevely
• Fortinet • Dirbuster
• McAfee • Metasploit
• Symantec • NetCat
• W3af
• Wireshark
• exploit-db
• Aircrack-ng
• Cain and Able
• SSLstrip
• MobSF
• Wazuh
• Suricata
• Firewalk
• Httprecon
• Curl
• Kali Linux
• Firefox browser and
add-ons

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : Yes
Attra Infotech Pty Ltd

13. Locations of Overseas Headquarters/Offices, if any : Yes

Australia— Headquarters

Level 4, Suite 4
990 Whitehorse Road
Box Hill, Vic – 3128
Australia
Phone: +61 3 9895 0555

*Information as provided by <Attra Infotech Pvt. Ltd> on <30-July-2021>

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Aujas Cybersecurity Limited

1. Name & location of the empanelled Information Security Auditing Organization:

Aujas Cybersecurity Limited (Previously known as Aujas Networks Ltd)

Bengaluru, Karnataka

2. Carrying out Information Security Audits since : 2008

3. Capability to audit , category wise (add more if required)

• Network security audit - Y

• Web-application security audit - Y
• Wireless security audit - Y
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) - Y
• Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) - Y
• ICS/OT Audits - N
• Cloud security Audits - Y

4. Information Security Audits carried out in last 12 Months :

Govt. : 03
PSU : 01
Private : 165+
Total Nos. of Information Security Audits done : 170+

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 25+

Web-application security audit : 100+
Wireless security audit : 5+
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 25+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : 10+
ICS/OT Audits : 0
Cloud securityAudits : 5+

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 11
BS7799 / ISO27001 LAs : 40
CISAs : 08
DISAs / ISAs : 0
Any other information security qualification:
CEH – 115+
OSCP – 20+
OSWP -6
Total Nos. of Technical Personnel : 685+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. <Aujas Information Security Information security
Cybersecurity
Ltd.>
1 A Memane 3.3 5.7 CEH
2 Balaji G 1.7 4.1 CEH
3 B Reddy 3.6 7.7 CEH
4 Irfan Y 3.5 9.3 CEH, Azure
fundamentals
5 K Manoharan 2.7 5.5 OSWP, CPISI
6 Aniket L 2.5 6.3 CEH, CHFI, ECSA,
OSCP
7 Bimal S 1.9 4.1 CRTE, OSCP
8 M Yusuf 0.2 3.8 CEH, ECSA
9 I John 1.7 6.3 CEH, Qualys certified
vulnerability
management
10 P Nigam 0.5 5.6

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

One of the largest private banks in India (client name cannot be disclosed as we signed NDA
with client)
We performed security assessment of around 300 applications including web Applications, SOAP
& REST web Services & Android & iOS mobile applications. We also performed architecture
review of web & cloud-based applications as well as of the infrastructure.

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Name Description
Open-Source Tools
Kali Linux Security Testing platform
Paros HTTP/S Interception Proxy
Nikto HTTP/S Interception Proxy
OWASP ZAP Web Vulnerability Scanner
Cookie Editor Firefox Plug-in to Edit Cookies
Dirbuster brute-force the directories
SQL Map SQL injection Framework
Beef XSS scanner and exploitation framework
Nmap Port Scanner, Fingerprinting
Dbeaver Universal Database tool
WinHex Cache / Ram Memory reader
John the Ripper Unix and Windows Password Analyzer
Metasploit Exploitation tool
SOAP UI Web service proxy tool
Postman Web Service proxy tool
SSL Strip SSL stripping proxy
Wireshark Packet Analyzer
Hex Editors Manipulation of binary data
Android SDK Administration tools for SQL Database
Apk tool Reverse Engineering of APK files
hextojar Conversion of Hex to Jar
Charles Web debugging proxy
Fiddler HTTP debugging proxy server application
xcode Integrated Development Environment
SQLite Manager Relational database management system
Android tamer Android security testing platform
Disassembler Machine language to assembly language translator
Drozer Android exploit Framework
ADB Android testing Framework
Commercial Tools
Burp Suite Pro Web Vulnerability Scanner & Interceptor
Acunetix Web Scanner Tool
Nessus Professional Vulnerability Assessment
Nipper Firewall & Network Configuration Audit Tool
Proprietary Tool
Phishnix Phishing Simulation

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes

San Francisco Metro Area 19925 Stevens Creek Blvd. Suite #100, Cupertino, CA 95014,
United States of America.
New York Metro Area 2500, Plaza 5, Harborside Financial Center, Jersey City, NJ
07311,
United States of America.
Dallas Fort Worth Metro 5700 Granite Pkwy, Suite 200, Plano, TX 75024, United
Area States of America.
Ottawa Gatineau 400−1565 Carling Avenue, Ottawa, Ontario K1Z 8R1,
Cybersecurity Cluster Canada.
UAE Saif Suite Z1-66, P.O. Box 121421, Sharjah, United Arab
Emirates.
KSA WH01-04, Digital City, Second Floor, Unit 11, Riyadh, Saudi
Arabia.

*Information as provided by Aujas Cybersecurity Limited (Previously known as Aujas

Networks Ltd) on 2nd Aug 2021.

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s CEREIV Advisory LLP

1. Name & location of the empanelled Information Security Auditing Organization:

CEREIV Advisory LLP,

Chembakam Building, Koratty Infopark, Thrissur Dt, Kerala – 680 308
(Previously Known as ValueMentor Consulting LLP and on 10/06/2019 name changed to
CEREIV Advisory LLP)

2. Carrying out Information Security Audits since : <2013>

3. Capability to audit, category wise (add more if required)

• Network security audit(Y/N)

• Web-application security audit (Y/N)
• Wireless security audit(Y/N)
• Compliance audits (ISO 27001, IS Audit, etc.) (Y/N)
• Mobile Application Audit (Y/N)
• Thick/Thin Client Audit (Y/N)
• API Testing(Y/N)

4. Information Security Audits carried out in last 12 Months:

Govt clients. : 50
PSU clients : 2
Private clients : 47
Total Nos. of Information Security Audits done : 99

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 10

Web-application security audit : 58
Wireless security audit : 0
Compliance audits (IS Audit, etc.) : 11
Mobile Application Audit : 17
Thick/Thin Client Audit : 1
API Testing : 2

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 3
BS7799 / ISO27001 LAs : 3
CISAs : 5
DISAs / ISAs : 0
Any other information security qualification : 11
Total Nos. of Technical Personnel : 11

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience in Qualifications related

No. Employee <CEREIV Information to Information security
Advisory LLP> Security
1 Binoy 8.5 Years 15+ Years CISSP, CISA, CISM,
Koonammavu CRISC, SBCI

2 Balakrishnan 6.5 Years 20+ Years CISSP, CISA, CISM, ISO

Alingal 27001 LA
3 Jobbin Thomas 8.5 Years 15+ Years CISSP, CISA, ISO 27001:
2013 LA
4 Angela Maria 8.5 Years 14+ Years CISA, CISM, ISO 27001
Paulson LA
5 Renjith T C 7.5 Years 7.5 Years OSCP, CREST Practitioner
Security Analyst, CREST
CRT, AUSE
6 Sandeep Rajan 7 Months 6 Years CISA, ISO 27001 LI
7 Melbin Mathew 4.5 Months 2 Years CEH, OSCP, EU GDPR
8 Nikhil Tony 1.9 Years 1.9 Years CEH, ISO 27001 LI
9 Aravind Murali 1.8 Years 1.8 Years CEH, ECSA
10 Mohammed Faris 1.8 Years 1.8 Years CEH
11 Hemant Boban 1.8 Years 1.8 Years CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Client Name – Perfect Software Solutions Pvt Ltd

Scope – Web Application VAPT
Scope in Detail:
• No of Application and Name of Application – 1, SCORE – Smart core Banking
• Number of Dynamic pages – 690
• Number of static pages –4
• Number of login systems - 1
• Number of Input forms – 690
• Number of Input Fields – 6000
• Roles- Normally 2. Maker, Checker.Multiple User defined Roles like Administrator, Manager, etc.
• API - 4 Web services

Project Value–INR 2,30,000.00

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Wireless security audit Mobile Application Audit

Aircrack 3utools
AirSnort Android Debug Bridge
Cain & Abel APKTool
Fern Wifi Burp Professional
Kali Linux tools Cydia
dex2jar
Drozer
Exposed Fremework
Frida
GenyMotion
Kali Linux tools
Libertylite
MobSF
QARK
RMS Framework
RootCloak
SSLBypass
SSLKillSwitch
SSLUnpinning
Thick/Thin client Audit
Burp Professional
CFF Explorer
DIE Tool
Echo Mirage
IDA Debugger
ITR
Kali Linux tools
Proccess Monitor
Process Hacker
RegShot
WinHex
Wireshark

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No

12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes/No

*Information as provided by <CEREIV Advisory LLP> on <02-8-2021>

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Hewlett Packard Enterprise India Pvt Ltd.

1. Name & location of the empanelled Information Security Auditing Organization :

Hewlett Packard Enterprise India Pvt Ltd,

#24, Salarpuria Arena, Hosur Main Road, Adugodi, Bangalore-560030, India.

2. Carrying out Information Security Audits since : 2012

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 2
PSU : 1
Private : 3
Total Nos. of Information Security Audits done : 6

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 3

Web-application security audit : 3
Wireless security audit : 1
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 1
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : 1
ICS/OT Audits : 2
Cloud security Audits : 1

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 5
BS7799 / ISO27001 LAs : 3
CISAs : 6
DISAs / ISAs : 0
Any other information security qualification : 10
Total Nos. of Technical Personnel : 23

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related

No. <organization> Information Security to Information security
1 Suhas Nayak 3 9 years CEH, pursuing CRTP
2 Malligarjunan 10 15 years Pursuing CISA
Easwaran
3 Suhas V 4 2 years CEH
4 Suhas Shivanna 16 10 years CISSP/CEH
5 Kishore Lakshman 14 3.5 years CEH
6 Nishant Rawtani 5 4.5 years CEH
7 Supriya 7 4.5 years CEH
Kamthania
8 Dhrumil Shah 2 13 years ECSP
9 Brahmaji Potluri 17 7 years CEH
10 Anoop Chandra B 5 3.5 years CEH
N
11 Ragashree M C 3 1.5 years Pursuing CEH
12 Sujith Emmanuel 7 5 years CEH
13 Rakshith S 3 1 year Pursuing CEH
14 Shivakanth 11 6 years CEH
15 Elayaraja 15 3 years CISA

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Customer Name: Largest Automobile Manufacturer, Europe.

Volume: 20000+ IP’s for VAPT / Vulnerability Management
Complexity: Project includes security assessment of Web, Network devices and Server
infrastructure. It is a Multi-geo project been delivered from different HPE locations.
Locations: 4 countries across WW.
Project value: > $10Mn

Customer Name: Largest Defence Manufacturing Organization, India

Volume: 500+ IP’s for VAPT
Complexity: Project includes security assessment of Web, Network devices and Server
infrastructure.
Locations: 9 locations within India.
Project value: $2.5Mn

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

a. Burpsuite Pro
b. Tenable Nessus
c. Qualys Guard Scanner
d. Metasploit Pro
e. HCL AppScan
f. HPE Armor
g. nMap
h. DirBuster
i. Nikto
j. Hydra
k. Johntheripper
l. Maltego
j. SQLmap
k. PadBuster
l. Wfuzz
m. WPscan
n. Airbase-ng
o. Aircrack-ng
p. Airodump-ng

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes

Hewlett Packard Enterprise

6280 America Center Dr.
San Jose
California
95002
United States

*Information as provided by Hewlett Packard Enterprise India Pvt Ltd on 29-Jul 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Innovador Infotech Private Limited

1. Name & location of the empanelled Information Security Auditing Organization:

Innovador Infotech Private Limited

Corporate Office:
1128, Ahmamau, Opposite Walmart Best Price,
Shaheed Path, Arjunganj, Lucknow - 226002
(Uttar Pradesh)
Tel: +91-8896605755, +91-7080259900, +91-9076239906
Email ID – contact[at]innovadorinfotech[dot]com
Pentest[at]innovadorinfotech[dot]com

2. Carrying out Information Security Audits since : 2013

3. Capability to audit, category wise (add more if required)

• Network security audit : Yes

• Web-application/API security audit : Yes
• Wireless security audit : Yes
• Compliance audits (ISO 27001, PCI, etc.) : Yes
• IT Infrastructure Audits : Yes
• Mobile Application security audit : Yes
• Thick Client Application security audit : Yes
• Payment Gateway Audit : Yes
• IT Risk Assessment : Yes
• UIDAI AUA/KUA Audit : Yes
• Vulnerability Assessment and Management : Yes
• Penetration Testing (Web/Network/Infra) : Yes
• Cyber Crime Investigation : Yes
• Cyber Forensics Investigation (Mobile Forensics, Computer Forensics, Audio/Video
Forensics, Network Forensics, CDR & IPDR Analysis, Email Forensics etc.): Yes
• Credit/Debit Card Fraud Investigation : Yes
• VOIP Fraud Investigation : Yes
• IT Security Consulting Services : Yes
• Information Security Awareness / Cyber CrimeInvestigation Trainings: Yes
• OWASP Top 10 Awareness Training : Yes
• Social Engineering : Yes
• Threat Modeling : Yes
• Operational Technology (OT) Audits : Yes
• SCADA & Critical IT Infrastructure Audits : Yes

4. Information Security Audits carried out in last 12 Months:

Govt.: 10+
PSU: 0
Private: 50+
Total Nos. of Information Security Audits done: 60+

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 10+

Web-application security audit : 20+
Wireless security audit : 2
Mobile Application Security Assessment : 2
Penetration Testing : 15+
Cyber Crime Investigation : 20+
Compliance audits (ISO 27001, PCI, etc.) : 2
IT Infrastructure Audit : 1
Web API Security Audit : 2
UIDAI AUA/KUA Audit : 1
SBI Vendor Site Compliance Certificate (SBI VSCC) : 1

6. Technical manpower deployed for informationsecurity audits:

OSCP: 3
BS7799 / ISO27001 LAs: 1
CEH: 6
Any other information security qualification: 5
Total Nos. of Technical Personnel: 10+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. No. Name of Employee Duration with Experience Qualifications related

Innovador in to Information
Infotech Information security
Security
1. Rahul Mishra (Technical 8+ Yrs 10+ Yrs Certification in
Director – Information Ethical Hacking &
Security) Penetration Testing
2. Minhal Mehdi(Security 6+ Yrs 6+ Yrs OSCP, CEH, Certified
Consultant) Information Security
Expert
3. Chatak Vajpayee (Security 3+ Yrs 6+ Yrs CEH
Analyst)
4. Neha Garg (Sr Security 4+ Yrs 9+ Yrs OSCP, CEH
Consultant)
5. Virender Nishad (Sr 3+ Yrs 6+ Yrs CEH
Security Analyst)

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

One of the leadingtechnical institute:50+ Network Devices, 10+ Web Applications, 500+ IP
Addresses, Configuration Review. Value of the Project was approx.10 Lacs.

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Commercial Freeware Proprietary

Burp Suite Professional Metasploit In-house developed
Tenable Nessus OWASP ZAP scripts and tools
Nmap, Superscan and Fport
Metasploit framework, Netcat

BeEF , Cain &Abel, Hydra, John

the ripper

Aircrack-ng, Kismet

Nikto, OpenVAS, w3af,

SQLMap, wp-scan

Kali Linux

10. Outsourcing of Project to External Information Security Auditors /Experts: No

(If yes, kindly provide oversight arrangement (MoU, contract etc.)

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No

12. Whether organization is a subsidiary of any foreign based organization? No

If yes, give details
13. Locations of Overseas Headquarters/Offices, if any: No

*Information as provided by Innovador Infotech Private Limited on Dec17, 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Kratikal TechPrivate Limited

1. Name & location of the empanelled Information Security Auditing Organization:

Kratikal TechPrivate Limited

A-130, Second Floor, Sector 63, NOIDA, Uttar Pradesh - 201301

2. Carrying out Information Security Audits since : 2013

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) YES

• Vulnerability Assessment & Penetration Testing (Y/N) YES
• Web-application security audit (Y/N) YES
• Phishing Simulation Exercise (Y/N) YES
• Wireless security audit (Y/N) YES
• Source Code Review (Y/N) YES
• Mobile Application Audit (Y/N) YES
• Information Systems Audit (Y/N) YES
• IT Risk Assessment (Y/N) YES
• Formulation of IT policies & Procedures (Y/N) YES
• ERP Audit (SAP, etc.) (Y/N) YES
• Configuration Analysis and Auditing (Y/N) YES
• API Security Audit (Y/N) YES
• Thick Client Security Audit(Y/N) YES
• Cloud Security Audit(Y/N) YES

4. Information Security Audits carried out in last 12 Months:

Govt. : 0
PSU : 0
Private : 63+
Total Nos. of Information Security Audits done : 63+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
ISCP : 11
CEH : 3
DISAs / ISAs : 0
Any other information security qualification : 2
Total Nos. of Technical Personnel : 12
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Profile of Employee Duration with Kratikal Experience Qualifications related to

No. Employee Tech Pvt Ltd in Information security
Information
Security
1 Pavan Kumar CEO 7 year(s) 8 month(s) 7.5 B. Tech, ISCP
2 Paratosh Kumar CTO 7.5 B. Tech (CSE),
7 year(s) 8 month(s) CCNA(Training), ISCP
3 Archit Jain Sr. Security 3 year(s) 3 MCA, BCA, ISCP
Analyst
4 Jai Prajapati Sr. Security 2 year(s) 11 month(s) 5 PG- Cyber Security, BCA,
Analyst ISCP, CEH
5 Anjali Chauhan Security Analyst 2 year(s) 11 month(s) 3.5 BCA, ISCP, AD-Cyber
Security
6 Rishabh Sahni Security Analyst 2 year(s) 7 month(s) 3 MCA, BCA, CEH, ISCP
7 Niraj Kumar Security Analyst 2 year(s) 2 BSc (IT), CCNA(Training),
MCSA(Training),
VMware((Training), ISCP
8 Vinay Kardam Security Analyst 2 year(s) 2 month(s) 2.5 B. Tech (CSE), ISCP
9 Samir Ahmad Security Analyst 11 month(s) 2 B. Tech (IT), ISCP
Malik
10 Madhur Jain Security Analyst 4 Month(s) 1 B.E. (Mech), ISCP
11 Nilesh Patil Security Analyst 6 Month(s) 1 BCA, CEH
12 Shaquib Izhar Security Analyst 3 Month(s) 2 Diploma in computer
engineering

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Web application Security assessment, Internal and external Network Penetration

Testing and Security configuration review for two of their Major infrastructure
India’s Leading within the country.
Infrastructural The scope of work includes security audit of Web applications, SOAP web
Company services, IPs, devices configuration, Phishing Simulation Exercise, incident
response service.
The Project value was 30 Lacs Annually
Web Application and Mobile Application secure code review, Web application
Penetration Testing, IT Infrastructure Penetration Testing, Phishing and
Ransomware simulation services, Security Awareness training services for their
India’s Leading Organisation.
Ecommerce Company The scope of work includes security audit of web application subdomains,
web applications, Firewalls, Network Devices, switches, Web servers, security
awareness and phishing simulation for 2000 employees of the organisation.
The Project value was 40 Lacs Annually

9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):

Vulnerability
Information Gathering Mapping Assessment Exploitation

1. Dnsenum 1. Nmap 1. Nessus Professional 1. Metasploit

2. Dig 2. Ike-scan 2. Netsparker 2. John the Ripper

3. Whois 3. Dirbuster 3. Wp-scan 3. Hostapd

4. Wget 4. Openssl 4. JoomlaScan 4. Fluxion

5. Maltego 5. Sslscan 5. OpenVas 5. W3af

6. Google Advanced
search 6. Netcat 6. Nikto 6. Sqlmap

7. Shodan.io 7. Jwtcat 7. Burp suite professional 7. Routersploit

8. Cloudenum 8. Traceroute 8. SOAPUI 8. BeEF Framework

9. Ffuf 9. Enum4linux 9. Acunetix Web Scanner 9. Hydra

10. Angry IP 10. Custom Python
10. Sublister Scanner 10. Vega Scripts

11. Crt.sh 11. Wireshark 11. Qualys 11. Drozer

12. Mxtoolbox 12. Ettercap 12. Prowler 12. ADB

13. Github 13. Scoutsuite

14. Wappalyzer 14. MobSF

15. ProcMon 15. Nipper

16. Process Hacker

17. SysInternal suite

19. DotPeak

20. Cffexplorer

21. Jwt.io

10. Outsourcing of Project to External Information Security Auditors / Experts: No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No

12. Whether organization is a subsidiary of any foreign based organization?: No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any: No

*Information as provided by Kratikal Tech Private Limited on 20-July-2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s HackIT Technology and Advisory Services

1. Name & location of the empaneled Information Security Auditing Organization:

HackIT Technology and Advisory Services, Kochi, Kerala

2. Carrying out Information Security Audits since : 2012

3. Capability to audit, category wise (add more if required)

4. Information Security Audits carried out in last 12 Months:

Govt. : 1
Private : 6
Total Nos. of Information Security Audits done : 12

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 1

Web-application security audit : 7
Android Application Security Audit : 2
Wireless security audit : 0
Compliance audits (ISO 27001, PCI, etc.) : 1

6. Technical manpower deployed for information security audits:

CISSPs : 3
BS7799 / ISO27001 LAs : 2
OSCP - 3
OSCE - 1
CISMs : 2
Any other information security qualification : 5+
Total Nos. of Technical Personnel : 19

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

SL No Name of Employee Duration Experience Qualifications related to Information

with in security
HackIT(In Information
Months) Security(In
Months)
1 Manu Zacharia 111 315 CEH,CHFI,CCNA,MCP,CICP-EX, Certified
ISO 27001-2005 Lead Auditor,MVP-
Enterprise Security (2009-2012), ISLA-
2010 (ISC)²
2 Akash Joseph Thomas 86 86 CEH
3 Deshmukh Rohit Shivaji 12 12 DBDA
4 Gowthaman K S 20 30
5 Mahima Bajrang Mangal 16 16 DITISS
6 Nitin Wadhawan 32 36
7 Mehta Ruchi Birenbhai 17 17 DITISS
8 Vishak V 32 32 CEH
9 Viraj Chudasama 11 15
10 Sunidhi Chavan 10 19
11 Khushboo Anand 7 42
12 Ujjwal Das 7 62
13 Rahul Kushwaha 5 57 CEH
14 Rashi Gupta 5 5 DITSS
15 Utkrashi 4 41
16 Savalia Yamini 4 4 CNSS
Mathurbhai
17 Singh Sanjeev Ravindra 3 3 CNSS
18 Rushabh Vaghela 1 1 CSFPC
19 Hritish Kumar 1 12 OSCP, OSCE
External Consultants

1 Venkatesh Siddi 148

GIAC-2013,OSCP-2013,GPEN-2012,CEH-
2010,MASE-2008,MCP-2007,Microsoft
Certified Professional (MCP)
GIAC Certified Penetration Tester (GPEN)
GIAC Certified Intrusion Analyst (GCIA)
Manipal Appin Security Expert (MASE)
Certified Ethical Hacker (CEH v6)
Offensive Security Certified Professional
2 Harsh Patel 64 CISSP(2013)
3 Jiggyasu Sharma 118 CISSP,Offensive Security Certified
Professional (OSCP),SANS- 561
Certified,EC-Council Certified Security
Analyst (ECSA) v8,EC-Council Certified
Security Analyst (ECSA) v8
4 Gobinda C Patra 264 CRISC,CISM
5 Chandru R 178 CISSP,CISM,CPSA,CCSK,FireEye,C|TIA,E|
CIH,GCP,C|HFI,C|EI,MCT,Security+,- IBM
Qradar, AWS Certified Solutions Architect
| Security Specialty, COBIT® 5 ISO/IEC
27001:2013 ISMS Auditor/ Lead Auditor –
TUV SUD,
6 Akib Sayyed 159

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Sl No Project Overview Value

1 Client: A Business Group with interest in Data Protected by NDA,

Jewelry, Retail and Real Estate which restricts public
disclosure
Scope of Work:

• ISMS Audit and Consultancy

• Web Application Security Audit
• Infrastructure/Network Security
Audit
• Cloud Security Audit

Engagement Mode: Augmented, Annual,

Remote

Billing: Hourly

2 Client: Member Nations, UN, through ITU Data Protected by NDA,

which restricts public
Scope of Work: Cyber Security Consultancy disclosure

Engagement Mode: Onsite

Billing: Hourly

3 Client: Service Provider to the Health Data Protected by NDA,

Sector, USA which restricts public
disclosure
Scope of Work:

• External VA-PT
• ISMS consultancy to ensure security
maturity level as mandated by
HIPAA

Engagement Mode: Remote/ Onsite

Billing: Flat Rate

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

10. Outsourcing of Project to External Information Security Auditors / Experts: Yes

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any: No

*Information as provided by HackIT Technology and Advisory Services on 20/8/2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s G.D. Apte & Co.

1 Name & location of the empanelled G.D. Apte & Co.

Information Security Auditing
Organization
2 Carrying out Information Security Audits <2005>
since
3 Capability to audit , category wise (add
more if required) :
Network security audit (Y/N) Yes
Web-application security audit (Y/N) Yes
Wireless security audit (Y/N) Yes
Compliance audits (ISO 27001, IEC Yes
62443, IEC 27019, PCI, etc.) (Y/N)
Finance Sector Audits (Swift, ATMs, API, Yes
Payment Gateway etc.) (Y/N)
ICS/OT Audits(Y/N) No
Cloud security Audits (Y/N) Yes
4 Information Security Audits carried out in
last 12 Months :
Govt. <->
PSU 1
Private <->
Co-Operative 2
Total Nos. of Information Security Audits 3
done
5 Number of audits in last 12 months ,
category-wise (Organization can add
categories based on project handled
by them) :
Network security audit ---
Web-application security audit ---
Wireless security audit ---
Compliance audits (ISO 27001, IEC 2
62443, IEC 27019, PCI, etc.)
Finance Sector Audits (Swift, ATMs, API, ---
Payment Gateway etc.)
ICS/OT Audits ---
Cloud security Audits ---
Systems Design Review 1
Concurrent Audit Data Center 1
Systems Audit 2
Internal Financial Controls/ITGC 1
6 Technical manpower deployed for
information security audits :
CISSPs 1
BS7799 / ISO27001 LAs 1
CISAs 3
DISAs / ISAs 5
Any other information security ---
qualification
Total Nos. of Technical Personnel 10

7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)

Sr. Name of Employee Duration Experience in Qualifications related

No. with GD Information Security to Information
Apte & Co. security
1 Prakash P. Kulkarni 36 years ITGC : 15 years CISA, DISA, FAFD
(Partner)
2 Saurabh S. Peshwe 15 years Information Security CISA & DISA
(Partner) : 6 years
3 Umesh S. Abhyankar 18 years ITGC : 6 years DISA
(Partner)
4 Ashwini A. Khade 5 years ITGC : 6 years DISA
(Partner)
5 Santosh B. Rashinkar 8 years ITGC DISA, FAFD
(Partner)
6 Anagha M 13 years ITGC : 5 years DISA
Nanivadekar
(Partner)
7 Pranav R. Apte 11 years ITGC : 7 years DISA, FAFD
8 Rajesh Dhadphale 11 years IT Management, ITGC CISA, ISO 27001 LA,
& ISO 27001 CISM, ITIL V3(F)
Consultancy,
Applications Audit :
18 years
9 P.D.Bapat 20years ITGC & Applications CISA, Diploma in
Audit : 3 years Cyber Laws
10 Rajesh Deodhar 3 years (As Network Security, CISA, CISSP
Consultant) VAPT : 12 years

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.

Syndicate Bank Project

Locations: Bengaluru, Mumbai

Scope: NPA Management System, RAM-CAM Application, Integrated Treasury Systems
Aggregate Project Value: Rs. 30 lakh

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Nessus, Burp Suite, Open VAS, Nikto, Nmap, Ntop, Wireshark, Aircrack-NG, Yersinia,
Customized scripts, Firefox add-ons

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : No

*Information as provided by G.D.Apte & Co. on 2 August 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Lucideus Technologies Private Limited

1. Name & location of the empanelled Information Security Auditing Organization:

Lucideus Technologies Private Limited

Registered Address: A-1/20, Basement Safdarjung Enclave, New Delhi - 110020

2. Carrying out Information Security Audits since : March 2017

3. Capability to audit , category wise (add more if required)

○ Network security audit (Y/N) : Yes

○ Web-application security audit (Y/N) : Yes
○ Mobile Application Security Audit : Yes
○ Security Architecture Review : Yes
○ Security Configuration Assessment : Yes
○ Wireless security audit (Y/N) : Yes
○ Cloud Security Audit : Yes
○ Source Code Review : Yes
○ Red Team Assessment : Yes
○ Compliance audits (ISO 27001, PCI, etc.) (Y/N) : No

4. Information Security Audits carried out in last 12 Months :

○ Govt. : 0
○ PSU : 0
○ Private : 100+
○ Total Nos. of Information Security Audits done : 100+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

○ Network security audit : 30+

○ Web-application security audit : 35+
○ Mobile Application Security Audit : 12+
○ Security Configuration Assessment : 6+
○ Cloud Security Audit : 5+
○ Source Code Review : 2+
○ Red Team Assessment : 10+
○ Compliance audits (ISO 27001, PCI, etc.) : No

6. Technical manpower deployed for information security audits :

○ ISO 27001 LAs : 10

○ Any other information security qualification:
● OSCP : 12
● OSWP : 01
● CRTP : 02
● CEH : 05
● CSP: (Cloud Security Speciality) : 01

○ Total Nos. of Technical Personnel : 35+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Duration with Lucideus Experience in Qualifications related to

S. No. Name of Employee (Working Since) Information Security Information security

1 Vidit Baxi 1 June 2012 11+ MCTS, MCP

2 Rahul Tyagi 1 August 2013 11+ OSCP

3 Rubal Jain 20 March 2017 7+ OSCP

4 Piyush Sharma 18 Sep 2017 4+ OSCP

5 Silky Choudhary 12-Dec-2018 5+ OSCP

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
○ Security assessment of 1400 applications for global largest media conglomerate
○ Infrastructure Security Assessment of some of the largest banks In India
○ Red Team Assessments of some largest private banks in India

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

○ Commercial: Acunetix, Checkmarx, Cobalt Strike, Burp Suite, Nessus Professional
○ Proprietary: SAFE
○ Open source tools: Objection, Frida, Nuclei, MobSF, SQLMap, Nmap, Wireshark,
Nikto, Metasploit

10. Outsourcing of Project to External Information Security Auditors / Experts : No

11. Whether the organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether the organization is a subsidiary of any foreign based organization? : Yes

○ The organisation is a 99.99% subsidiary of Safe Securities Inc. (formerly known as

Lucideus Inc.), which is a corporation existing under the laws of the State of Delaware

Principal Address: Safe Securities Inc: 3000 El Camino Real, Building 4, Suite 200, Palo
Alto, CA 94306, USA.

13. Locations of Overseas Headquarters/Offices, if any : Yes

● Safe Securities Inc:

Registered Office: 1013 Centre Road, Suit 403-B, City of Wilmington, Country of New
Castle, Zip Code 19810-4345.

● Lucideus PTE Ltd :

Registered Office: 6 RAFFLES QUAY #11-07, Singapore, 048580

*Information as provided by Lucideus Technologies Private Limited on 2nd August 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s MapleCloud Technologies

1. Name & location of the empanelled Information Security Auditing Organization:

MapleCloud Technologies, Delhi.

2. Carrying out Information Security Audits since : 2014

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Y

• Web-application security audit (Y/N) : Y
• Wireless security audit (Y/N) : Y
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y

4. Information Security Audits carried out in last 12 Months :

Govt. <number of> : 0

PSU <number of> : 0
Private <number of> : 6
Total Nos. of Information Security Audits done : 6

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit: <number of> : 6

Web-application security audit: <number of> : 6
Wireless security audit:<number of> : 6
Compliance audits (ISO 27001, PCI, etc.):<number of> : 3

6. Technical manpower deployed for informationsecurity audits :

CISSPs : <number of>: : 1

BS7799 / ISO27001 LAs : <number of>: : 2
CISAs /CISM: <number of> : 2
DISAs / ISAs : <number of> : 0
Any other information security qualification:<number of> : 8
Total Nos. of Technical Personnel : 8

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

. Name of Duration with Experience Qualifications related to

No. Employee <organization> in Information security
Information
Security
1 Yogendra 7 Years 22 years • CISM – Certified Information
Rajput Security Manager
CPISI – Certified Payment Card
Industry Security
Implementation
ISO 27001 Implementation
Certificate from BSI.
Checkpoint Certified Security
Administrator [CCSA].
• ITIL V2 and V3 & ISO 20000
Cisco Certified Network Associate
[CCNA].

2 Himanshu Gaur 1 Years 11 Years PMP, CISSP, CISM,CEH, ITIL, ISO-

27001 LA, IBM Certified system
programmer
3 Mayur W 1 year 1 Year ICSI | CNSS Certified Network
Security Specialist
4 Archit S 1 year 2.5 Years CEH
5 Tavish Thakur 4 Years 4 Years CCNA Security
6 Shivendra 4 Years 8 Years CCNA
7 Eslin Rajkumar 4 Months 3 Years CCNA
8 Vijay Kaushik 1Year 11 Years CCNA,MCP, GDPR

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Performed security audit for following devices:

S.No. No of Devices/Server OS version Type Internet No of Data No of End

/network/Applications Facing/ Centers users
/Locations Internal (Employee)
1 Total Locations - 32 2
2 Routers : 140
Switches : 231
Firewalls : 75
WLC : 16
AP : 110
Applications : 22
3 Windows Server (Total Windows Internal 1 3500
- 118) Server 2012
R2
4 Exchange Server 2013 Mailing Internet 2 3500
5 SAP Redhat Linux ERP Internet 1
7.2

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

• Burp Suite Professional

• Nessus Professional
• IBM AppScan
• Acunetix
• Custom Scripts
• QualysGuard
• Metasploit
• Kismet
• SQLMAP
• Wireshark
• ZAP
• Netsparker
• Nikto
• Fiddler
• WinHex
• OpenVAS
• Beef
• W3AF
• WP-Scanner
• HPing3
• Echo Mirage
• Geny Motion
• WebScarab
• Drozer
• MobSF
• Nmap
• Aircrack suite
• Cain & Able
• JohnTheRipper
• IronWasp
• Social Engineering Toolkit

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No : No

12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes/No : No

*Information as provided by MapleCloud Technologies on 23rd July-2021.

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s MobiTrail

1. Name & location of the empanelled Information Security Auditing Organization:

MobiTrail
Office No 205, Triumph Estate, Near Express Zone,
Goregaon East, Mumbai, Maharashtra 400063

2. Carrying out Information Security Audits since : 2017

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Mobile Application Security Audit : Yes
• Cyber Security Awareness and Training : Yes
• Vulnerability Assessment and Management : Yes
• Cloud Security Audit : Yes
• Information Security Assessment : Yes
• WAF Analysis and Robustness Assessment : Yes
• IT Infrastructure Audit : Yes

4. Information Security Audits carried out in last 12 Months:

Govt 0

PSU 0

Private 224

Total Nos. of Information Security Audits done 224

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network Security Audit 79

Web-application Security Audit 90

Wireless security Audit 4

Mobile Application Security Audit 14

Cyber Security Awareness and Training 15

Vulnerability Assessment and Management 19

WAF Analysis and Robustness Assessment 3

6. Technical manpower deployed for information security audits:

CISSP 0
BS7799 / ISO27001 LA 0
CISA 1
DISA / ISA 0
OSCP (Offensive Security Certified Professional) 2
CEH (Certified Ethical Hacker) 7
AWS (Amazon Web Services) 1
Other Information Security Certification 4
Total Nos. of Technical Personnel 15

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. No. Name of Employee Duration with Experience in Qualifications related to

MobiTrail Information Security Information security

1 Deepika Jindal 4 years 7 years OSCP, CEH

2 Rahul Patil 15 years 8 years CPT

3 Pritesh Agarwal 2 years 4 years CISA, CBA

4 Siddhesh Jadhav 2.5 years 2.9 years OSCP

5 Harendra Negi 1.5 years 3 years CISEH

6 Sandeep Tonape 2 months 6.2 years CEH, CISC

7 Kanhaiya Panchal 6months 3 year IBM CCSA, TCM

Security

8 Harshit Kochar 1 year 1 year Python Certified, AWS

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Clients Assessment

Complete Security Assessment of India’s 100 + Web applications

Leading Mutual Funds.
120+ Network Devices & IP’s
Servers and Security Devices Assessments
Infrastructure Security Testing, Wifi Security, Mobile
Security, WAF Analysis and Robustness

India’s Leading Real Estate Company Web and Mobile Application Security Testing including
Database Testing, Server Configuration and API
Security Audit

1. List of Information Security Audit Tools used (Commercial/ freeware/proprietary):

Freeware
Wireshark
Kali Linux
OWASP ZAP
Vega
Nmap
Web Scarab
Commercial Aircrack suite
Burp Suite Nikto
Nessus Professional MBSA
JohnTheRipper
Hydra
Proprietary
DirBuster
Vulnerability Assessment and Management SQLMap
dashboard
Metasploit
Custom Python Scripts Nox Emulators
TestSSL

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No

12. Whether organization is a subsidiary of any foreign based organization? No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any: No

*Information as provided by Mr. Vikas Kedia from MobiTrail on2nd August 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Sequretek IT Solutions Pvt Ltd.

1. Name & location of the empanelled Information Security Auditing Organization:

M/s Sequretek IT Solutions Pvt Ltd.

304, Satellite Silver, Andheri Kurla Road, Andheri East, Mumbai – 400 059, INDIA

2. Carrying out Information Security Audits since : 2013

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
• Red Team Assessment : Yes
• Mobile App Security Testing (Y/N) : Yes
• Source Code Review (Y/N) : Yes
• Risk Assessment : Yes
• Thick Client Penetration Testing : Yes
• Firewall Configuration review : Yes
• Servers Configuration Review : Yes
• Network Architecture Review : Yes
• Process & Policy Review : Yes

4. Information Security Audits carried out in last 12 Months:

Govt. : NIL
PSU : NIL
Private : 20 +
Total Nos. of Information Security Audits done : 20 +

5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

Network security audit : 6

Web-application security audit : 19
Mobile Application security audit : 4
Wireless security audit : 1
Compliance audits (ISO 27001, PCI, etc.) : 4
Red Team Assessment : 1
GRC Consulting : 6
Server Security Audit : 14

6. Technical manpower deployed for informationsecurity audits:

CISSPs : 2
BS7799 / ISO27001 LAs : 8
CISAs : 2
DISAs / ISAs : Nil
ECSA : 2
CHFI : 1
CPTE : 2
CEH : 11
Any other information security qualification
M. Tech (Cyber Security) : 23 +

Total Nos. of Technical Personnel : 300 +

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

Experience in
S. Duration with Qualifications related to
Name of Employee Information
No. Sequretek Information security
Security
1 Rajendra Kumar 4 + Years 5 + Years CISA
CISA, ISO 27001:2013 LA,
2 Gangadhar Kyatham 1 + Year 10 + Years CEH, CPTE
3 Anup Saha 4 + Years 8 + Years ECSA
4 Sachin Mahajan 4 + Years 8 + Years ISO 27001:2013 LA
5 Omkar Rane 2 + Years 4 Years ISO 27001:2013 LA
6 Amit Kumar 2 + Years 5 Years ISO 27001:2013 LA
7 DipaliKosare 1.5Years 2 + Years CHFI
8 Chintan Rathod 4 + Years 3 + Years ISO 27001:2013 LA
9 Savita Hiremath 4 + Years 3 + Years ISO 27001:2013 LA
10 Akshay Chindarkar 3 + Years 2 + Years ISO 27001:2013 LA
11 KshitijGunale 1.5Years 2 + Years CEH, CISC
12 Pinki Rani 2.5 + Years 3 Years ISO 27001:2013 LA
13 Ekta Singh 2.5 + Years 2.5 Years ECSA
14 YugandharThombare 1 + Years 11 Months CPTE
15 Pooja Karande 8 Months 1 + Years CNSS
16 Sayanwita Das 7 Months 2 + Years ISO 27001:2013 LA
17 Shafique 1.5 Years 9 Months CEH, CPTE
18 SiddheshSurve 2.5 + Years 2 + Years CEH
19 PranaliDhekale 1 Year 1.5 Years CEH
20 Sonu Chaudhary 1+ Year 1 + Year CEH
21 Sneha Mahulkar 1+ Year 6 Months CEH
22 ParvKhambholja 1.5 + Year 1 + Years CEH
23 Anuj Suthar 8 Months 1 Year CEH
24 Dipak Pradhan 2.5 + Years 3 Years CEH
25 Vishnu Menon 1 + Years 7 Months CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Value Device volume

Sl Organization Scope Location
(Approx.) (Approx.)
VAPT assessment 200 (Servers,
Europe based
(Servers, Network & Network 45 Sites
Automobile
1 Web), 1.3 Cr devices, across the
parts
Security Operations Security Globe
Manufactured
Centre Services solutions)
2000 (Servers,
India based one
Network
of the largest Security Operations
2 2 Cr devices, Pan India
BFSI Centre services
Security
collaborator
solutions)
User lifecycle
India based one User - 175000
management &
of the largest Application -
3 Application integration, 3.5 Cr Pan India
private sector 600
Patch management &
bank Servers - 11000
CA/VA closure
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Commercial OpenSource Proprietary

BurpSuit Social Engineering
Kali Linux (OS) Dozer IGA
Professional toolkit
Nessus AndroDebugge
Parrot (OS) Dirbuster EDPR
Professional r
Acunetix Santoku (OS) DirSearch MobSF
Nmap Hydra Genymotion
Wireshark Knock py Jadx
Metasploit Framework Wpscan
Searchploit Wfuzz
SQL MAP Commix
OWASP ZAP Gophis
VEGA Sparta
Aircrack suite Hping
Nikto Cisco Auditor
John the ripper Whois
SSL Strip XSSscrapy
LFI Guard Httpx
NetCat Asset finder

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes

Location: USA
Address: The CoWorking Space,
Suite 204, 97 Main Street,
Woodbridge, NJ,
USA 07095

*Information as provided by Sequretek IT Solutions Pvt. Ltd. on 02Aug 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Accenture Solutions Pvt. Ltd.

1. Name & location of the empanelled Information Security Auditing Organization:

Accenture Solutions Pvt. Ltd.

Plant-3, Godrej & Boyce Complex, LBS Marg.
Vikhroli (W), Mumbai 400079. Maharashtra

2. Carrying out Information Security Audits since : 2005

3. Capability to audit, category wise (add more if required)

• Network security audit (Y/N) : Y

• Web-application security audit (Y/N) : Y
• Wireless security audit (Y/N) : Y
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y
• Cloud Security Audits : Y
• Block chain Security Assessment : Y
• Platform Security (SAP/Oracle/Salesforce/workday) : Y
• Application security architecture audits : Y
• DevSecOps Assessments and Implementations : Y

4. Information Security Audits carried out in last 12 Months:

Govt. : 10+
PSU : 30-40
Private : 70-80
Total Nos. of Information Security Audits done : 150

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 50+

Web-application security audit : 100+
Wireless security audit : 5+
Compliance audits (ISO 27001, PCI, etc.) : 50+
Block chain Security Assessment : 5+
Platform Security (SAP/Oracle/Salesforce/workday) : 20+
Application security architecture audits : 50+
DevSecOps Assessments and Implementations : 20+
Cloud Security Audits : 10+

6. Technical manpower deployed for informationsecurity audits:

• CISSPs : 20+
• BS7799 / ISO27001 LAs : 10+
• CISAs : 30+
• CISM : 25+
• OSCP : 10+
• CEH : 100+
• GIAC-GCPN : 5+
• GIAC-GCFA : 10+
• GIAC-GCSA : 5+
• CompTIA Pentest+ : 5+
• AWS Security : 100+
• Total Nos. of Technical Personnel : 500+

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. No. Name of Duration with Experience in Qualifications related

Employee Accenture Information Security to Information security
1 Ramesh Shetty 1.8 Years 16+ Years CISSP, GCFA, GCSA,
CEH, CCSA, CCSE,
JNCIS, MCP
2 Suneet Singh 3.2 Years 14.8 Years CISM, CEH , ISO
Thakur 27001, GDPR 11001
3 Monika Kachroo 1.3Years 11 Years ISO 27001 LA
4 Ankit Gurjargour 4Years8 8+ Years OSCP, GIAC-GCPN,
Months Pentest+ CEH
5 Deepak Pandey 2 Years 8+ Years OSCP, CISM, CRTP,
AWS Certified solution
architect- Associate,
CEH
6 Rahul Ahuja 2 6 Years OSCP, CEH, Azure
years7Months 900, AWS Certified
solution architect-
Associate
7 Sameer Goyal 9Months 7 Years OSCP, CEH, Crest –
CPSA & CRT, AWS
Cloud Practitioner
8 Prasenjit 7 Months 8+ Years OSCP, CEH
9 Atish Sarambale 7.2 Years 3+ Years CEH, AWS security
Specialty, Azure 900,
AWS Certified solution
architect- Associate
10 Gopalakrishna 1 Years 8 9+ Years OSCP, ECSAv9, CEH
Kaja Months

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

1. Accenture has conducted below security engagements for a leading bank:

• Conducted Vulnerability assessment and penetration testing of Android and IOS
mobile wallet applications for a leading bank
• Vulnerability assessment and penetration testing of Network Infrastructure.
• Dynamic testing using Automated scanning tool and extensively performed False
Positive Analysis
• Web application / APIs / Thick client application security projects
• Integration of Application Security into the CI/CD pipeline as part of DevSecOps

Approx. Applications/ APIs/ Infra server counts: ~ 400

Value: INR ~ 1 Cr
Location: US

2. Payments Gateway organization:

• Accenture performed payment systems security assessment for a large payment

gateway Client in Middle East region. As the part of engagement Accenture
conducted Compliance audits (ISO 27001, PCI), Infrastructure security assessment
of payment gateway network, API/Middleware security audit.

Approx. Applications/ APIs/ Infra server counts: ~ 400

Value: INR ~ 50+ lacs
Location: Canada

3. Security engagements across multiple Telecom projects across UK:

• Accenture is currently engaging Dynamic Application Security Testing and

Penetration Testing of multiple telecom operators which includes Mobile security
audit, Web-application security audit, Network security audit, Application security
architecture audits
• Accenture is also carrying out Secure SDLC engagements and Source Code Review
of various telecom products such as wallet applications, internal and external web
applications.

Approx. Applications/ APIs/ Infra server counts: ~ 200

Value: INR ~ 60+ lacs
Location: UK
4. Leading E-commerce client:

• Accenture has perform application security testing for a leading e-commerce client
where scope of the testing was to perform Static application security testing(SAST),
Dynamic Application security testing(DAST) and penetration testing.
• Accenture has carried out penetration testing of entire functional flow of the
application that starts from user registration to product delivery.
• Accenture had performed attack simulation as to showcase how the actual attack
has been performed on the website.

Approx. Applications: ~ 40+

Value: INR ~ 30+ lacs
Location: India

5. Penetration testing of entire SAP ecosystem for a government client in Canada:

Accenture has performed the penetration testing of entire SAP ecosystem for a
government client in Canada.
Scope included the internal infrastructure penetration testing of Prod, dev and QA
environment, Web application testing for various SAP portals like S4HANA, Fiori , BI, BO
etc.

Approx. Applications: ~ 6, Server: ~150

Value: INR ~ 30 lacs
Location: Canada

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Type of Tools Name

Commercial tools BrupSuite Pro

Appscan
AppScan source
Webinspect
Fortify
Qualys
Nessus
Checkmarx
Whitesource
Snyk
Aqua
Twistlock
Metasploit Pro
Onapsis
Blackduck
Veracode
IriusRisk
SD Elements
Threatmodeler
SonarQube
Accenture Proprietary Accenture ERP Security Insight (AESI)
Mobile application security platform (MASP)
Intelligent application security platform (IASP)
Accenture Rapid port scanner
Freeware Kali Linux
OWASP Zap
OWASP Threat dragon
OWASP Dependency Check
Microsoft Threat Modeling
Beef
Kismet
Aircrack-ng
SSLLabs
SSLstrip
SSLyzed
Nmap
Wireshark
Paros
Ecomirage
Fiddler
Drozer
Objection
Burp suite
Postman
Metaspoit
Findsecbugs
Security Code Scan
Scoutsuite
Git secrets

10. Outsourcing of Project to External Information Security Auditors / Experts: No ( If yes,

kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No

12. Whether organization is a subsidiary of any foreign based organization?: No

If yes, give details

13. Locations of Overseas Headquarters/Offices, if any : Yes

Accenture Solutions Pvt Ltd., 3 grand canal plaza, grand canal street upper, Dublin,

*Information as provided by Accenture Solutions Pvt Ltdon 20-04-2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s QA InfoTech Software Services Private Limited

1. Name & location of the empanelled Information Security Auditing Organization :

QA InfoTech Software Services Private Limited, Noida

2. Carrying out Information Security Audits since : February 2013

3. Capability to audit , category wise (add more if required)

• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : No
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
• Cloud Security Audit and Configuration Review (Y/N) : Yes
• Mobile App Security Audit (Y/N) : Yes
• Vulnerability Assessment Penetration Testing (Y/N) : Yes
• Thick Client Application Security Testing (Y/N) : Yes
• IoT Security Audit (Y/N) : Yes
• DR, SCM, BCP and Due diligence Audits : Yes

4. Information Security Audits carried out in last 12 Months :

Govt. : 20+
PSU : 0
Private : 90+
Total Nos. of Information Security Audits done : 110+

5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)

Network security audit : 50+

Web-application security audit : 80+
Cloud Security Audit and Configuration Review : 10+
Mobile App Security Audit : 20+
DR, SCM, BCP and Due diligence Audits : 30+

6. Technical manpower deployed for informationsecurity audits :

CISSPs : 0
BS7799 / ISO27001 Las/ISO 27001 LIs : 2
CISAs : 1
OSCP : 1
OSWP : 1
ECSA : 1
CHFI : 1
CEH and Equivalent : 7
ICSI | CNSS Certified Network Security Specialist : 1
CNSS Certified Network Security Specialist : 1
Fortinet NSE 1 Network Security Associate : 1
Fortinet NSE 2 Network Security Associate : 1
API Security Test Architect : 2
Total Nos. of Technical Personnel : 8

7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Employee Duration with Experience in Qualifications related to

No. <organization> Information Security Information security
1. Akshay Aggarwal 5 years 9 9 Years Certified API Security
months Architect
2. Vikas Tomer 3 years 10 5 years -OSCP : Offensive
months Security Certified
Professional
-OSWP : Offensive
Security Wireless
Professional
-ECSA : EC-Council
Certified Security
Analyst
-CHFI : Computer
Hacking Forensic
Investigator
-ISO 27001:2013 Lead
Implementer
-CEH : Certified Ethical
Hacker
-Post Graduate
Certification in
Information Security
3. Vikas Pethiya 3 Years 3 Months 7 Years CISA, ISO 27001 LA,
CEH, CCNA, ITIL V3

4. Mohit Kumar 4 years 4 4 years 4 months - CCNA (Routing &

Sharma months Switching
-API Security Architect
- AWS Security
Fundamentals(Second
Edition)
-CNSS
- Fortinet NSE 1
Network Security
Associate
- Fortinet NSE 2
Network Security
Associate
5. Vaibhav 10 months 4 years 11 months -Certified Ethical
Srivastava Hacker (v10)

-ICSI | CNSS
6. Anurag Singh 3 years 1 month Comptia Security+

7. Manish Kumar 6 Months 1.5 Years -API Testing(Udemy), -

-Ethical
Hacking(Udemy)
8. Harshit Sengar 1 Month 2 Years ISCP, CSFP

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

Infrastructure (External/Internal) Network VAPT including the configuration audit for

a subsidiary of the World’s Largest Financial Conglomerate

• Performed comprehensive Vulnerability Assessment and Penetration Test

(VAPT) audit comprising External and Internal Network/Infrastructure
vulnerability assessment and Penetration Testing of Company’s global IT
Infrastructure majorly spread across 3 different locations in the USA, by
probing physical and virtual servers, networks, internet applications, internet
accessible devices, remote devices, firewalls, VOIP system with dedicated
switches, operating systems, Cloud environments and device configurations.
• Project Value- 65+ Lac

9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

Commercial:

• Acunetix,
• Burp,
• Nessus
• Core Impact
• Nexpose

Open source tools

• BackTrack,
• Kali Linux,
• Metasploit
• Paros,
• SQLMap,
• nmap,
• Wireshark
• OWASP ZAP
• Web Scarab
• Aircrack suite
• Nikto
• MBSA
• L0phtcrack: Password Cracker
• OpenVas
• W3af
• Directory Buster
• SSL Strip
• SOAPUI
• Vookie
• Sqlninja
• BeEF Framework
• Hydra

10. Outsourcing of Project to External Information Security Auditors / Experts : No

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No, but QA
InfoTech
Software
Services
Private limited
is now part of
the Qualitest
group

12. Whether organization is a subsidiary of any foreign based organization? : QA InfoTech

Software
Services
Private Limited
Company is not
a direct
subsidiary of a
foreign parent,
but it’s a step-
down
subsidiary of a
foreign parent.

13. Locations of Overseas Headquarters/Offices, if any : Yes

1. Michigan, USA 2. Toronto, Canada
6 Forest Laneway, North York, Ontario,
32985 Hamilton Court East, M2N5X9
Suite 121, Farmington Hills, Michigan, 48334

*Information as provided by QA InfoTech Software Services Private Limited on August,

10, 2021

Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation

M/s Siemens Limited

1. Name & location of the empanelled Information Security Auditing Organization:

Siemens Limited,
Birla Aurora Towers, Level 21, Plot 1080,
Dr, Annie Basant Road,Worli, Mumbai - 400030

2. Carrying out Information Security Audits since : 2017

3. Capability to audit, category wise (add more if required)

• Network security audit(Y/N) : Y

• Web-application security audit (Y/N) : Y
• Device Security Audit (Y/N) : Y
• Mobile Application Security Audit (Y/N) : Y
• Wireless security audit (Y/N) : Y
• ICS/ SCADA Security audit (Y/N) : Y
• Embedded System security audits (Y/N) : Y
• ISO 27001 Compliance audits (Y/N) : Y
• IEC 62443 Compliance audits (Y/N) : Y

4. Information Security Audits carried out in last12 Months:

Govt : Nil
PSU : Nil
Private : 17
Total Nos. of Information Security Audits done : 17
(Due to COVID pandemic few audits are deferred &overall audits performed
have been limited during the period)

5. Number of audits in last 12 months, category-wise (Organization can add categories

based on project handled by them)

Network security audit : 4

Web-application security audit : 21
Device Security audit : 1
Mobile Application Security audit : 2
Wireless security audit : 3
ISO 27001 Compliance audit : 4
IEC 62443 Compliance audit : 4
Total : 39

6. Technical manpower deployed for informationsecurity audits:

ISO 27001 Lead assessors : 4

ISA / IEC 62443 certified assessors : 6
CEH : 3
OSCP : 2
CISSP : 1
CISA : 1
CISM : 1
Cyber Forensics : 1
Cyber Law : 1
CISA-CIP : 1
CISA-CSCM : 1
DCPLA : 2
DG-Guardian (DLP) : 1
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)

S. Name of Duration with Experience Qualifications related to

No. Employee Siemens Ltd in Information security
Information
Security
1 Amitava 15 years 12 years ISO 27K LA, IEC 62443,
Mukherjee DCPLA, CISA, CISM
2 Raju John 11 years 7 years ISO27K LA, IEC 62443, Digital
Guardian DLP – Visibility and
Control, DCPLA
3 DM Kulkarni 16 years 12 years ISO 27K LA, CEH, ISA/IEC
62443
4 JoshuaRebelo 4 years 14 years MS in Cyber Law & Cyber
Security, OSCP, ISA/IEC
62443
5 Gopal Mishra 4 years 9 years PGD – Information Security,
CEH, IEC 62443, OSCP, CISA-
CIP, CISA-CSCM
6 Shiv Kataria 2 Years 13 years CISSP, CEH, ISO 27001 LA,
ISA/IEC 62443 Cybersecurity
Expert, PG Diploma in Digital
and Cyber Forensics and
Related Laws

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.

High level Challenge / Scope / Volume Benefits&

customer complexity indicative project
profile value (in million
INR)

Petrochemical Critical › Identify & critical › Risk assessment

Major, India Infrastructure infrastructure protection › Scope definition
protection › Assessment & evaluation for OT security
› Security program program
development › Solution
› Upgradation of security architecture &
posture including implementation
Industrial Control System › Approximate
(ICS) upgrades and Project Value: ₹
implementation of security 50 Mil
components for the ICS
› Handholding in
implementation of OT
security
High level Challenge / Scope / Volume Benefits&
customer complexity indicative project
profile value (in million
INR)
Metal Major, Multiple › Provide transparency on › High visibility on
India manufacturing current OT cybersecurity risks and
facilities status of individual plants vulnerabilities.
› Integrate Heterogenous › Cost effective
fleet of assets with and optimal
multiple protocols and strategy for a
designs global roll out to
› OT security program achieve a higher
development maturity level for
› Implementation of OT Industrial
network monitoring Security
› Remediate low hanging › Approximate
vulnerabilities Project Value:
₹1.3 Mil

Chemicals Lack of › Identify & critical › Establish better

Major, India transparency on infrastructure protection processes to
the security › Assessment & evaluation manage OT
posture of OT
› Security program security.
environment and
development › OT monitoring &
lack of cyber
security › Implementation of matured incident
management continuous threat / anomaly
system. detection system for the handling
OT environment › Approximate
Project Value: ₹3
Mil

Petrochemical Multiple zones, › Protection of the › Broader

Major, largely Distributed Control protection
Malaysia distributed yet Systems, Engineering & against malicious
connected
Client stations against attacks
devices
incoming cyber threats › Centralized
› Harmonize distributed security patch
systems management
› Implement centralized › Approximate
monitoring & end point Project Value:
security solution ₹3.2 Mil
› Whitelisting & WSUS
implementation
› Distributed systems
demanding a central
administration console for
managed security
Chemicals Lack of › Asset data evaluation and › Higher
Major, Global transparency on asset management transparency
the asset brings actionable
vulnerabilities at
insights to
multiple
manufacturing manage OT
facilities across security
the globe › Approximate
Project Value: ₹4
Mil

9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):

Open-Source Tools Description

Nmap Port Scanner Port Scanner, Fingerprinting
Netcat Network Utility
John the Ripper Password Analyzer / Cracking
Metasploit Exploit Framework
Kali Hacking tools repository
Netstumbler Wireless Network Detector / Sniffer
Redline Forensics
Wireshark Network protocol analyzer
Nikto Web server/application vulnerability scanner
Dir buster Enumeration tools
Sysinternals Tools Windows debugging utilities
Ssltest SSL Health check
OWASP ZAP Proxy Web server/application vulnerability scanner
MobSF Android Pentesting
Drozer Android Pentesting
JD-GUI Decompiling tool
SQLMAP SQL Injection Tool
Fiddler HTTP Proxy
TCPDump Traffic Analyzer

Commercial Tools Description

Accunetix Web Vulnerability Scanner

Burp Suite Pro Web Vulnerability Scanner + intercept proxy tool
Netsparker Web Vulnerability Scanner
Nessus Network & Web Vulnerability Scanner
Nipper Audit tool
Shodan Threat Intelligence

10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No

12. Whether organization is a subsidiary of any foreign based organization : Yes

If yes, give details

More than 50% (fifty percent) of the subscribed and paid-up equity shares of Siemens Limited,
India (hereinafter referred to as the “Company”) are held by Siemens International Holding B.V.
and Siemens Metals Technologies Vermogensverwaltungs GmbH, which are indirect wholly
owned subsidiaries of Siemens Aktiengesellschaft, Germany (hereinafter referred to as “SAG”).
By virtue of the aforesaid, the Company is a subsidiary of SAG.

13. Locations of Overseas Headquarters/Offices, if any : Yes

Siemens AG
Siemens Aktiengesellschaft
Werner-von-Siemens-Straße 1
80333 Munich
Germany

*Information as provided by Siemens Limited on 2nd August 2021

Back

-Top-

Isaca CISM
80% (5)
Isaca CISM
371 pages
Cert-In Companies Empanel - Org PDF
No ratings yet
Cert-In Companies Empanel - Org PDF
178 pages
Empanel Org
No ratings yet
Empanel Org
784 pages
Empanel Org
No ratings yet
Empanel Org
233 pages
CERT INEmpanel Org 2022
No ratings yet
CERT INEmpanel Org 2022
596 pages
Book 1
No ratings yet
Book 1
94 pages
Empanel Org 2022
No ratings yet
Empanel Org 2022
686 pages
CERT-In Empanel Org
No ratings yet
CERT-In Empanel Org
141 pages
Toaz - Info Industries List 10 Oct 2012 PR
100% (1)
Toaz - Info Industries List 10 Oct 2012 PR
2,318 pages
Company Name Address Email Role Name Email Id Role Name Email Id Role
No ratings yet
Company Name Address Email Role Name Email Id Role Name Email Id Role
22 pages
Top 100 IT Companies
No ratings yet
Top 100 IT Companies
46 pages
Information+Assets+Protection+Item 1744E-IAP GDL - Unlocked
100% (2)
Information+Assets+Protection+Item 1744E-IAP GDL - Unlocked
47 pages
Final Telephone Directory 2018
100% (1)
Final Telephone Directory 2018
257 pages
Hospitals Network List-Go Digit
No ratings yet
Hospitals Network List-Go Digit
324 pages
CA 2020 To 2022
No ratings yet
CA 2020 To 2022
492 pages
CSC662 - Computer Security, Short Note
100% (2)
CSC662 - Computer Security, Short Note
9 pages
Isp Ul Isp As On 30-06-2021
No ratings yet
Isp Ul Isp As On 30-06-2021
31 pages
Contractor Letter Feb 2021
No ratings yet
Contractor Letter Feb 2021
1 page
Empanelled Information Security Auditing Organisations
No ratings yet
Empanelled Information Security Auditing Organisations
309 pages
List of Members Holding Cop 2021
No ratings yet
List of Members Holding Cop 2021
1,651 pages
PAN India Empanelled Hospital List As On 05-12-2014
No ratings yet
PAN India Empanelled Hospital List As On 05-12-2014
54 pages
Database-CXO Database-CXO
No ratings yet
Database-CXO Database-CXO
24 pages
Bank List Karnataka 01
100% (1)
Bank List Karnataka 01
1 page
CKYC - Secured - Download - API - Ver1.1 Wef 03jan2020
100% (1)
CKYC - Secured - Download - API - Ver1.1 Wef 03jan2020
47 pages
APC File
No ratings yet
APC File
31 pages
Nahep Empanelled CA Firms For Fy 2019-20 Statutory Audit
No ratings yet
Nahep Empanelled CA Firms For Fy 2019-20 Statutory Audit
39 pages
Empanel Org
100% (1)
Empanel Org
292 pages
Chennai Mutual Fund Agents
No ratings yet
Chennai Mutual Fund Agents
8 pages
It Compny 2019
No ratings yet
It Compny 2019
292 pages
Empanelled Information Security Auditing Organisations by Cert-In
No ratings yet
Empanelled Information Security Auditing Organisations by Cert-In
366 pages
Banking Contact
No ratings yet
Banking Contact
1 page
SDA Professional Standards 2020 v8
No ratings yet
SDA Professional Standards 2020 v8
80 pages
Blueprints
No ratings yet
Blueprints
108 pages
Email Security 11 Labs v11 New-2
No ratings yet
Email Security 11 Labs v11 New-2
115 pages
Vendor Matrix
No ratings yet
Vendor Matrix
165 pages
Registerd Depository Participants
No ratings yet
Registerd Depository Participants
18 pages
Letv Service Center List For Roll Out Jan 16 Final1
No ratings yet
Letv Service Center List For Roll Out Jan 16 Final1
62 pages
Eir March2020
No ratings yet
Eir March2020
994 pages
Cert
No ratings yet
Cert
116 pages
Active Private Employers - Thiruvananthapuram
0% (1)
Active Private Employers - Thiruvananthapuram
12 pages
Training Centre - Facilities
No ratings yet
Training Centre - Facilities
8 pages
Helpdesk VCR 301111
No ratings yet
Helpdesk VCR 301111
39 pages
ASBA
No ratings yet
ASBA
23 pages
Computer Networking Services-Bangalore-Sulekha
No ratings yet
Computer Networking Services-Bangalore-Sulekha
12 pages
Internship
No ratings yet
Internship
34 pages
Stpi 1
No ratings yet
Stpi 1
40 pages
Empanel Org
No ratings yet
Empanel Org
35 pages
HPSERVICECENTERLIST
No ratings yet
HPSERVICECENTERLIST
69 pages
CERT-In - Empanelled Information Security Auditing Organizations by CERT-In - 2021
No ratings yet
CERT-In - Empanelled Information Security Auditing Organizations by CERT-In - 2021
18 pages
Ccord Software and Systems PVT LTD, 37, Krishnareddy Colony, Domulur Layout, Bangalore-560071
No ratings yet
Ccord Software and Systems PVT LTD, 37, Krishnareddy Colony, Domulur Layout, Bangalore-560071
7 pages
Empanel Org
No ratings yet
Empanel Org
713 pages
Grace Relocation's Client List
No ratings yet
Grace Relocation's Client List
15 pages
1702555856 (1)
No ratings yet
1702555856 (1)
34 pages
Contact Details
No ratings yet
Contact Details
8 pages
List of Quality Managers - 2014
No ratings yet
List of Quality Managers - 2014
197 pages
KLNKM:"PM L:MJM'M
No ratings yet
KLNKM:"PM L:MJM'M
68 pages
Addr
No ratings yet
Addr
15 pages
Mapping NIST SP800-53 With COBIT 4 (1) .1 Research
No ratings yet
Mapping NIST SP800-53 With COBIT 4 (1) .1 Research
58 pages
Ipp
No ratings yet
Ipp
130 pages
Prov Empanel Org
No ratings yet
Prov Empanel Org
85 pages
AWS Well-Architected Framework
100% (1)
AWS Well-Architected Framework
85 pages
List of Live Aua 30 6 2018
No ratings yet
List of Live Aua 30 6 2018
53 pages
An Overview of Global Cyber-Security Laws
No ratings yet
An Overview of Global Cyber-Security Laws
24 pages
EPICTETUS - A Stoic and Socratic Guide To Life
No ratings yet
EPICTETUS - A Stoic and Socratic Guide To Life
16 pages
Group 3 Project Proposal
No ratings yet
Group 3 Project Proposal
28 pages
2 Unit 2
No ratings yet
2 Unit 2
72 pages
Dell Exclusive Store
No ratings yet
Dell Exclusive Store
3 pages
Itdironline
100% (1)
Itdironline
32 pages
CS105 Guide
No ratings yet
CS105 Guide
29 pages
Vendor Risk Assessment Checklist
No ratings yet
Vendor Risk Assessment Checklist
14 pages
New CSC Address
No ratings yet
New CSC Address
3 pages
Mr. A V Asvini Kumar: Designation Name Founder
No ratings yet
Mr. A V Asvini Kumar: Designation Name Founder
3 pages
ISO 27001 Metrics
No ratings yet
ISO 27001 Metrics
2 pages
CFR Vs Iso 27001
No ratings yet
CFR Vs Iso 27001
7 pages
Reporting Structure For HR Related Queries Escalations Level of Escalation Service Offered Contact Name
No ratings yet
Reporting Structure For HR Related Queries Escalations Level of Escalation Service Offered Contact Name
56 pages
CISA
No ratings yet
CISA
3 pages
4471 Lecture 1
No ratings yet
4471 Lecture 1
20 pages
AWR 169 W Module 2 Post Test
100% (1)
AWR 169 W Module 2 Post Test
13 pages
RBICircular On Cyber Security
No ratings yet
RBICircular On Cyber Security
13 pages
DPA Employee Consent Form - DPA Employee Consent Form
No ratings yet
DPA Employee Consent Form - DPA Employee Consent Form
2 pages
Thai SPRR - Sp190408 (Git-127 Fixing)
No ratings yet
Thai SPRR - Sp190408 (Git-127 Fixing)
10 pages
Operating System Concepts and Networking Management: Time: 3 Hours Maximum Marks: 100 (Weightage 75%)
No ratings yet
Operating System Concepts and Networking Management: Time: 3 Hours Maximum Marks: 100 (Weightage 75%)
47 pages
Control Risks Response
No ratings yet
Control Risks Response
5 pages
Detecting Penetration Testers Windows Network Splunk 37367
No ratings yet
Detecting Penetration Testers Windows Network Splunk 37367
25 pages
AI Document
No ratings yet
AI Document
18 pages
DetailedReport Agric Hub 8 Aug 2024
No ratings yet
DetailedReport Agric Hub 8 Aug 2024
27 pages
Information Security Program 2005
No ratings yet
Information Security Program 2005
3 pages
Thomas Case Studyreport
No ratings yet
Thomas Case Studyreport
11 pages
SupplHi Company Presentation Dec22
No ratings yet
SupplHi Company Presentation Dec22
17 pages
Architecture Mockup
No ratings yet
Architecture Mockup
7 pages
Controles Organizacionales
No ratings yet
Controles Organizacionales
4 pages
ST Aloysius College (Autonomous) Mangalore Study Center, 1302
No ratings yet
ST Aloysius College (Autonomous) Mangalore Study Center, 1302
1 page
Emsigner Property
No ratings yet
Emsigner Property
1 page
Touchpad Plus Ver. 3.1 Class 6
From Everand
Touchpad Plus Ver. 3.1 Class 6
Geeta Zunjani
No ratings yet