Empanel Org

EMPANELLED INFORMATION SECURITY AUDITING ORGANISATIONS by CERT-In
The List of IT Security Auditing Orgnisations, as given below, is up-to-date valid list of CE
Empanelled Information Security Auditing Orgnisations. This list is updated by us as soon as there is
1. M/s AAA Technologies Pvt Ltd

278-280, F-Wing, Solaris-1,Saki Vihar Road, Opp. L&T Gate No. 6, Powai, Andheri (East),Mumbai
2. M/s AUDITime Information Systems (I) Ltd.

A-504, Kailash Esplanade,
L B S Marg, Ghatkopar (West), Mumbai – 400086
Ph: 022 40508210
Fax: 022 40508230
Contact Person :Mr. Madhav Bhadra, Director Mobile : +91 9320253902
E-mail: mmb[at]auditimeindia.com
3. M/s AKS Information Technology Services Pvt Ltd

B-21, Sector – 59, Noida (UP) - 201309Website URL : http://www.aksitservices.co.in Ph: 0120-4545
4. M/s Aujas Networks Pvt Ltd

#595, 4th floor, 15th Cross, 24th Main, 1st Phase, JP nagar,Bangalore, Karnataka- 560078. Website U
5. M/s AGC Networks

2nd Floor, Equinox Business Park, Tower 1, (Peninsula Techno Park), Off Bandra Kurla C
Kurla (West), Mumbai – 400070, INDIA Ph : +91 2266617272
Fax: +91 22 6704 5888
Contact person : Mr. Anant Bhat Mobile: +91 9930134826
E-mail: Anant.Bhat[at]agcnetworks.com
6. M/s ANB Solutions Pvt. Ltd

901,Kamla Executive Park, Off Andheri-Kurla Road,
J. B. Nagar, Andheri East, Mumbai 400 059 Ph :+91 (22) 4221 5300
Fax:+91 (22) 4221 5303
Contact Person :Preeti Raut
E-mail :preeti.kothari[at]anbglobal.com
7. M/s ALLIED BOSTON CONSULTANTS INDIA PVT. LTD.

2205, Express Trade Towers 2,
Sector 132, Noida - 201301, INDIA
Ph : +91-120-4113528 / 4113529
Contact Person : Mr. T. GANGULY E-mail : t.ganguly[at]abcipl.co.in
8. M/s AQM Technologies PvtLtd.

A 401, Raheja Plaza, LBS Rd, Nityanand Nagar, Ghatkopar West, Mumbai, Maharashtra 40008
4050 8200
Contact Person: Sanjay PARIKH
E-mail:sanjay.parikh[at]aqmtechnologies.com Contact No :+91-8291858027
Contact Person:Madhav Bhadra
E-mail:madhav.bhadra[at]aqmtechnologies.com Contact No :+91-9320253902
9. M/s BDO India LLP

The Ruby, Level 9,, 29, Senapati Bapat Marg, Dadar West, Dadar, Mumbai, Maharashtra
1600 , +91 9819024009 Fax:24393700
Contact Person : Ashish Gangrade
E-mail : ashishgangrade[at]bdo.in
10. M/s Briskinfosec Technology and Consulting Pvt. Ltd.

No.21,2nd Floor, Krishnamachari Rd, Tirumurthy Nagar, Nungambakkam, Chennai, Tami
Ph: +91 860 863 4123 044 4352 4537
Contact Person: Mr.Arulselvar Thomas, Director Email: arul[at]briskinfosec.com
11. M/s BHARAT ELECTRONICS LIMITED

Office of the GM/Software,
BEL Software Technology Centre Bharat Electronics Limited
Jalahalli, Bengaluru - 560013, Karnataka Ph :080-22197197, or 080-28383120 Fax:080
Contact Person : Mrs. Anna Peter, Sr.DGM (Software), BSTC E-mail : itsecurityauditteam
Mobile : +91 9844296344
Ph :080-22195563
12. M/s CMS IT Services Pvt. Ltd.

No. 236, Venkatadri IT Park,
Konappana Agrahara, Electronic City Phase-1, Bangalore, Karnataka – 560100
Ph : +91-80-30430300/400 Fax: +91-80-30430488
Mob: +91-9901071101
Contact Person : Ms. Seena George
E-mail : inquiry[at]cmsitservices.com
13. M/s Cyber Q Consulting Pvt Ltd.

622 DLF Tower A,Jasola New Delhi-110044Website URL: http://www.cyberqindia.com Ph : 011-41
14. M/s Control Case International Pvt Ltd

203, Town Center-1, Andheri-Kurla Road, Saki Naka, Andheri(E)
Mumbai-400059
Ph: 91-22-66471800
Fax: 91-22-66471810
Contact Person :Mr. Satyashil Rane Mobile : +91 919769812324
E-mail : srane[at]controlcase.com
15. M/s Centre for Development of Advance Computing (C-DAC),

Plot No. 6 & 7, Hardware Park, Sy No. 1/1, Srisailam Highway,
Pahadi Shareef Via Keshavagiri (Post) Hyderabad - 500005
Ph: 040-23737124
Fax: 040-23738131
Mobile :9248920122
Contact Person: Shri Ch.A.S. Murthy, Principal Technical Officer Email: cswan [at]cdac
16. M/s Cyber Security Works Pvt. Ltd.

Shri M.Ram Swaroop , President No.3, III – Floor, E- Block,
599, Anna Salai,
Chennai – 600 006
Email: sales[at]cybersecurityworks.com Mobile:9790702222
17. M/s Cigital Asia Pvt Ltd

Prestige Blue Chip TechPark,3rd block 4th floor, No.9 Hosur Road, Bangalore – 560 029Contact Per
18. M/s CyberRoot Risk Advisory Pvt. Ltd.

023, 5th Floor, Tower A, Emaar Digital Greens, Sector 61, Gurugram - 122102, Haryana
Chiranshu Ahuja
Email: cert[at]crgrp.co
Phone : +91 124 4960229/30/31
19. M/s Code Decode Labs Pvt. Ltd.

A - 02, ‘Cassiopeia Classic’, Opp. Pancard Clubs Baner, Pune - 411045, (MAH) India.Contact Pe
20. M/s Crossbow Labs LLP

Head Office: #146, Level-5, Gopal Towers, Ramaiah St, ISRO Colony, Domlur, Benga
Registered address: 143/A/12, E-ward, 15 Shivneri Behind Mahavir Garden, Assembly
Maharashtra - 416001
Ph: +91-7259385006
Contact Person: Rosan Thomas, Sr. Consultant E-mail :rosan.thomas[at]crossbowlabs
21. M/s CyRAAC Services Private Limited

Postal address:73/3, 2nd Floor, Brigade Corner, S.Kariyappa Road, Yediyur, Jayanagar, B
India, 560082
Ph : +919886210050
Contact Person : Murari Shanker E-mail :ms[at]cyraacs.com
22. M/s Deccan Infotech Pvt. Ltd.

Shree Dilip H Ayyar , Director 13 J, Jakkasandra Block.
7th Cross , Koramangala , Bangalore - 560 034
Email:dilip[at]deccaninfotech.in Mobile:096864-55399
Tel: 080 - 2553 0819
Fax:080 - 2553 0947
23. M/s Digital Age Strategies Pvt. Ltd.

Shri Dinesh S Shastri , Director No. 28 , Om Arcade "3"rd Floor, Thimmappa Reddy La
Bannerghatta Road , Banglore-560076
Email: audit[at]digitalage.co.in, dinesh.shastri[at]digitalage.co.in
Mobile: 9448088666 , 9448055711
24. M/s Deloitte Touche Tohmatsu India Limited Liability Partnership*

Address: 12, Annie Besant Road, Opposite Shiv Sagar Estate, Worli, Mumbai - 400018
Contact Person: Srivatsan Parthasarathy
Designation: Partner (National Leader – Cyber Risk Services) Mobile No.: +91-987172
Email ID: sparthasarathy[at]deloitte.com
25. M/s Ernst & Young Pvt Ltd

Tidel Park, 6th floor (601), A block, 4, Rajiv Gandhi Salai, Taramani Chennai- 600113, Tamil Na
26. M/s Esec Forte Technologies Pvt Ltd

Corporate Office (Mailing Address): Level 2, Enkay Centre, Vanijya Kunj, Udyog Vihar, Phase -
27. M/s e.com Infotech I Ltd

Level 3 Neo Vikram, New Link Road, Andheri West Mumbai 400058
Ph :9004031956
Contact Person : Ashwin Chaudhary CEO E-mail : info[at]ecominfotech.biz
28. M/s Finest Minds Infotech Pvt Ltd

#90, 2nd floor, 17th cross, 14th Main, HSR Layout, Bangalore-560102
Ph :9886546262
Fax:
Contact Person : Akshat Kumar Jain E-mail :jainakshat[at]gmail.com
29. M/s Grant Thornton India LLP

L 41, Connaught Circus, Outer Circle, New Delhi. PIN - 110 001
Ph : 0124-4628000 (Ext. 277)
Fax: +91 124 462 8001
Contact Person : Mr. Akshay Garkel, Partner Advisory Mobile:+91 9820208515
E-mail : Akshay.Garkel[at]IN.GT.COM
30. M/s HCL Comnet Ltd

A-104, Sector 58, Noida - 201301
Ph: 0120-4362800
Fax: 0120-2539799
Contact person : Mr. Sreekumar KU, AVP Mobile : +91 9650263646
E-mail : sreekumarku[at]hcl.com
31. M/s Haribhakti & Company LLP, Chartered Accountants

701, Leela Business Park, Andheri Kurla Road, Andheri (E), Maharashtra India 400059
Contact Person:Rhucha Vartak,Director, Risk and Advisory Services Email:Rhucha.var
Phone: 9821472740, 022 - 66729686
32. M/s HKIT Security Solutions

#36, 1st floor, Corner Stone Building, Jeevanahalli main road, Sanjeevappa Layout, B
Ph : 9845568869 / 9980906440
Contact Person : Dr. Harsha E-mail : Harsha[at]hkit.in
33. M/s isec Services Pvt. Ltd

607-608 Reliable Business Center, Near Heera Panna Mall, Anand nagar, Oshiwara, Joge
Contact Person: Mr. Naman Chaturvedi, Information Security Analyst Mobile: 916718848
Email: contactus[at]isec.co.in
34. M/s Indusface Pvt. Ltd

A-2/3, 3rd Floor, Status Plaza,
Opp. Relish Resort, Atladara Old Padra Road, Vadodara - 390020, Gujarat, India
Contact Person: Harsh Malkan Mobile No.: +91 265 6133000
Email ID: sales[at]indusface.com
35. M/s Imperium Solutions

B4 Laxmi Niwas, Opp Gokhale Hall (Bedekar School), BPD Road, Naupada, Thane (W)
India
Ph : +91-9870484240 / +91-9324210232
Fax: Not available
Contact Person : Ms Tasneam V / Mr Murtuza Laheri
E-mail : tasneam[at]imperiumsolution.com / murtuza[at]imperiumsolution.com
36. M/s IBM India Pvt. Ltd
EMBASSY LINKS, EMBASSY CYPRESS PT , IBM D Block INDIRANAGAR-KORAMANGALA
RD BANGALORE, KA 560071, INDIA
Fax:Fax: +91-80-4068 4225
Contact Person : Aloke Kumar Dani Ph :+91-9740688488
E-mail :aloke.dani[at]in.ibm.com Contact Person : Mreetyunjaya Daas Ph :+91-99024
E-mail :mreetyunjaya.daas[at]in.ibm.com
37. M/s Kochar Consultants Private Limited

302, Swapnabhoomi A Wing,
S.K. Bole Road, Nr Portuguese Church, Dadar (W), Mumbai 400028.
Telefax: 24229490 / 24379537 / 24378212
Contact Person : Pranay Kochar - Director Mobile: 9819846198 / 9869402694
E-mail : pranay[at]kocharconsultants.com
38. M/s KPMG

8th floor, Tower B, DLF Cyber City,Phase-II, Gurgaon- 122002 Website URL: www.kpmg.com
39. M/s LTI (A Larsen & Toubro Group Company)

L&T House, Ballard Estate, Mumbai 400 001, India Ph : 022 61687724/ 022 67767478
Fax: 022 28581130
Contact Person : Abhishek Kapoor- Head - Security Presales Lead Pradeep Mahangare
E-mail : Abhishek.Kapoor[at]lntinfotech.com pradeep.mahangare[at]lntinfotech.com
Mobile: +91 9819598227 , +91 9004855121
40. M/s Lucideus Tech Private Limited

NSIC Campus,Software Technology Park Extn, Okhla Phase III,New Delhi - 110020Contact pers
41. M/s Locuz Enterprise Solutions Ltd

401, Krishe Sapphire, Main Road, Madhapur, Hyderabad – 500081. Phone: +91-40-4500
Fax: +91-40-45004601.
Contact person: Mr. M Srikanth, Vice President Mobile:- +91 9246599600
Email:-Srikanth.m[at]locuz.com
42. M/s Mahindra Special Services Group

212, 2nd Floor, Rectangle One, Commercial Complex D4, Saket, New Delhi-110017
Ph: 022-24984213
Fax: 022-24916869
Contact person :Mr. Dinesh K Pillai, Chief Executive Officer Mobile : +91 9769693764
E-mail : dinesh.pillai[at]mahindrassg.com
43. Madhya Pradesh Agency for Promotion of Information Technology(A Regt. Society of Department of S
State IT Center, 47-A Arera Hills, Bhopal 462021 (M.P.)Contact person : Mr. Vinay Pandey Mobile:
44. M/s Maverick Quality Advisory Services Private Limited

123 RADHEY SHYAM PARK P.O SAHIBABAD
Ghaziabad, U.P, INDIA – 201005 Ph :9871991928
Contact Person : Ashok Vardhan,Director E-mail :ashok[at]mqasglobal.com
45. M/s Mirox Cyber Security & Technology Pvt Ltd

4th Floor, Nila , Technopark Trivandrum 695581 Kerala India
Ph :+91-471-4016888 Fax:+91-471-4000545
Contact Person : Rajesh Babu E-mail : rb[at]miroxindia.com
46. M/s Netmagic IT Services Pvt. Ltd

Lighthall 'C' Wing, Hiranandani Business Park, Saki Vihar Road, Chandivali, Andheri (East) Mumba
47. M/s Network Intelligence India Pvt Ltd

204-Ecospace IT park, Off old Nagardas road,Near Andheri Sub-way, Andheri East, Mumbai- 40006
48. M/s Net-Square Solutions Pvt. Ltd.

1,Sanjibaug, Nr. Parimal Crossing Paldi, Ahmedabad-380007 , India http://www.net-square.com
49. M/s Netrika Consulting Pvt Ltd.

Postal address: Plot no.-2, Industrial Estate,
Udyog Vihar, Phase – IV, Gurugram – 122015, Haryana, India. Ph : +91 124 288300
Contact Person : Mr. Sanjay Kaushik, Managing Director
E-mail : sanjay[at]netrika.com ; vaibhav.pulekar[at]netrika.in
50. M/s NSEIT Ltd.

NSEIT Ltd, Trade Globe, Ground Floor,
Andheri-Kurla Road, Andheri (E), Mumbai - 400 059 Ph :Tel No. : +91 22 2827 7600 / 4
Fax:+91 22 2826 8855
Contact Person : Khushboo Sharma, Project Manager – Cyber Security E-mail : khushboo
51. M/s Paladion Networks

Shilpa Vidya 49, 1st Main, 3rd Phase, JP Nagar, Bangalore- 560078 Website URL: www.paladion.ne
52. M/s PricewaterhouseCoopers Pvt Ltd

Building 8, 7th & 8th floor, Tower- C, DLF Cyber city, Gurgaon- 122002 Website URL: www.pwc.c
53. M/s Payatu Technologies Pvt. Ltd.

Shree Murtuja Bharmal , Director 502,Tej House,
5 MG Road,Camp, Pune-411001
Email: murtuja[at]payatu.com
Mobile:- 9850998411
54. M/s Panacea InfoSec Pvt Ltd.

226, Pocket A2, Pocket B, Sector 17 Dwarka, Dwarka, Delhi, 110075
Mobile Number:
1- +91-9650028323 (Prefered) - Apurva
2- +91-9810944187 (Alternative) - Ajay
3- +91-7007246077 (Alternative) - Chandani
Landline Number: +91 11 49403170 (Office) Contact Person :
1- Apurva Krishna Malviya 2- Ajay Kaushik
3- Chandani Gupta E-mail :
1- apurva[at]panaceainfosec.com
2- ajay[at]panaceainfosec.com
3- cg[at]panaceainfosec.com
55. M/s Protiviti India Member Private Limited

15th Floor, Tower A, Building No 5, DLF Phase III, DLF Cyber City, Gurgaon-122002, Har
9821229027
Contact Person: Nikhil Donde (Managing Director)
E-mail: nikhil.donde[at]protivitiglobal.in
56. M/s Pyramid Cyber Security & Forensic Pvt. Ltd.

FB-05, NSIC Software Technology Park Extension, Okhla Industrial Estate, New Delhi-11
11-41078091, +91-9650894671
Fax: +91-11-26322980
Contact Person: Sunil Bhalla, Manager - Operations
E-mail : sunil.bhalla[at]pyramidcyber.com, sales[at]pyramidcyber.com
57. M/s ProgIST Solutions LLP

102, B3 Wing, Rosa Gardenia,
Kasarvadavli, Ghodbunder Road, Behind HyperCity, Thane – West, 400615
Ph :9004947776
Contact Person :Mr. Bhavin Bhansali
E-mail : certin[at]progist.in, rohan.patil[at]progist.in Mobile : +91 9004947776
58. M/s Qadit Systems & Solutions (P) Ltd.

1st Floor, Balammal Buildings, 33 Burkit Road,
T. Nagar, Chennai 600017 Ph: 4442791150
Fax: 4442791149
Contact Person : Mr. V Vijayakumar, Director Mobile: 9444019232
Email : vijay[at]qadit.com
59. M/s Qseap InfoTech Pvt Ltd

Office No. 101, Building No. 06, Sector No. 03,
Millennium Business Park, Kopar Kharine, Navi Mumbai, Maharashtra 400710. Contact Pe
Singh,Chief Technical Officer
Email: praveen.singh[at]qseap.com Mobile: 91-9923804245
60. M/s RSM Astute Consulting Pvt. Ltd.
3rd Floor, A Wing, Technopolis Knowledge Park, Mahakali Caves Road, Andheri (East), Mumbai –
61. M/s Recon Business Advisory Pvt. Ltd.

Shree Capt. Satya Yadav , CEO & MD F-8, 3rd Floor,Kalkaji Main Road, New Delhi - 110019. Con
62. M/s Robert Bosch Engineering and Business Solutions Private Limited
Electronic City Phase 1, Bangalore - 560100
Contact Person: Rency Abrahan, Sr. Program Manager- Cyber Security Center Email -
Rency.Abraham[at]in.bosch.com
Telephone - +91(80)679-91235
63. M/s Sumeru Software Solutions Pvt Ltd
1st Floor, SAMVIT”,.Near Art of Living International Center Next to Udayapura Bus Stop,Behind S
64. M/s Sysman Computers Pvt Ltd

312, Sundram, Rani Laxmi Chowk, Sion Circle, Mumbai- 400022 Website URL: www.sysman.inPh
65. M/s SISA Information Security Pvt Ltd

SISA House, No. 3029B, Sri Sai Darshan Marg 13th Main Road,HAL II Stage, Indirana
560008,India
Ph: 91-80-4910 4100
Fax: 91-80-4910 4125
Contact Person : Mr. Abhijeet Singh Mobile : 91-99000 62038
E-mail : Sales[at]sisainfosec.com
66. M/s STQC Directorate

Electronics Niketan, 6 CGO Complex, Lodhi Road, New Delhi- 110003 Website URL: www.stqc
67. M/s Suma Soft Pvt. Ltd.

Shri Milind Dharmadhikari , Practice Head - IT Risk & Security Management Services 2
Opposite Himali Society, Erandwane,
Near Mangeshkar Hospital , Pune, Maharashtra 411004 Email: infosec[at]sumasoft.ne
Mobile: 9870006480 , 9822600489
68. M/s Security Brigade InfoSec Pvt. Ltd.

Shri Yash Kadakia , Chief Technology Officer 165 A to Z Industrial Estate,
Ganpatrao kadam marg, Lower Parel(W), Mumbai, Maharashtra 400013
Email: yash[at]securitybrigade.com , certin[at]securitybrigade.com
Mobile: 9833375290
69. M/s Sify Technologies Limited

II Floor, Tidel Park, No 4 Canal Bank Road, Taramani, Chennai - 600113
Contact Person:Mr Riyaz Hussin, General Manager Mobile: 9840710849
Email: riyaz.hussain[at]sifycorp.com
70. M/s Sandrock eSecurities Pvt Ltd

E-46, Rani Garden Extension, Shastri Nagar, Delhi - 110031
Contact Person: Rachna Agarwal, Head – Business Operations Mobile: 9560211616
Email: pentest[at]sandrock.in
71. M/s SecurEyes Techno Services Pvt. Ltd.

#3S, 3rd Floor, Swamy Towers, Chinapanahalli, Marathahalli, Outer Ring Road,
Bangalore - 560037
Ph : +91- 9449035102,080-69999107
Contact Person : Ms. Uma P,Head, Business Operations E-mail :umap[at]secureyes.ne
72. M/s SecureLayer7 Technologies Private Limited

104, Suratwala mark plazzo, Hinjewadi - wakad road, Hinjewadi, Pune - 411057, Mahara
Ph : +91-9762001337
Contact Person : Sandeep Kamble
E-mail : sandeep[at]securelayer7.net
73. M/s Sonata Software limited
1/4, APS trust Building, NR Colony, Bull Temple Rd, Bangalore 560019. Ph :91-80-677
Fax:08026610972
Contact Person : Balaji Veeraragavan K
E-mail :balaji.vk[at]sonata-software.com
74. M/s Torrid Networks Pvt. Ltd.

M/s Torrid Networks Private Limited C-171, 2nd Floor, Sector-63Noida-201301 Uttar PradeshPh: +
75. M/s TAC InfoSec Private Limited

E190, 4th Floor, Quark City, Industrial Area Phase-8B, Mohali-160055
Ph :9876200821, 9988850821
Contact Person : Trishneet Arora,Founder and CEO E-mail :ceo[at]tacsecurity.co.in
76. M/s TATA Communications Ltd

C-21 and C-36, G Block, Bandra Kurla Complex Mumbai 400098
Ph :91-9845289021
Contact Person : Avinash Prasad – VP Managed Security Services E-mail
:Avinash.Prasad[at]tatacommunications.com
77. M/s TÜV SÜD South Asia Private Limited

Shiv Ashish, 2nd Floor,
Andheri - Kurla Road, Behind Lathia Rubber Factory,
Saki Naka. Andheri (East),Mumbai - 400 072, Maharashtra, India. Ph :+91 (22) 4903 55
Fax:+91 (22) 4903 5599
Contact Person : 1. Mr. Amit Kadam
Mobile : +91 9607964483
E-mail :amit.vkadam[at]tuv-sud.in Contact Person : 2. Mr. vaibhav Pulekar
Mobile : +91 9819955909
E-mail :vaibhav.pulekar[at]tuv-sud.in
78. M/s TCG Digital Solutions Private Limited

Bengal Intelligent Parks, Omega Building, 16th Floor Block EP & GP, Sector V, Salt Lake Electroni
79. M/s Tech Mahindra Ltd.

Sharda Centre, Off Karve Road Pune - 411004 (Maharashtra) India Ph : +91 20 6601810
Contact Person : Rajiv Singh
E-mail :Rajiv[at]TechMahindra.com
80. M/s Talakunchi Networks Pvt. Ltd.

505, Topiwala Center, Off S.V. Road, Goregaon West Mumbai 400104
Ph : +91-9920099782
Contact Person : Vishal Shah
E-mail : vishal[at]talakunchi.com
81. M/s Trusted Info Systems Private Ltd.

B-4, GF, Kailash Apartment,
(Near Kailash Colony Metro station, Opp Metro Pillar 71) Lala Lajpat Rai Marg, New De
Ph: 91-011-29248058
Contact Person : Vijender Kaushik Mobile :+91-9810259365
E-mail : vijender.kaushik[at]trustedinfo.com
82. M/s Varutra Consulting Private Ltd.

Corporate Office :A-302 & A-303, Oxy Primo, Gate No. 599, Bakori Phata,Pune-Nagar Highway,Op
83. M/s ValueMentor Consulting LLP

'Chandanam' Infopark Thrissur Koratty,
Kerala- 680308
Ph No: 4872970700
Contact Person : Mr. Binoy Koonammavu, CEO & Principal Consultant Email : cert[at]valu
Mobile :91 974 5767 949
84. M/s Vista Infosec Pvt. Ltd.

VISTA InfoSec, 001, North Wing, 2nd Floor, Neoshine House, Opp. Monginis Factory, Lin
Mumbai, Maharashtra, India.
Contact person :Mr. Narendra S Sahoo, Director Mobile : +91 9820223497
E-mail : narendra.sahoo[at]vistainfosec.com
85. M/s Wipro Ltd

Wipro Infotech,
480-481, Udyog Vihar, Phase-III, Gurgaon, Haryana
Ph No: 0124-3084000
Fax : 0124-3084269
Contact Person : Mr. Prabir Kumar Chaudhuri Mobile : +91 9818600990
Fax: 0124-3084269
E-mail : prabir.chaudhuri [at]wipro.com
86. M/s Wings2i IT Solutions Pvt. Ltd.

Postal address: No 80, 3rd Floor, BOSS SQUARE, 1st Cross, 2nd Main, BTM 2nd Stage, Bangal
87. M/s Xiarch Solutions Pvt Ltd

352, 2nd Floor Tarun Enclave, Pitampura, New Delhi-110034 Ph: 011-45510033
Fax:011-66173033
Contact Person:Utsav Mittal, Principal Consultant Email: utsav[at]xiarch.com / cert[at]x
9810874431
88. M/s Xysec Labs Private Limited

Salarpuria Magnificia, WeWork,
78 Old Madras Road, 13th Floor KR Puram, Bengaluru Karnataka 560016
Ph : +91-9739320700,
Landline - 080-370-125-38 Contact Person: Harshit Agarwal E-mail: harhit[at]appknox.c
89. M/s Yoganandh & Ram LLP

G-1, SHREE VISHNU APARTMENTS, #12, 12TH CROSS STREET, DHANDEESWARAM NAG
CHENNAI – 600 042
Contact Person: T Manoj Kumar Jain,Partner; R. Chandrasekhar,Head-IS Audit Email:
manojkumarchajed[at]yandr.in
sekhar[at]yandr.in isaudit[at]yandr.in
Mobile: 9940156515
90. M/s Zulon Consulting

2/203,Vahatuk Nagar, Amboli, Andheri(W) Mumbai- 400058. Ph: 9987244769
Contact Person: Mr. Clarence Alvares, Account Manager
E-mail: sales[at]zulonconsulting.com
Snapshot of skills and competence of CERT-In empanelled Inf

Auditing Organisation
M/s AAA Technologies Pvt Ltd
1. Name & location of the empanelled Information Security Auditing Organization :
AAA Technologies Private Limited,
Mumbai, Delhi, Bangalore, Lucknow, Chennai, Pune
2. Carrying out Information Security Audits since : 20
3. Capability to audit , category wise (add more if required)
 Network security audit (Y/N) : Yes
 Web-application security audit (Y/N) : Yes
 Wireless security audit (Y/N) : Yes
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
 Mobile App Security Testing (Y/N) : Yes
 ERP Audit (Y/N) : Yes
 Payment Gateway Audit (Y/N) : Yes
 Compliance Audit as per Government of : Yes India Guide
 Source Code Review (Y/N) : Yes
 Cyber Security and CSOC Audit (Y/N) : Yes
 Cloud Security Audit (Y/N) : Yes
 Swift Audit (Y/N) : Yes
 Concurrent / Continuous Audit (Y/N) : Yes
4. Information Security Audits carried out in last 12 Months :
Govt. : 300+
PSU : 100+
Private : 25+
Total Nos. of Information Security Audits done : 425+
5. Number of audits in last 12 months , category-wise (Organization can add categories b

handled by them)
Network security audit : 150+
Web-application security audit : 300+
Wireless security audit : 25+
Compliance audits (ISO 27001, PCI, etc.) : 50+
6. Technical manpower deployed for informationsecurity audits :
CISSPs : 5+
BS7799 / ISO27001 LAs : 30+
CISAs : 20+
DISAs / ISAs : 5+
Any other information security qualification : 40+
Total Nos. of Technical Personnel : 80+
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
IONS by CERT-In
-date valid list of CERT-In
y us as soon as there is any change in it.
i, Andheri (East),Mumbai – 400072.Website URL : http://www.aaatechnologies.co.in Ph : 022-28573815Fax: 022-40152501Contact Person : Mr. Anjay
53902
rvices.co.in Ph: 0120-4545911, 0120-2542253Fax : 0120-4243669Contact Person : Mr. Ashish Kumar Saxena, Managing Director Mobile : +91 7290058
nataka- 560078. Website URL : http://www.aujas.com/ Ph : 080-26087878Fax: 080-26087816Contact Person : Mr. Jaykishan Nirmal, Vice President Mo
rk), Off Bandra Kurla Complex, LBS Marg,
300
in
ai, Maharashtra 400086. Phone number :022
58027
253902
, Mumbai, Maharashtra 400028 Ph :022 3332
bakkam, Chennai, Tamil Nadu 600034
skinfosec.com
080-28383120 Fax:080-28380100
ail : itsecurityauditteam [at]bel.co.in
ka – 560100
berqindia.com Ph : 011-41077560Fax : 011-41077561Contact Person : Mr. Debopriyo Kar, Head-Information Security Mobile: +91 9810033205 / 99688
Email: cswan [at]cdac.in

lore – 560 029Contact Person: Mr. Amarnadh Kolli (Director Operations). Mobile : +91 99001 92727E-mail : akolli[at]cigital.comappsecindia[at]cigital.c
am - 122102, Haryana Contact Person: Mr.
, (MAH) India.Contact Person: Mr. Sachin Singhai, Email: sachin[at]codedecodelabs.com Website: www.codedecodelabs.comMobile: +91 9545852578 /
Colony, Domlur, Bengaluru, Karnataka 560008

havir Garden, Assembly Road, Kolhapur
homas[at]crossbowlabs.com
d, Yediyur, Jayanagar, Bangalore, Karnataka,

r, Thimmappa Reddy Layout, Hilimuavu Gate,
.in
rship*
Worli, Mumbai - 400018
Mobile No.: +91-9871722243
hennai- 600113, Tamil NaduWebsite URL: www.ey.com/india Ph : +91 124 6121380Contact Person: Mr. Vidur Gupta, Director – Advisory Services Mo
unj, Udyog Vihar, Phase - V, Gurgaon -122016 (Opp. Cyber Hub)Tel: +91 124 4264666, +91 9871699555Contact Person: Mr. Kunal Bajaj, Chief Busin
0058
infotech.biz
560102
il.com
9820208515
46
harashtra India 400059

vices Email:Rhucha.vartak[at]haribhakti.co.in
Sanjeevappa Layout, Bangalore-33
nagar, Oshiwara, Jogeshwari (West) - 400102

lyst Mobile: 9167188483
Gujarat, India
d, Naupada, Thane (W) 400602, Maharashtra,
riumsolution.com
NAGAR-KORAMANGALA, INTERMEDIATE RING
ya Daas Ph :+91-9902484206
0028.
8 / 9869402694
te URL: www.kpmg.comPh : 0124-3074134Fax: 0124-2549101Contact Person: Mr. Atul Gupta, Director Mobile : +91 09810081050E-mail : atulgupta[a
687724/ 022 67767478
ead Pradeep Mahangare - Project Manager

are[at]lntinfotech.com
Delhi - 110020Contact person:Mr. Srivathsan Sridharan, Vice President- Sales Mobile: 9599057764Email: sri.s[at] lucideustech.com
1. Phone: +91-40-45004600
6599600
New Delhi-110017
: +91 9769693764
Society of Department of Science & Technology, Government of Madhya Pradesh)
Mr. Vinay Pandey Mobile:+91-0755-2518710Email: security [dot] audit [at] mapit [dot] gov [dot] in Website: http://www.mapit.gov.in
lobal.com
ali, Andheri (East) Mumbai 400 072Website URL: www.netmagicsolutions.com Ph : 022-40099099 Fax: 022-40099101Contact Person: Mr. Yadavendra
heri East, Mumbai- 400069 Website URL: www.niiconsulting.com/Ph : 1800 2700 374 (Toll Free)Fax: 022-40052628Contact Person: Mr. K K Mookhey
tp://www.net-square.com Contact Person :1. Ms. Prerna Nikam Mobile : +91 79778 90081E-mail : prerna[at]net-squa re.com , Info[at]net-square.com2. M
Ph : +91 124 2883000
+91 22 2827 7600 / 4254 7600
urity E-mail : khushboos[at]nseit.com
ite URL: www.paladion.netPh : 080-42543444Fax: 080- 41208929Contact Person: Mr. Amit Tewari, Sales Manager Mobile: +91 09910301180E-mail : a
Website URL: www.pwc.com/in/en Ph : 0124-4620000Fax: 0124-4620620Contact Person: Mr. Rahul Aggarwal,Director Mobile : +91 09811299662E-m
075
, Gurgaon-122002, Haryana, India Ph: +91
al Estate, New Delhi-110020, India Ph : +91-
r.com
est, 400615
+91 9004947776
htra 400710. Contact Person: Mr. Praveen

Andheri (East), Mumbai – 400093 Tel: 91-22- 6108 5555Fax: 91-22-61085556Contact Person :Mr. Iqbal Zafar, Associate Director Mobile: 9867443769W
New Delhi - 110019. Contact Person: Ankush Batra (Director)Email: cert[at]reconglobal.in / accounts[at]reconglobal.in Mob: 9205019013Web: www.re
e Limited
Security Center Email -
yapura Bus Stop,Behind Sri Anjeneya Temple / Anganawadi School, 21st KM Kanakapura Main Raod,Udayapura, Bangalore – 560082Website URL: htt
e URL: www.sysman.inPh : 022-24073814Contact Person: Dr. Rakesh M Goyal, Managing Director Mobile: 91-99672-48000 / 99672-47000E-mail : rake
,HAL II Stage, Indiranagar, Bangalore -

3 Website URL: www.stqc.gov.inPh : 011 24301816Contact Person: Mr. Gautam Prasad, Scientist 'C', E-mail : gprasad[at]stqc.gov.in
Management Services 2nd Floor, SumaCenter,
infosec[at]sumasoft.net
rial Estate,
a 400013
e.com
- 600113
0710849
Mobile: 9560211616
Outer Ring Road,
:umap[at]secureyes.net
Pune - 411057, Maharashtra, India

560019. Ph :91-80-6778 1999
201301 Uttar PradeshPh: +91-120-4270305, +91-120-4216622Fax: 012-04235064Contact Person :Mr. Salil Kapoor Mobile : + 91 92 666 666 91E-mail :
0055
]tacsecurity.co.in
E-mail
. Ph :+91 (22) 4903 5555
av Pulekar
ctor V, Salt Lake Electronics Complex, Kolkata – 700 091Contact Person: Mr. Joydeep Bhattacharya, Chief Operating Officer Email: joydeep.bhattachary
a Ph : +91 20 66018100
400104
ajpat Rai Marg, New Delhi - 110048
a,Pune-Nagar Highway,Opp. Jain College, Wagholi, Pune-412207, Maharashtra, India. Ph: 2040222891Fax: 2040222891Contact Person : Shrushti Sarod
tant Email : cert[at]valuementor.com
p. Monginis Factory, Link Road, Andheri (West),
20223497
18600990
n, BTM 2nd Stage, Bangalore, Karnataka, INDIA 560076Ph : +91 80 50271700/01Contact Person : Reena Ramachandran, Director E-mail :info@wings2i
011-45510033
t]xiarch.com / cert[at]xiarch.com Mobile :
560016
ail: harhit[at]appknox.com
DHANDEESWARAM NAGAR, VELACHERY,
Head-IS Audit Email:
9987244769
RT-In empanelled Information Security
rganization :
d,
ow, Chennai, Pune
: 2000
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes India Guidelines (Y/N)
: Yes
: Yes
: Yes
: Yes
: Yes
300+
100+
25+
425+
can add categories based on project
150+
300+
25+
50+
5+
30+
20+
5+
40+
80+
dits in Government and Critical sector
1) Anjay Agarwal 19 25 ISMS LA, CISA, ISA, CEH,
ECSA, LPT,
COBIT Certified Assessor
2) Venugopal M. Dhoot 18 17 ISMS LA, ISA, CEH
3) Ruchi Agarwal 15 15 ISMS LA
4) Venugopal Iyengar 13 23 CISSP, ISMS LA, CISM,

CISA
5) D.K.Agarwal 16 17 CISA
6) Vidhan Srivastav 15 15 CISSP, ISMS LA
7) Sudhir Lad 8 18 CISA
8) Ravi Naidu 9 12 ISMS LA, CEH
9) Harpreet Singh Dhanjal 6 6 CEH
10) Bharati Vane 6 6 CEH
11) Rahul Verma 6 7 ISMS LA, CEH
12) Raja Yadav 5 6 ISMA LA, CEH
13) Shailendra Rawat 5 6 ISMA LA, CEH
14) Atul Raj 5 6 ISMS LA, CEH
15) Vishnuvardhan 3 5 ISMS LA

Selvaraj
16) 3 5 ISMA LA
Ajay Gautam
17) 3 5 ISMS LA
Mohit Sharma
18) 2 5 ISO 27001

Animesh Mishra
19) 2 5 CEH
Priyanka Awari
20) 2 5 CEH
SuyogGhag
21) Riyaz Ansari 2 17 ISO 27001
22) Ashvini Anand Yendhe 2 5 CEH
23) Hiren Shah 2 15 CEH, ISO 27001
24) Rohit Kumar 1 4 CEH
25) Shweta Singhal 1 4 CEH

8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Audit for a Government Organisation above Rs. 5 Crores
Information Security Audit including SAP Audit for a Municipal Corporation for above R
Consultancy for Implementing ISO 27001 for 17 Data Centers across India including V
and Penetration Testing for Rs. 54.57 Lakhs
9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):
Commercial
i. Acunetix
ii. Core Impact
iii. Nessus Pro
iv. Nipper
v. Burp Suite
vi. Idea
Freeware
i. Nmap
ii. DOMTOOLS - DNS-interrogation tools
iii. Nikto - This tool scans for web-application vulnerabilities
iv. Firewalk - Traceroute-like ACL & network inspection/mapping
v. Hping – TCP ping utilitiy
vi. Dsniff - Passively monitor a network for interesting data (passwords, e-mail, files, et
interception of network traffic normally unavailable to an attacker
vii. HTTrack - Website Copier
viii. Tools from FoundStone - Variety of free security-tools
ix. SQL Tools - MS SQL related tools
x. John - John The Ripper, Password-cracking utility
xi. Paros - Web proxy for web application testing
xii. Wikto - Web server vulnerability assessment tool
xiii. Back Track
xiv. Meta Sploit
xv. Ethereal - GUI for packet sniffing. Can analysetcpdump-compatible logs
xvi. NetCat - Swiss Army-knife, very useful
xvii. Hping2 - TCP/IP packet analyzer/assembler, packet forgery, useful for ACL inspecti
xviii. Brutus – password cracking for web applications, telnet, etc.
xix. WebSleuth - web-app auditing tool
xx. HTTPrint – detect web server and version
xxi. OpenVas
xxii. W3af
xxiii. Owasp Mantra
xxiv. Wire Shark
xxv. Ettercap
xxvi. Social Engineering Tool Kit
xxvii. Exploit database
xxviii. Aircrack-Ng
xxix. Hydra
xxx. Directory Buster
xxxi. SQL Map
xxxii. SSL Strip
xxxiii. Hamster
xxxiv. Grimwepa
xxxv. CAIN & Able
xxxvi. Rips
xxxvii. Iron Wasp

xxxviii. Fiddler
xxxix. Tamper Data
Proprietary
i. AAA - Used for Finger Printing and identifying open ports, services and misconfig
ii. Own developed scripts for Operating System
iii. Own developed scripts for Database Audit
10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : N
12. Whether organization is a subsidiary of any foreign based organization? : N
13. Locations of Overseas Headquarters/Offices, if any : N

*Information as provided by <AAA Technologies P. Ltd> on <23-12-2019>
Ba
me, complexity, locations etc.) along with
Corporation for above Rs. 4.5 Crore
across India including Vulnerability Assessment
e/proprietary):
words, e-mail, files, etc.). facilitate the
atible logs
useful for ACL inspection

.
, services and misconfiguration
Experts : No
etc.))
ls : No
zation? : No If yes, give details
: No
2019>
Back
M/s AUDITime Information Systems (India) Limited
AUDITime Information Systems (India) Limited Registered Address:
A-504, Kailash Esplanade, LBS Marg, Ghatkopar (W) Mumbai 400 086
Tel: 022 40508210
Fax: 022 40508230
Communication & Correspondence Address: A-101, Kailash Industrial Complex,

Park Site, New Hiranandani Road Vikhroli (West), Mumbai 400079) Tel.: (022) 40508200
Fax: (022) 40508230
2. Carrying out Information Security Audits since : 12 Years

 Network Security Audit : Yes
 Web Application Security Audit : Yes
 Wireless Security Audit : Yes
 Compliance Audits (ISO27001, PCI, etc.) : Yes
 IT Policy Drafting : Yes
 IT Risk Assessment : Yes
Govt. : 6
PSU : 2
Private : 33
Total Nos. of Information Security Audits done : 41
5. Number of audits in last 12 months , category-wise

Network Security Audit 6
Web-Application Security Audit 3
Compliance Audits - ISO 27001 1
Compliance Audits - SOX IT General 1

Control Testing
Regulatory Compliance Audits - Exchange 22
Members Annual Compliance System
Audit, etc.
Regulatory Compliance Audits - CVC 1
Guidelines Compliance Audit
ERT-In empanelled Information Security
Organization :
dress:
400 086
strial Complex,
9) Tel.: (022) 40508200
12 Years
Yes
Yes
Yes
Yes
Yes
Yes
6
2
33
41
Application Audit 2
Billing Audit 1
IT Consultancy Projects - Consultancy for 1

CBS, Data Migration and Load Testing
Pre & Post Migration Audit of Core 1

Banking Solution
Payment Gateway Audit 1
Third Party Security Audit 1
Wireless Security Audit Nil
Total 41
6. Technical manpower deployed for information security audits : Refer Annexure ITotal Nos. of Technica
S. No. Client Name Scope Title PO Value

1 Federal Bank IS Audit of Branches Rs.33,25,000/
2 Infocepts Technologies  ISO 27001 & SAS 70 controls Preparation Rs.6,00,000/
Pvt. Ltd. 
Training one batch of ISMS Internal Audit
3 Hindustan Petroleum ISO 27001 Implementation


Rs.64,00,000/-
Corporation Limited. Quarterly vulnerability Assessment &

(IBM) Penetration Testing


Security Operation Centre Management

ISMS and Information Security
Awareness Training
4 Bayer Business IBM Rational Appscan & Consultancy Rs.17,38,810/-
Services Services of Intranet Web Application
Vulnerability Assessment
5 Vijaya Bank IS Audit of Core Banking Solution Rs.7,90,000/-
6 Andhra Bank IS Audit of Critical Areas in CBS Rs.3,00,000/-
7 Andhra Bank IS Audit of Smart Card Project for Rs.4,50,000/-
Government Benefit Distribution
8 The Oriental Insurance Comprehensive Audit of CBS Application and Rs.99,27,000/-
Co. Ltd. Data Migration Audit
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary): Refer A

(If yes, kindly provide oversight arrangement (MoU, contract etc.))
Information as provided by AUDITime Information Systems India Limited on 22n
Bac
xure ITotal Nos. of Technical Personnel: 18 Nos.7. Details of technical manpower deployed for information security audits in Governm
00/
0/
00/-
10/-
0/-
0/-
0/-
00/-
are/proprietary): Refer Annexure IV
Experts : No
ms India Limited on 22nd May 2013
Back
ANNEXURE –
S. No. Employee Name Designation
1 Mr. Paresh Desai Managing Director

2 Mr. Madhav Bhadra Director
3 Mr. Chetan Maheshwari Director
4 Mr. Deepesh Chitroda Asst. Vice President
5 Ms. Dhruti Patel Asst. Vice President
6 Mr. Narendra Singh Badwal Asst. Vice President
7 Mr. Ritesh Kotecha Asst. Vice President
8 Mr. Deval Kapadia Asst. Vice President
9 Ms. Jayabharthi M. Sr. Manager

10 Mr. Hiren Shah Sr. Manager
11 Mr. Shomiron Dasgupta Sr. Manager
12 Mr. Balamurugan Sr. Manager

13 Mr. Deepak Yadav Manager
14 Ms. Swati Dhamale Audit Executive
15 Mr. Adish Karkare Audit Executive
16 Mr. Nikhil Parashar Audit Executive

17 Mr. Satyasandeep Audit Executive
18 Mr. Laxmi Narayan Audit Executive
Ba
ANNEXURE – I
Certification
CA, CISA, CISM, CGEIT

CA, CISA, CISM
CA, CISA, CISM, CRISC
CEH, CHFI, ECSA, CCISO, CCSECA, IBM
CISA
CISA, LA27001
CA, CISA
CISA
CISA, CISM, CISSP, LA27001,CEH

LA27001
CISA, CISSP, LA27001, CEH
CISA, CISM, CISSP, LA27001, CEH

CISA,CS-MARS,CSM, CEISB, CCSA, CCNA
GNIT
CISA, LA27001, CEH, SWAT, RHCE, JNCIA-SEC, CCSA
CEH
JNCIA-SEC, CCNA, MCSA
CEH,CCNA
Back
ANNEXURE – II
Details of technical manpower deployed for information security audits in Government and Critical sector organizations
S. No Name of Duration with Experien ce

Employee <organiza in Informati
tion> on Security
1 Deepesh Chitroda +7.5 Years Yes. + 13

years
2 Jaya Bharathi M. +5 years Yes. + 24

years
3 Hiren L Shah +6 years Yes. + 9

years
4 Deepak Yadav +2.5 years Yes.
5 N Lakshmi Narayana +1.5 years Yes.
6 Swati Prakash Dhamale +1.5 years Yes. +3.5

years
7 S. Satyasandeep +1.5 years Yes.
8 Adish Karkera +1 years Yes. +7 years
9 Nikhil Parasher +0.5 years Yes. +2.5

years
Ba
security audits in Government and Critical sector organizations
Qualifications related to Information

security
 Certified Ethical Hacker (CEH)

 Computer Hacking Forensic Investigator (CHFI)
 Eccouncil Certified Security Analyst (ECSA)
 Certified Chief Information Security Officer (CCISO)
 Cambridge Certified Security Associate (CCSECA)
 IBM Technical Professional
 Jetking Certified Hardware & Networking Professional
 MCA
 Post Graduate Diploma in Computer Applications
(PGDCA)
 ISO 27001 implementer and lead auditor
 CEH
 CISA
 CISM
 CISSP
 ISO27001 Implementer
 MCA
 CISA
 ITIL V3 Foundation Certification
 CCSA
 CCNA
 CEISB
 CSM
 CS-MARS
 CCNA
 CEH
 Post Graduate Diploma in
 Networking & Telecommunications
 Bachelor of Technology in
 Electronics & Communications
 GNIIT
 B.Tech
 CCNA
 JNCIA
 MCSA
 B.E.,
 CISA
 LA 27001 Implementer
 Certified Ethical Hacker
 Star Web Application Security
 Red Had Certified Engineer
 Juniper Networks Certified Internet Specialist
 Check Point Certified Security Administrator
 B. Tech - IT
Back
ANNEXURE - III
Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.) Along with project value
Sr. Client Name Project Title

No.
1 Federal Bank Branch IS Audit

s of scope (in terms of volume, complexity, locations etc.) Along with project value.
Particulars of Projects
IS Audit of Branches
 Finacle and related applications such as ATM and other payment
systems, interfaces to CBS etc.
 Internet Banking
 Mobile / Tele Banking
 HR software (peoplesoft)
 Email
 Treasury - LaserTX
 We covered all the key applications under IS Audit
 Finacle and related applications such as ATM and other payment
systems, interfaces to CBS etc.
 Internet Banking
 Mobile / Tele Banking
 HR software (peoplesoft)
 Email
 Treasury - LaserTX
Scope includes
1. IS Audit of Application Controls - Evaluating the adequacy
and effectiveness of controls in a particular application
2. IT Environment Review - Evaluation of controls
addressing the general risks associated with the operation of
information technology viz. change control, disaster recovery,
physical upkeep of the surroundings such as cleanliness,
physical access to the computers, fire-fighting readiness, etc.;
3. IT Technical Review - Evaluation of the network
architecture and the vulnerability of the IS environment
to the risks such as unethical hacking, etc.
a) Information System Security Policy (ISSP)
b) Implementation of ISSP
c) Physical Access Controls
No.
2 Infocepts  ISO 27001 &

Technologies Pvt. SAS 70 controls
Ltd. Preparation
 Training one
batch of ISMS
Internal Audit
3 Hindustan 
ISO 27001
Petroleum Implementation
Corporation 
Quarterly vulnerability
Limited Assessment &
Penetration Testing

Security Operation
Centre Management

ISMS and Information
Security Awareness
Training
4 Bayer Business IBM Rational

Services
5 Vijaya Bank IS Audit of Core
Banking Solution
d) Operating System Controls

e) Database controls
f) Network Management
g) IS Audit Guidelines
I. PREPARATION FOR ISO 27001 ISMS

1. Ascertaining structure of organization and scope of
Information Security (IS)
requirement
2. Establishing the extent of compliance with the
mandatory requirements of ISO/IEC 27001
3. Using 133 controls listed in ISO/IEC 27002 (the Code of
Practice) as a framework, Identifying preliminary GAPs in
Information Security controls in place within the organization
4.ISMS Over Training and IS Security Awareness Training
5. Assessing Policy / Procedures / Technical IS
improvements that would be necessary to achieve compliance
with the ISO/IEC 27001 standard
6. Report on findings of GAP Analysis and make
recommendations for remedial action / strategy to achieve
compliance requirements of ISO/IEC 27001
7. Assistance in Stage I & II Audit
II. SECURITY AWARENESS TRAINING FOR 300
EMPLOYEES
1. Information Security and its Concepts 2.Company’s IT
Security Policies 3.Countermeasures against IT Risks and
Threats
III. PERIODIC AUDIT – 6 AUDITS Covering Core Three IT Domains:
 IT Management Controls
 Certification, Accreditation and Security Assessment
 Planning
 Risk Assessment
 System and Services Acquisition
 IT Operations Controls
 Awareness and Training
 Configuration Management
 Contingency Planning
 Incident Response
 Maintenance
 Media Protection
 Physical and Environmental Protection
 Personnel Security
 System and Information Integrity
 IT Technical Controls
 Access Controls
 Audit and Accountability
 Identification and Authentication
 System and Communications Protection
IV. SAS 70 TYPE II AUDIT PREPARATION Analysis of existing control
structure
Gap identification. Documentation and training on SAS 70 controls
Internal audit of SAS 70 requirements Support during SAS 70 Type 2
Audit
Security assessment of HPCL’s web site jobs.hpcl.co.in as per the

following vulnerabilities indicated by open web application
security project (OWASP).
a. Cross site scripting (XSS).
b. Broken authentication and session management.
c. Insecure direct object references.
d. Cross site request forgery.
e. Security misconfiguration.
f. Failure to restrict URL access
g. Invalidated redirects and forwards.
h. Injection flaws.
i. Insufficient transport layer protection.
2. Gap analysis report of the application as compared to the
Application Security best practices suggested by OWASP.
3. Provide specific remediation / mitigation
recommendations to the gaps identified. The
recommendations would suggest implementable solutions,
which would mitigate the application security risk. Remediation
Recommendations will be implemented by HPCL.
4. After implementing mitigation recommendation by HPCL,
Vendor will again do the security assessment and provide the
required compliance certificate to HPCL.
5. During the remediation phase Vendor will provide support
for implementing remediation measures suggested
6.Information related to HPCL website will be provided by HPCL
To provide Internal Vulnerability Assessment Service for Internal /

Intranet Web Based Applications
1. Introduction
1.1. Core Banking Application Suite
As on 31-12-2011 there are 1417 service outlets including branches,
extension counters and offices on the Core Banking Platform using
the ‘Finacle’ solution of M/s. Infosys Technologies Limited (and 669
networked ATM’s). The following application packages have been
covered under the Core Banking Solutions Project.
i. Core Banking Solution
ii. Trade Finance solution
iii. Internet Banking solution
iv. Government Business Module
v. New products and services such as Electronic Bill Payments,
Pilgrimage services, Electronic Ticketing, Collection / Payment
services, Utility Bill Payment etc as part of the Internet Banking
Services.
vi. Availability of interfaces of the following modules with the
Core Banking Solutions:-
a. Anti-money laundering solution
b. Credit appraisal solution –RLOS & CLAPS
c. Customer Relationship Management Solution
d. Internally developed and outsourced /procured third party
systems
e. ATM Interfaces
f. Mobile Banking – SMS / WAP
g. Tele Banking Solution
1.2. Products and Services
The Bank has a rich portfolio of Deposits, Loans, Remittances, Bills,
Foreign Exchange Business and other fee based products. An
illustrative list is given below.
i. Demand deposits (Domestic as well as foreign currency)
 Current Deposits
 Savings Bank Deposits
 Flexi deposits
 Capital Gains Deposits
 NRO/NRE Deposits
ii. Time deposits
 Fixed deposits
 Simple interest
 Cumulative interest
 Units Based Deposits
 FCNR/NRE/NRO
 Capital Gains
 Recurring deposits (Domestic)
 Fixed installment
 Variable installment
 Daily Deposits
iii. Working Capital Finance
 Cash credit accounts against stocks and book debts (CCH)
 Cash credit against Immovable Properties and Govt. Securities
(CCM)
 Packing Credit/Export Finance
 Post Shipment Credit
 iv. Term Lending (Domestic as well as foreign currency)
 Short term
 Medium Term
 Long Term
 Consortium/Syndicated Loans
v. Trade Finance – non-fund based
 Letter of credit
 Bank Guarantee
 Deferred Payment
vi. Bills Business
 Collection of bills and cheques - Inward and outward
 Purchase/Discounting of sales/drawee bills (clean and
documentary) / Cheques
 Bills Related Advances
 Retail Loans
 Vehicle loans – Simple Interest, Compound Interest & EMI Based
facilities.
 Housing loans – Simple Interest, Compound Interest, & EMI Based
facilities.
 Consumer loans - EMI Based facilities.
 Education loans–Simple Interest, Compound Interest & EMI Based
facilities.
 Personal loans - EMI Based facilities.
 Schematic Lending Activities
 Product based loans like V-Equip, V-Cash, V-Rent – EMI Based etc.
 Commercial Loans to Trade/Industry/Service/Profession
viii. Industrial/Corporate Loans ix Remittances
 Demand Draft – Issue/payment
 Banker’s Cheque/Pay Orders – Issue/Payment
 Fund Transfer – NEFT/RTGS
 Inter-branch Transactions – originating/responding
x. Government Business
 Pension payments (State / Central / Railways)
 Direct Tax collection
 RBI Relief Bonds
 Indirect Tax - Excise
xii. Miscellaneous Services
 Locker Services
 Merchant Banking Services
 Dividend/Interest/Refund Warrants
 Agency Arrangement with other Banks
1.3. Modules in core banking
 Savings Products
 Current Products
 Overdraft Products
 Cash Credit Products
 Term Deposits Products
 Term Loans Products
 Inland Bills Products
 Foreign Bills Products
 Trade Finance Activities
 Forward Contracts
 Remittance Products
 Packing Credit Products
 Service Branch Functions
 Government Business Products
 Various Office Accounts Functions
2. AUDIT OBJECTIVE
2.1. The Bank is presently using the ‘Finacle’ (Version 7.0.13)
Core Banking Solution of M/s. Infosys Technologies
which was earlier audited by one of the IS Auditors, during the year
2007-2008. The Bank proposes to migrate to Version 7.0.25 of
Finacle Core banking Solution. The Bank wishes to appoint
a competent Service Provider (SP) for conducting Information
Systems (IS) Audit of the Core Banking application, as per the
scope defined elsewhere, before moving this version to the
production systems. IS audit shall, inter-alia, include the following
activities:-
a) Confidentiality, integrity and availability of the applications
b) Perform required functionality test of the application to test
the end-to-end functionality and its usage
c) The security / controls are efficient and effective in the Core
Banking application.
d) To get independent assurance over effectiveness of controls
exercised by out-sourced Service providers for technology services
e) IT operations are carried out in a controlled environment
3. SCOPE OF IS AUDIT PROJECT:
The Bank expressly stipulates that the SP’s selection under this
RFP is on the understanding that this RFP contains only the
principal provisions for the entire assignment and that delivery
of the deliverables and the services in connection therewith are
only a part of the assignment. The SP shall be required to
undertake to perform all such tasks, render requisite services
and make available such resources as may be required for the
successful completion of the entire assignment as per the
fulfillments / deliverables required in the RFP.
The SP’s involvement is expected to be spread across a period of, at
least, 60 days from the date of commencing the audit.
3.1. Service Provider has to cover the following aspects while
auditing the CBS application:-
A. Functionality perspective:
o Service provider shall take into account Final Audit Report of the
earlier auditor for current version, who have conducted earlier IS
audit, as one of the inputs.
o Study the implemented functionality of the Core Banking
Application as per the scope of this audit tender.
o Perform Application Functionality & Controls Review
o Development of suitable testing methodology / testing strategy
document
o Conduct various tests to verify existence and effectiveness of the
controls for all functionalities, schemes and products supported by
the applications under review
o Perform a test of controls and functionality setup in the Finacle
core banking application.
o Identify ineffectiveness of the intended controls in the software
and analyze the cause for its ineffectiveness
o Controls over automated processing /updations of records, review
or check of critical calculations such as interest rates, etc., review of
the functioning of automated scheduled tasks, output reports design,
reports distribution, etc.
o Audit-ability both at client side and server side including
sufficiency and accuracy of event logging, SQL prompt command
usage, Database level logging etc.
o Extent of parameterization.
o Internal control built in at application software level, database
level, server and client side
o Backup/Fallback/Restoration procedures and contingency
planning.
o Suggestion on segregation of roles and responsibilities with
respect to application software to improve internal controls.
o Adequacy, Accuracy, Data Integrity of the MIS Reports and Audit
Reports
o Manageability with respect to ease of configuration, transaction
roll backs, time taken for end of day, day begin operations and
recovery procedures
o Special focused audit is to be made on following
items:-
o Hard coded & Virtual user-id and password
o Interfaces with CBS software of many other applications / services
both in house and third party systems / solutions – security,
confidentiality, integrity , accuracy and non- repudiation of the data
between systems
o Recovery and restart procedures
o Review of customizations done to the software and the SDLC
policy followed for such customizations.
o Proposed change management procedure during conversion,
migration of data, version control, application replication, etc.
o Suggest any application specific Audit tools or programs
o Adequacy of Audit trails and Logs
o Adherence to Legal and Statutory Requirements.
B. Controls perspective
As part of the scope, following controls have to be thoroughly
analyzed
a. Input Controls
b. Output Controls
c. Processing Controls
d. Interface controls
e. Authorization controls
f. Data integrity
g. Database controls
h. Volume Test
i. Server Controls – Application, Web, Database, Firewall, etc.
j. Backup/ Fall Back/Restoration Procedures
k. Authentication mechanism
l. Security checks/controls
m. Access controls & Logical Access Controls
n. Operating system controls
o. Management controls
p. Change Management
i. Incident Management
ii. Logs management
q. Aspects related to Segregation of Duties
r. Adequacy of audit trails
s. Adherence to legal, statutory requirements
1.20 Performance controls
1.21 Controls on Parameter Setup /Verification/Testing, etc.,
1.22 Regression Testing
1.23 Prevalence of proper version controls
C. Security Controls perspective:-
Application Security Controls Review inter-alia, cover following:-
a) Review the application security setup supported by the Finacle
core banking solution to ensure :
b) Access level controls are appropriately built into the
application
i. Only authorized users should be able to edit, input or update data
in the application.
i. Access on a ‘need-to-know’ and ‘need to-do basis’
i. Appropriate user maintenance and password policies being
followed
b. Benchmark the application security parameters and setup to
the Bank’s Security Policy and leading practices
c. Identify gaps in the application security parameter setup in
line with the bank’s security policies and leading practices
d. Provide a report highlighting gaps in application security
controls with options for improving application security.
e. Provide a report highlighting the gaps in the application
security setting with respect to the security policy defined by
the Bank
3.2. Review:
After first audit there may be some modifications required as per
suggestions. Once these are implemented over a period of two
months, auditor has to review the system again and give review
audit report.
3.3. General:
No module or segment should be left out on the plea that it is not
specifically mentioned under the scope.
However, the Bank reserves its right to change the scope of the
RFP considering the size and variety of the requirements and
the changing business conditions
4. Deliverables:
 Audit Plan and procedure for each of the CBS application
packages as per the scope.
 Interim report covering all the points as mentioned under the
Scope of Work including specific observations on the previous IS
Audit Report. All observations will be thoroughly discussed with the
process owners before the finalization of the report
 Final Audit reports with sign off by the Bank and the Service
Provider IS Auditor. (To be submitted within 6 working days of
completion of audit and the report should be submitted in soft
copy as word document and pdf format document besides a
signed hardcopy). This should also include report on the
regression test. The Final report shall , inter-alia, contain:-
o Present status of the pending observations of the previous audit.
o List of bugs found and key functionalities not supported, as per
the current audit assignment, segregating them as ‘Critical’,
‘Medium’ and ‘Minor’.
o List of enhancements required & feasibility analysis of these
requirements in the CBS.
o Suggestions for improvement in the performance of the software
audited.
o Report highlighting gaps in input, processing and output controls
with recommendations to remedy the gaps.
o Screen Dumps of testing and testing reports
o Security Process Audit Report and recommendations against best
practices
 Report on Risk Analysis and Risk Mitigation
Sr. Client Name Project Title Particulars of Projects
No.
Methodologies
 Review Audit Report – covering the latest status at the time of
review, of all the observations made in the Final
Audit Report.
6 Andhra Bank IS Audit of Critical Sl.
Areas in CBS No
1
8
9
10
11
12
13
14
15
16
17
18
19
No.
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
No.
41
42
43
44
45
46
47
48
49
50
Methodologies
 Review Audit Report – covering the latest status at the time of
review, of all the observations made in the Final
Audit Report.
Audit Points
Proper maintenance of Visitor Register at the DIT Main

Entrance
The Data Center is installed with Surveillance System to
monitor
the movement of the Personnel and activities in and out of
the data center.
The continuity of the recording is ensured at periodic
intervals.
Maintenance of Access Permissions and Register for entry
into
Data Center.
Access to Internet, Limited access vs Unlimited access etc.,
Whether users with administrative privileges are forced to

change password at periodical interval .
Whether user management standard operating procedure are

in place and the same are being followed
Maintenance of Users List (Active Directotry), disabling

redundant users, periodical review of Users etc.,
Periodical review of activities of privileged users.

Adequacy of procedures followed at the time of providing
access to Data Center and other sensitive areas.
IT Asset Management - Maintenance and Review of IT Assets

database.
Maintenance of documents and records with respect to
Hardware.
Comprehensive Insurance covering for critical IT Assets
UPS for backup supply of electricity including batteries.
Whether Air-conditioning, ventilation and humidity control

was
found adequate and the same is monitored and reviewed on
a regular intervals.
Installation of Smoke Detector / Heat rise / hot spots
detectors.
Whether the installation of Hub / Switches in the Data Center
are
adequately secured
Maintenance of Backup Media, Safe Keeping,
Proper Indexing and Storage,
Logs and Audit Trails in Finacle

Whether VAPT is conducted periodically on various
surrounding
applications
Service Level defined for Helpdesk Management as well as

for Call
Center Management was reviewed and where details
pertaining
to average time of resolution, abandon calls, first
call resolution, cycle time rate, etc. was recorded.
Carrying electronic devices in to the Data Centre.

Whether patches issued by OEM are analysed and same is
applied
after satisfactory test are conducted before entering into
production.
Assets Management, Configuration Management,
Problem Management and Change Management using HP
OVSC
Whether DR drills are conducted periodically
Whether the change management processes are in place and
the same are being followed
Whether proper approvals are in place for emergency /

show-stopper
changes
System event logs of the application server logs monitoring
using
log logic;
Use of IBM ISS Internet Scanner for the vulnerabilities
Vulnerability scanning
Working of CSA (HIDS) in the servers
Maintenance and periodical updation of network design,
security
controls etc.,
Application of patches in accordance with the defined change
management process
Verification of loading of latest Service Packs on Critical

Servers.
Existence of default OS Accounts
Whether audit trail policy is enabled with Success and

Failure for Account Logon Event, Directory Services Access
and System Events., Account Management, Object Access
and Policy Change.
Whether the shared folders are permitted with Everyone -

Full Control,Access to the shared folders should be granted
only to the authorized
users and necessary procedures for sharing of folders on the
network are properly documented.
Whether USB Drive, Floppy Drive and CD-ROM are disabled
on Admin Nodes.
Loading of unauthorised applications on the systems.
Loading of Antivirus Software, periodical updating of

versions, sample checking etc.,
Enabling IPSec is which is used for data
transmission through remotely.

Whether the Backupof router as wellas firewall (Core Switch)
configuration is taken on a weekly basisand the same in not
stored at offsite location,
Whether all Access Control Entries (ACEs) should be

configured to log..
Periodical review of Access Lists configured in the Firewall
Internet Banking - Segregation of duty between Information

Security (IS) team and Implementation team
Appointment of network and database

administrator and clear allocation of roles and
responsibilities.
Web application errors justification for any critical
information
being exposed to external world.
Interest and Charges Verification
Verification of charges on a random sample basis

Charges on cheque book issue
Cheque return charges
Account closure with in 12 months
Account closure after 12 months
Stop Payment charges
Inward / outward clearing reject charges
Charges for violating Minimum Balances for Metro and Rural
Branches
Cash Remittance Charges
DD cancellation charges
Duplicate statement charges
ABB Charges
Cash handling charges
Speed clearing Charges
Term Deposits - verification on a random sample basis
Interest Application
Charges Application
Advances - verification on random sample basis
Monthy and Quarterly interest calculation on advances
Appraising Charges for gold loans

Processing charges for housing loans, mortgage loans, kisan
sampatti loans etc.
Upfront fee for Term Loans
Upfront fee for Agriculture Term Loan
Administrative charges for consumer loans
Trade Finance - verification on random sample basis
No.
7 Andhra Bank IS Audit of Smart

Card Project for
Government Benefit
Distribution
8 The Oriental Comprehensive Audit

Insurance Co. Ltd. of CBS
Application and Data
Migration Audit
Ba
Interest on Inaland bills for various tenors Export bills

against undrawn balance Interest on overdue bills etc
Collection charges for Local cheque collection, Out station
cheques collection
Collection of bills with or without LC for sight and Usance
Commitment charges for Inland LC
Amendment charges for LC amount wise, period wise
SCOPE
Security & Control Audit of:
1) Equipments used of capturing of Bio-metric details, capturing
of Personal data of customer and also the process of linking them,
2) Equipments capable of reading & writing the data to smart
cards duly capturing the data on Samrat card & validating with the
central server data.
3) Mobile equipments for capturing the finger prints of
customers, data from smart cards, encapsulating them,
communicating with the central data (or) validating with off-line data
on smartcard, authenticating & recording the transaction etc.
4) Mobile communication with data encryption/ decryptions as
per standards etc.
5) Servers, access control, software’s controls security t\etc. at
the Data Centre of the service provides.
6) Network, Network equipments, interface between the mobile
equipments and servers at the data centre of the service provide.
7) Accounting, reconciliation, data verifications & integrity
checks.
8) Communication with the Bank’ DC and interface etc., at the
Bank DC.
Operational control Audit like.
1. Software controls & Interfaces Controls.
2. Reconciliation Process.
3. Data Synchronization, Integrity Check etc at DC of the
Bank/Service Provider
Functional Test Audit

A comprehensive functional test of applications to ensure that all
the functionality implemented are functioning accurately as per
the current business requirements of OICL.
Interact and collect all necessary inputs, clarification and

confirmations regarding business requirements/processes from
respective user departments of OICL.
The bidder is expected to perform the following minimum set of

activities related to testing for all the modules, applications,
delivery channels, products, processes:
• Development of suitable testing methodology with supporting

processes and templates and develop test
data.
• Develop testing strategy document
• Development of test calendars
• Development of business test case scenarios with related test
cases, and test data to execute
• Conduct individual application testing for the core insurance
solution, modules, products, processes, interfaces
• Daily, weekly status reporting.
• Train the OICL’s team in test script development and testing
methodology.
• Correctness of data being presented in the reports
• Point out gaps, errors, bugs.
• Explain the bugs, errors and gaps to OICL and System Integrator.
• Provide Application Audit reports
• Submit all documents on methodology, strategy, test cases,
test documentation, customization requests, solution etc. to
OICL.
• Testing will have to be in conformity of Requirements of OICL,
OICL’s existing product and processes
Application Security and Governance
The Bidder is required validate whether the application is functioning
as per standard security and governance procedures with
following minimum activities :
• Authorization, authentication and access control review
• Review of privileges assigned to users/ user groups/ DBAs
• Control procedures on various database operations
• Vulnerability and Penetration Testing
• Application controls review – covering various inputs,
processing and output controls
Available across INLIAS application
• Controls for application usage – covering segregation of
responsibility
• Controls for master data updation
• Availability of appropriate audit logs
• Batch processing procedures and controls
• Availability of required reports
• Availability of alerts etc. for relevant business cases such as
high value underwriting
Compliance Test
One round of defect correction testing after the corrections
or implementation of recommendations is done by the system
integrator (3i-Infotech).
The compliance test will be executed either on
implementation of corrections by system integrator or after 90
days of submission of final report whichever is earlier.
Automated Tool to be used
The auditor will use Quick Test Pro (QTP) for the purpose
of auditing the application Data Migration Audit Scope of work
The scope for data migration validation would cover the following:
To tabulate from INLIAS the number and amount of claims migrated
to INLIAS (line of
business wise) for each office. This would include the number and
Outstanding amount for
each class of business, office-wise, available in INLIAS. This figure
( number and amount)
would be required for each deptt. as under:
a. Fire
b. Engineering
c. Marine Cargo
d. Marine Hull
e. Motor
f. RID
g. Aviation
h. Workmen Compensation
i. Miscellaneous
To confirm from INLIAS the total number and amount of unexpired
policies migrated to
INLIAS (line of business wise) for each office. This would be for each
class of business,
Office-wise, available in INLIAS. This figure ( number and amount)
would be required for
each deptt. as under:
a. Fire
b. Engineering
c. Marine Cargo
d. Marine Hull
e. Motor
f. RID
g. Aviation
h. Workmen Compensation
i. Miscellaneous
To confirm from INLIAS that relevant Masters had been migrated to
INLIAS like :
a. Agent Master
b. Development Officer Master
c. Employee Master
d. Office Master, etc.
Back
ANNEXURE-
Details of the Audit Tools Freeware
S. No. Tool Name

1 Achilles
2 Brutus
3 CrypTool
4 cURL
5 Exploits
6 Fscan
7 Elza
8 Fragrouter
9 HPing
10 ISNprober
11 ICMPush
12 John The Ripper

13 L0phtcrack
14 Tenable Nessus
15 Netcat
16 NMAP
17 p0f
18 Pwdump
ANNEXURE- IV
Details of the Audit Tools Freeware
Description
A tool designed for testing the security of Web Applications.
A Windows GUI brute-force tool for FTP, Telnet, POP3, SMB,
HTTP, etc.
A Cyptanlaysis Utility
Curl is a tool for transferring files with URL syntax, supporting FTP,
FTPS, HTTP, HTTPS, GOPHER, TELNET,
DICT, FILE and LDAP
Publicly available and home made exploit code for the

different vulnerabilities around
A command-line port scanner, supporting TCP and UDP

A family of tools for arbitrary HTTP communication with picky web sites
for the purpose of penetration testing and
information gathering
Utility that allows to fragment packets in funny ways

A command-line oriented TCP/IP packet assembler/analyzer. It supports
TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the
ability to send files between a covered
channel, and many other features.
Check an IP address for load-balancing.

A tool that sends ICMP packets fully customized from
command line
A password cracker
NTLM/Lanman password auditing and recovery application
A free, powerful, up-to-date and easy to use remote security scanner.
This tool could be used when scanning a large range of IP addresses, or
to verify the results of manual
work.
The swiss army knife of network tools. A simple utility which reads and
writes data across network connections, using
TCP or UDP protocol
The best known port scanner around

Passive OS Fingerprinting: A tool that listens on the network
and tries to identify the OS versions from the information in the packets.
Tools that grab the hashes out of the SAM database, to use
with a brute-forcer like L0phtcrack or John
S. No. Tool Name
19 SamSpade and Dnsstuff
20 ScanDNS
21 Sing
22 SSLProxy, STunnel
23 Strobe
24 Telesweep Secure
25 THC
26 TCPdump
27 TCPtraceroute
28 UCD-Snmp - (aka
NET-Snmp)
29 Webinspect
30 Webreaper, wget
31 Whisker
32 Acuentix Free Web

Vulnerability Scanner
33 Auditor, Pentoo, BackTrack

and
Phalak
34 NetTools V 5.0
35 Rainbow Password
Cracker
36 Cain & Able

Ba
Description
Graphical tool that allows to perform different network queries: ping,
nslookup, whois, IP block whois, dig, traceroute, finger, SMTP VRFY,
web browser keep-alive, DNS
zone transfer, SMTP relay check,etc.
Script that scans a range of IP addresses to find DNS names

Send ICMP Nasty Garbage. A little tool that sends ICMP
packets fully customized from command line
Tools that allow to run non SSL-aware tools/programs over

SSL
A command-line port scanner that also performs banner

grabbing
A commercial wardialer that also does fingerprinting and

brute-forcing
A freeware wardialer
A packet sniffer
Traceroute over TCP
Various tools relating to the Simple Network Management
Protocol including snmpget, snmpwalk and snmpset.
CGI scanning, web crawling, etc

Software that mirrors websites to your hard disk
The most famous CGI scanner. has updated the scanning
databases with checks for the latest vulnerabilities
Web Vulnerability Scanner and Exploit Tool
Penetration Live Distort
Various bundle pack Network Hacking, Penetration, Tracing

and information gathering Tool
Tool containing pre-hashed computed password list.
Freeware, Multi-purpose hacking tool

Back
M/s AKS Information Technology Services Pvt Ltd
AKS Information Technology Services Pvt. Ltd., B-21, Sector – 59,
2. Carrying out Information Security Audits since: 20

3. Capability to audit, category wise (add more if required)
 Network security audit (Y/N) YES
 Vulnerability Assessment & Penetration Testing (Y/N) YES
 Web-application security audit (Y/N) YES
 Mobile Application Audit (Y/N) YES
 Wireless security audit (Y/N) YES
 Compliance audits (ISO 27001, ISO 20000, ISO 25000, ISO 27701, YES GDPR,
 Payment Gateway Audit (Y/N) YES
 Industrial Control Systems Audit (Y/N) YES
 Telecom Audit (Y/N) YES
 Information Systems Audit (Y/N) YES
 Compliance audit Government Guidelines (IT Act, CVC, RBI, SBI etc.) (Y/N) YES
 IT Risk Assessment (Y/N) YES
 Formulation of IT policies & Procedures (Y/N) YES
 Migration Audit (Y/N) YES
 AUA/KUA Audit (Y/N) YES
 ERP Audit (Y/N) YES
 Source Code Review (Y/N) YES
 Load Testing/Performance Testing (Y/N) YES
 Functional Testing (Y/N) YES
 Usability Testing (Y/N) YES
 Portability Testing (Y/N) YES
 Inter-operability Testing (Y/N) YES
 Accessibility Testing (Y/N) YES
 Configuration & Compatibility Testing (Y/N) YES
 Cyber Forensics Audit (Mobile Forensics, Computer Forensics, YES Audio
Network Forensics, CDR Forensics,
Email Forensics, Chip-off Forensics, etc.) (Y/N)
4. Information Security Audits carried out in last 12 Months:
Govt :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months, category-wise
 Network security audit 100+
 Web-application security audit 1000+
 Mobile Application Audit 100+
 Wireless security audit 10+
 Compliance audits (ISO 27001, ISO 20000, ISO 25000, PCI, 10+ ISO 2770
mpetence of CERT-In empanelled Information Security
ecurity Auditing Organization :

ervices Pvt. Ltd., B-21, Sector – 59, Noida (UP) - 201309
2006
uired)
YES
Y/N) YES
YES
YES
YES
25000, ISO 27701, YES GDPR, PCI etc.) (Y/N)
YES
YES
YES
YES
, CVC, RBI, SBI etc.) (Y/N) YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
er Forensics, YES Audio/Video Forensics,
Months:
1100
80
300
1330
e
100+
1000+
100+
10+
5000, PCI, 10+ ISO 27701, GDPR etc.)
 Payment Gateway Audit 20+
 Industrial Control Systems Audit 10+
 Information Systems Audit 10+
 IT Risk Assessment 10+
 Formulation of IT policies & Procedures 20+
 Migration Audit 2+
 AUA/KUA Audit 50+
 Telecom Audit 03
 ERP Audit 5+
 Compliance audit with Government Guidelines (UIDAI 30+ IT A
National Housing Bank (NHB) etc.):
 Source Code Review 10+
 Load Testing 10+
 Functional Testing 10+
6. Technical manpower deployed for information security audits:

CISSPs :
BS7799 / ISO27001:
CISAs :
DISAs / ISAs :
CEH/CCNA/CASP/MBCI/OSCP
Total Nos. of Technical Personnel :
S. No. Name of Employee Working with Experience in Qualifications related to
AKS IT since Information Security (Yrs) Information security
1 Ashish Kumar Saxena Sep 2006 20+ CISSP, CISA, MBCI,

ISO 27001
2 Anil Malik Feb 2016 16+ BS 7799 LA, ISO
27001 (Implementer –
Trained)
3 Deepak Sherawat June 2013 20+ ITIL, ISO 27001
4 Rajesh Bhojwani Dec 2008 11+ ISO 27001 LA, CISA
5 Anshul Saxena Nov 2014 10+ MS (Information

Security), CASP
6 Ravi Chaubey May 2013 15+ CEH, CISA, ISO 27001 LA
7 Devesh Rawat Dec 2015 4.0 CEH
8 Anil Kumar Murkha Mar 2016 4.0 CEH
9 Yogendra Singh May 2016 8.0 CEH
10 Siddharth Shukla Jan 2015 5.0 CEH
11 Aniket Prasad Oct 2016 3.0 CEH, ISO 27001 LA
12 Pragya Varshney Jun 2016 4.0 CEH, ISO 27001 LA

20+
10+
10+
10+
20+
2+
50+
03
5+
es (UIDAI 30+ IT Act, CVC, RBI, SBI, DoT,
10+
10+
10+
urity audits:
02
12
06
00
50+
75+
mation security audits in Government and Critical sector
Qualifications related to
Information security
CISSP, CISA, MBCI,

ISO 27001
BS 7799 LA, ISO
27001 (Implementer –
Trained)
ITIL, ISO 27001
ISO 27001 LA, CISA
MS (Information
Security), CASP
CEH, CISA, ISO 27001 LA
CEH
CEH
CEH
CEH
CEH, ISO 27001 LA
CEH, ISO 27001 LA

13 Raghwendra Kumar Sep 2016 3+
14 Mahesh L Singh Jan 2017 3.0
15 Rohit Singh Chauhan June 2017 2+
16 Viswanathan G. Jan 2018 2.0
17 Rupika Feb 2018 2.0
18 Akshay Kumar K Mar 2018 4.0
19 Vaibhav Mittal Sep 2018 1.0
20 Akshay Bajaj Aug 2017 2+
21 Rahul Kumar Singh Aug 2017 2+
22 Dhruv Srivastava Oct 2017 2+
23 Manjyot Singh Oct 2017 2+
24 Himanshu Dubey Dec 2017 2.0
25 Amit shrivastava Mar 2018 2.0
26 Pankaj Singh Nov 2017 4.0
27 Sonu Sahu Sep 2018 1+
28 Mayank Agrawal Jan 2018 2.0
29 Parthsarthi Biswal May 2018 2.0
30 Deepika June 2018 2.0
31 Shreya Srivastava June 2018 2.0
32 Snehita July 2018 2.0
33 Sheela Aug 2018 2.0
34 Pritam Das Aug 2018 2.0
35 Faisal Shadab Sep 2018 2.0
36 Jyoti Sharma Oct 2018 1.0
37 Akankhyu Dixit Oct 2018 1.0
38 Sunil Kumar Jan 2017 5+

39 Shiva Sunar June 2016 4.0
40 Onkar Babar Sep 2013 6+
41 Prakash Chandra Binwal Feb 2018 12+
42 Alok Kumar Jun 2018 4+
43 Kunal Mahar Feb 2018 4+
44 Nilesh Yadav May 2018 2.0
45 Gurpreet Singh June 2018 2.0
46 Ankur Kumar June 2018 2.0
47 Suyog Sheode May 2018 2.0
48 Aakash Verma Sep 2018 4.0
49 Arjit Agrawal Jul-15 4+
50 Piyush Garg Jun 2016 4.0
51 Antony Ukken Jun 2018 2.0
52 Ankur Upadhyay Jun 2018 2.0
53 Bhupendra Koshariya Nov 2019 3.0
54 Arnav Shukla Jan 2019 1+
55 Devendra Kumar Yadav Jan 2019 1+
56 Harish Vanjari Feb 2019 3.0
57 Raghav Charan Mishra Feb 2019 4+
58 Bhumi Bobde Mar 2019 2+
59 Shubham Bhargava Mar 2019 3+
60 Sachin Singh Apr 2019 1+
61 Janmejay Singh Parihar Apr 2019 2+
62 Ali Ayub Khan June 2019 1+
63 Tarun Grover June 2019 1+
64 Abhishek Choudhary June 2019 1+

65 Amit Kumar July 2019 3.0
66 Rishi Raj Oct 2019 2+
67 Shubham Saxena July 2019 1+
68 Ome Mishra July 2019 1+
69 Prashant Thakur July 2019 1+
70 Aviral Jain July 2019 1+
71 Rupanshi Sharma Aug 2019 1+
72 Sahil Verma Aug 2019 1+
73 Sachin Sharma Aug 2019 1+
74 Nitin Sharma Oct 2019 1+
project value.
 Carrying out Cyber Security Audit for one of the National Level Power Sector
of SCADA system, Project value is approx. 1.3 Crore
 Carried out Infrastructure, Process & Security Audit of one of the competitio
online. Total Number of Nodes were approx. 2,00,000. 31 different cities with 27
value was approx. 70 Lakh
 Carried out IT Security Audit, ISO 25000 for one of the International Stock E
was approx. 43 Lakhs.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Freeware Tools
 Nmap, Superscan and Fport - Port Scanners
 Metasploit framework, Netcat, BeEF , Cain & able, Hydra, John the ripper - Penetr
cracking
 Process explorer, Sigcheck, Kproccheck - Windows Kernel & malware detection
 Netstumbler, Aircrack-ng suite & Kismet – WLAN Auditing
 OpenVas, W3af, Nikto - Vulnerability scanner
 Wireshark – Packet Analyser
Commercial Tools
 Nessus– Vulnerability Scanner
 Burp Suite, Acunetix - Web application auditing
 Passware: Password Cracking
 Mange Engine, Solarwind – Network Performance Testing
 Arbutus Analyzer - Migration Audit & Log Analysis
 Social Engineering ToolKit – Internet Evidence Finder
 Forensics Imaging and Analysis: FTK and Tableau, Paraben E3:DS
 Data Recovery Tool: E4SeUS Recovery Wizard
 CDR Analysis Tool: ASI CDR & Tower Dump Analysis Tool
 Video Forensics: Kinesense LE
 Mobile Forensics: MobilEdit, UFED4PC
 Proprietary Tools - ISA Log Analyzer, HaltDoS Web Application Firewall (WAF), Ha

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : No
13. Locations of Overseas Headquarters/Offices, if any : No
*Information as provided by AKS Information Technology Services Pvt. Ltd. on 20th Dec 2019
Ba
CEH
CEH
CEH
CEH
CEH
CEH
CASP
CEH
CEH
CEH, ISO 27001:2013 LA
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH, ISO 27001
CEH, ISO 27001
CEH, ISO 27001
CCNA, CEH
CEH
CEH
CEH
CEH
CEH, ISO 27001 LA
ISO 27001 LA, ACE
CASP
CASP
CASP
CASP
CHFI
CEH
CEH
CEH
ISO:27001 LA, ACE
CASP
ISO 27001 LA
CEH
CEH
CASP
CASP
CASP
CEH
CASP
CEH
CEH
CEH
CEH
CASP
CASP
CASP
CASP
pe (in terms of volume, complexity, locations etc.) along with
t for one of the National Level Power Sector Project including audit
pprox. 1.3 Crore
ss & Security Audit of one of the competition exam conducted
approx. 2,00,000. 31 different cities with 276 locations. Project
O 25000 for one of the International Stock Exchange. Project value
ommercial/ freeware/proprietary):
nners
Cain & able, Hydra, John the ripper - Penetration Testing & Password
k - Windows Kernel & malware detection

et – WLAN Auditing
canner
auditing
erformance Testing
og Analysis
vidence Finder
nd Tableau, Paraben E3:DS
y Wizard
Dump Analysis Tool
HaltDoS Web Application Firewall (WAF), HaltDoS Traffic inspector
Security Auditors / Experts : No

If yes, give details : No
eign based organization? : No
any : No
ology Services Pvt. Ltd. on 20th Dec 2019
Back
M/s Aujas Networks Pvt Ltd
1. Name & location of the empaneled Information Security Auditing Organization:
Aujas Networks Private Limited – Bangalore, Karnataka, India
 Network security audit – Yes
 Web-application security audit – Yes
 Wireless security audit – Yes
 Compliance audits (ISO 27001, PCI, etc.) – Yes
Govt. :
PSU :
Private :
5. Number of audits in last 12 months, category-wise (Organization can add categories b
handled by them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
6. Technical manpower deployed for informationsecurity audits:
CISSPs :
BS7799 / ISO27001 Las :
CISAs :
DISAs / ISAs :
Any other information security qualification :
CEH – 106, OSCP - 17
S. Duration with Experience in Qualifications related to
No. Name of Employee <Aujas Networks Pvt Information Information security
Ltd> Security
1 Anup V 7 months 4.3 years CEH
2 Brahma R 2.3 years 6.3 years CEH
3 Poornima 3.2 years 7.3 years Qualys VM, CEH,ISO 2013 LA
4 K Manoharan 1.4 years 4.2 years CEH, Qualys VM &Appscan, BISE,
Certified Web security Analyst
5 I John 5 months 5 years CEHv10, Python 3

6 Irfan Y 2.2 years 6.2 years CEH
7 Harpreet SP 4 months 5.2 years CEH
8 S Bansal 7 months 7.8 years
nce of CERT-In empanelled Information Security
rity Auditing Organization:

Karnataka, India
: 2008
– Yes
– Yes
– Yes
– Yes
:
02
00
147
149
anization can add categories based on project
90
110
12
16
dits:
07
14
06
00
418
security audits in Government and Critical sector
lifications related to
rmation security
CEH,ISO 2013 LA
VM &Appscan, BISE,
b security Analyst
hon 3
project value.
One of the Major Telecom giant in India (we cannot share the client details as we have signed NDA)
Complexity : Project involved Network Security assessment, VAPT of Web application, Mobile applic
review, Physical security, Risk Assessment, API Security assessment, Policy & Procedure review, Arc
code review.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Attache
If yes, give details
13. Locations of Overseas Headquarters/Offices, if any: - Yes (Branch Office)
India Bangalore – Head Office
#595, 4th Floor, 15th Cross, 24th Main, 1st Phase, JP
Nagar, Bangalore, India 560078.
Mumbai
1010, Meadows, Sahar Plaza, JB Nagar, Andheri - East
Mumbai, India 400059.
Gurgaon
Suite 4, U&I Corporate Center Plot 47, ECHELON,
Sector 32 Gurgaon, Haryana, India 122001.
United States Cupertino

19925 Stevens Creek Blvd. Suite #100 Cupertino, CA
95014, United States of America.
Jersey City
2500, Plaza 5, Harborside Financial Center, Jersey
City, NJ 07311, United States of America.
Middle East UAE

Saif Suite Z1-66, P.O. Box 121421, Sharjah, U.A.E.
Canada Ottawa
ume, complexity, locations etc.) along with
as we have signed NDA).

application, Mobile application, configuration
y & Procedure review, Architecture review, Secure
are/proprietary): Attached
Experts : No
ract etc.))
tails : No
tion? : No
anch Office)
400−1565 CARLING AVENUE, OTTAWA, ONTARIO
CANADA K1Z 8R1.
*Information as provided by Aujas Networks Private Limited on 24-Dec-19

Ba
n 24-Dec-19
Back
M/s Cyber Q Consulting Pvt Ltd.
1. Name & location of the empanelled Information Security Auditing Organization:
CyberQ Consulting Pvt. Ltd.# Satyam House, 59/15, 1st Floor, Guru Ravi Dass Mar

 Network security audit : Yes
 Web-application security audit : Yes
 Wireless security audit : Yes
 Compliance audits (ISO 27001, PCI, etc.) : Yes
 ISO 20000:1 : Ye
 GDPR and Business Continuity Planning : Yes
 Mobile Security Audit : Yes
 Information Security Policy preparation, review and assessment
against best security practices : Yes
 Process Security Testing : Ye
 Physical Access Controls & Security Testing : Ye
 Penetration Testing : Ye
 PKI Audit : Ye
 Industrial Control System Security Audit : Ye

Govt. :
PSU :
Private :
 Cyber Security Audit : 4
 Network Security Audit : 14
 Application Security Audit : 107
 Mobile Security Audit : 11
 Compliance audits (ISO 27001, PCI, etc.) : 12
6. Technical manpower deployed for information security audits :

CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security qualification : CEH – :
7. Details of technical manpower deployed for information security audits in Government and Critica
(indicative list only)
g Organization:
59/15, 1st Floor, Guru Ravi Dass Marg, Kalkaji Extension New Delhi – 110019 PH : 011-40548205 / 40544324Email : debopriyo.kar@cyberqindia.com
: 2002
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
sment
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
52
3
81
137
: 4
: 14
: 107
: 11
: 12
1
4
4
O
5
17
audits in Government and Critical sector organizations
S. Name of Employee Duration with Experience in Qualifications related to
No. <organization> Information Security Information security
1 Pankaj Thakur 5 years 7 years CEH

2 Mathew Verghese 5 years 11 Years - CISA - ISO 27001 LA
3 Debopriyo Kar 28 years 21 years CISA - Technical Expert for
JAS-ANZ (Australia) - IRCA
Certified ISO 27001 -
COBIT Foundation Certified
4 Pramod Pant 15 years 21 years CISSP , ISO 27001

And Many More…
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
value:
Sl NO Name of Project Scope Amount Location
1 An engineering consultancy service Appointment of Consultant Can be provided Delhi

provider for Implementation of on specific
Cyber Security Policy request
including ISO 27001:2013
Certification
2 A Hydropower generation company CONSULTANCY SERVICE Can be provided Faridabad

FOR INFORMATION on specific
SECURITY MANAGEMENT request
SYSTEM (ISMS, ISO
27001:2013)
IMPLEMENTATION
3 A non Banking financial sector Implementation of RBI Can be provided Delhi

master direction IT on specific
framework request
4 A largest petroleum company Provision of hiring of Can be provided Delhi

agencyof review of ISMS on specific
implementation and ISO request
27001
certification
5 National Research and Education providing consultancy Can be provided Delhi
Network services for obtaining on specific
ISO/IEC 27001:2013 request
certification.
6 Information data bank and Information Security Can be provided Delhi
communication system for Oil and Management System on specific
Gas companies (ISMS) as per ISO request
27001:2013
Standards or higher
7 Ministry of Defense Third Party Security Audit Can be provided Madhya Pradesh
on specific
request
omplexity, locations etc.) along with project
8 A National Aerospace company Network Security Audit Can be provided Bangalore
on specific
request
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):

S. Commercial / Open Source
No. Tool Name
1 Nessus Professional Commercial

2 Qualys Guard Commercial
3 Burp Suite Commercial
4 Acunetix vulnerability scanner Commercial
5 Commercial / Open Source
Nipper
6 Kali Linux - PT Framework Open Source

7 CIS Benchmark Open Source
8 CyberQ Proprietary Checklist
10. Outsourcing of Project to External Information Security Auditors / Experts : NO (If
oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : NO
12. Whether organization is a subsidiary of any foreign based organization? : NO If y

13. Locations of Overseas Headquarters/Offices, if any : NA.
*Information as provided by M/S CYBERQ CONSULTING PVT LTD. 19th Dec 2019, New Delhi
Ba
re/proprietary):
xperts : NO (If yes, kindly provide
: NO
on? : NO If yes, give details

: NA.
19th Dec 2019, New Delhi

Back
M/s Control case India Pvt. Ltd.
ControlCase International Pvt. Ltd.
Wing A, 3rd Floor, Corporate Centre, JB Nagar, Andher
400059, INDIA
 Network security audit : Y
 Web-application security audit : Y
 Wireless security audit : Y
 Compliance audits
(ISO 27001, PCI DSS, PA DSS, P2PE, ASV, HIPAA, SOC etc.) : Y
 Web Application Source Code Review : Y
 Advanced Penetration Testing Training : Y
 Virtualization Security Assessment : Y
 Mobile Application Security Audit : Y
 IoT Security Audit : Y
 Segmentation Penetration Test : Y
 Social Engineering : Y
Govt.
PSU
Private
Total Nos. of Information Security Audits done

handled by them)
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security qualification:
ISO27001 LIs :
CEH :
PCI QSA :
PA QSA :
PCI P2PE QSAs :
PCI 3DS Assessors :
PCI PIN Assessors :
HiTRUST CSF :
CSA STAR :
Auditing Organization :
al Pvt. Ltd.
rate Centre, JB Nagar, Andheri East, Mumbai –
: 2005
: Y
: Y
: Y
: Y
: Y
: Y
: Y
: Y
: Y
: Y
: Y
:
: 1
: 3
: 100+
ecurity Audits done : 500+
400+
250+
3+
600+
its :
8
25
8
0
11
17
20
4
4
4
2
5
1
ASV : 5
CISM : 6
CCNA : 4
ITIL : 8
ECSA : 2
OSCP : 3
S. Name of Duration with Experience in Qualifications related to Information security
No. Employee ControlCase Information
Security
1 Satyashil Rane 11+ Years 17+ Years PCI QSA, PA QSA, P2PE, CISSP, CEH, ASV,
ISO 27001 LA, 3DS Assessor
2 Ashish Kirtikar 8+ Years 10+ Years CISA, CISM, CEH, PCI QSA, ISO LA 27001,
HiTRUST CSF
3 Rajkumar 4+ Years 5+ Years MS Cyber Law and Info Sec, CISSP
Yadav
4 Shashank 7+ Years 9+ Years CISSP, CEH, ASV
Vaidya
5 Vaibhav 9+ Years 9+ Years CEH, ECSA, ASV
Mahadik
6 Chaitany 9+ Years 9+ Years CEH, ECSA, ASV
Kamble
7 Varun Kaushik 7+ Years 10+ Years CISM, PCI QSA, ISO 27001 LA, PCI PIN
Assessor
8 Akash Chavan 5+ Years 5+ Years OSCP, CEH, CHFI
project value.
Sr.No Client Description of services ( Relevant to Project Value
Scope of Work in this RFP, give
reference number
only)
1 One of the largest Financial PCI certification, Rs. 5000000
Service Provider in India Fire wall rule set review, Configuration
scanning of IT Assets, Application Security
scanning,
Log Monitoring 24 x 7, Internal vulnerability
scan, External vulnerability scan,
Internal and external penetration testing
2 One of the largest Bank in PCI DSS Certification Application Rs. 5500000
Vietnam Penetration Test Internal vulnerability scan,
External vulnerability scan,
3 One of the largest Bank in PCI DSS Certification Application Rs. 4000000
Brunei Penetration Test
5
6
4
8
2
3
150+
audits in Government and Critical sector
lume, complexity, locations etc.) along with

Internal vulnerability scan, Firewall Rule-Set
Review External vulnerability scan, Internal
and external penetration
testing
4 One of the largest PCI certification,

Merchant in Middle East Fire wall rule set review, Configuration
scanning, Internal vulnerability scan,
External vulnerability scan, Internal and
external penetration testing
5 One of the largest FinTech PCI certification,

company in Malaysia Fire wall rule set review, Configuration
scanning, Internal vulnerability scan,
External vulnerability scan, Application
Code Review Assessment

Commercial:
Netsparker Checkmarx Tenable Nessus Rapid7 Nexpose QualysGuard
Burp Suite Professional Nipper
Freeware / Open Source (Includes but not limited to below):
Kali Framework – Nmap, Netcat, cryptcat, Hping, Sqlmap, JTR, OpenVAS, SET, MSF, Airc
Cain
Fiddler Charlse Proxy Eco Mirage
Proprietary:
ControlCase GRC - ControlCase GRC is a consolidated framework that quickly a
enables IT governance, risk management and compliance (GRC) with one or seve
industry regulations simultaneously. It allows IT organizations to proactively addres
and implement a foundation that is consistent and repeatable.
ControlCase Compliance Manager (CCM) - Built upon the ControlCase GRC (C
provides an integrated solution to managing all aspects related to compliance. CCM allow
implement the processes, integrate technologies and provide a unified repository for all i
Compliance.
Card Data Discover (CDD) - ControlCase Data Discovery (CDD) addresses key
Data Discovery and is one of the first comprehensive scanners that not only sea
card data on file systems, but also in most commercial and open source databases, and
done WITHOUT installing any agents on any
scanned system. It scans the whole enterprise from one location.
ControlCase Compliance Scanner - ControlCase Compliance Scanner allows QSAs/
to streamline and automate the process of evaluating PCI compliance during onsite e
from leading vulnerability scanners and application scanners, along with cardhold
are processed by the Compliance Scanner to pre- populate approximately half the con

12. Whether organization is a subsidiary of any foreign based organization? : Y
ControlCase Holding
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033
13. Locations of Overseas Headquarters/Offices, if any : Y

Memorial Hwy, Suite 520, Fairfax, VA 22033
*Information as provided by ControlCase International Pvt. Ltd. on December 23, 2019.
Ba
Rs. 4000000
Rs. 6000000
s used ( commercial/ freeware/proprietary):
sus Rapid7 Nexpose QualysGuard
es but not limited to below):
ptcat, Hping, Sqlmap, JTR, OpenVAS, SET, MSF, Aircrack suite, Dirbuster,
GRC is a consolidated framework that quickly and cost- effectively

agement and compliance (GRC) with one or several government or
y. It allows IT organizations to proactively address issues related to GRC
consistent and repeatable.
er (CCM) - Built upon the ControlCase GRC (CC-GRC) platform and
anaging all aspects related to compliance. CCM allows organizations to
technologies and provide a unified repository for all information related to
ontrolCase Data Discovery (CDD) addresses key need of Credit Card

e first comprehensive scanners that not only searches for credit and debit
n most commercial and open source databases, and all this searching is
nts on any
enterprise from one location.
ner - ControlCase Compliance Scanner allows QSAs/Auditors and consultants
process of evaluating PCI compliance during onsite engagements. Results
ners and application scanners, along with cardholder data search features
Scanner to pre- populate approximately half the controls of PCI DSS.
ormation Security Auditors / Experts : No ( If yes, kindly provide

.))
ign Tie-Ups? If yes, give details : No
y of any foreign based organization? : Yes
e 520, Fairfax, VA 22033
s/Offices, if any : Yes 12015 Lee Jackson

22033
rnational Pvt. Ltd. on December 23, 2019.
Back
M/s Ernst & Young Pvt Ltd
Ernst & Young Pvt Ltd
Golf View Corporate Tower B, Sector 42, Sector Road, Gurgaon, Ha
2. Carrying out Information Security Audits since : January 2001

 Network security audit (Y/N) : Y
 Web-application security audit (Y/N) : Y
 Wireless security audit (Y/N) : Y
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y
Govt. : 15+
PSU : 15+
Private : 90+
Total Nos. of Information Security Audits done : >120
handled by them)
CISSPs : 10+
BS7799 / ISO27001 LAs : 70+
CISAs : 70+
DISAs / ISAs : 2+
CISM : 10+
CEH : 15+
organizations (attach Annexure if required)*
S. Name of Employee Duration with EY Experience in Qualifications related to
No. LLP Information Security Information security
1 Sunil Agarwal 2+ years 36+ Years  Info Security Course at SEI,

CMU, Pittsburgh
 CISSP
2 Burgess Cooper 4+ years 21+ years  CISA

 CISSP
 CISM
Organization:
or Road, Gurgaon, Haryana 122002, India
: January 2001
+
+
+
120
n can add categories based on project
+
+
+
+
udits in Government and Critical sector

S. Name of Employee Duration with EY Experience in Qualifications related to
No. LLP Information Information security
Security
 CGEIT
 CIPP
3 Kartik Shinde 9+ years 17+ years  CISSP

 CEH
 GCFW
 MCSE Certified BS7799
Implementor
4 Rajesh Kumar D 12+ years 17+years  CISSP
5 Vidur Gupta 5+ years 15+ Years  CISM

 CISA
 CRISC
 Certificate of Business
continuity Institute (CBCI)
 DSCI Certified Private Lead
Assessor
 GCHQ
6 Navin Kaul 11+ years 13 + Years  CISA

 ISO 27001 LA STQC
 ISO 27001:2013 LI
 Advanced Auditing for CSA
STAR Certification
7 Lalit Kalra 10+ years 12+ years  CISA

 CIPM
 ISO 27001:2013 LA
8 Arindam Mandal 10+ years 12+ Years  ISO 27001:2013 LI and LA

 CISA
 ISO 22301 LA
STAR Certification
9 Kiran Kumar K 11+ years 12.5 Years  CISM

Vinjamuri  ISO 27001:2013 LA
10 Aseem Mukhi 5+ years 11+ Years  CISM

 DSCI Certified Privacy lead
assessor
STAR Certification
 ISO 27001:2013 LA
11 Anand Mohan Jha 1+ year 16 + Years  CISSP

 GPEN: GIAC Penetration Tester
 OSSTMM Professional Security
Expert (OPSE)
 GCIH: GIAC Certified Incident
Handler
 ISO/IEC 27001:2013
Lead Auditor
 CISA
 CCSK: Certificate of Cloud
Security Knowledge
12 Mayank Lau 1+ year 11 + Years  CISM

 ISO 27001:2013 LA
13 Suhas Ranjan 1.5+ years 10+ Years  ISO 27001:2013 Lead

Auditor
STAR Certification
14 Dhairya Giri 5+ years 9 Years  Certified ISO 27001:2013,

Lead Implementer
 CISA
 Cyber Incident Response
Planner
 CIPR- GCHQ certificate
 ISO 20000:2011 Lead
Auditor
15 Murari Sharma 7+ years 9 Years  ISO 27001:2013 LI and LA

 Qualys: Vulnerability
Management
 Qualys: Policy Compliance
 ISO 22301 Lead
Auditor(BCMS)
STAR Certification
16 Anitha Sridevi V 3+ years 12+ Years  ISO 27001:2013 -

Certified Lead Auditor
 Certified Ethical Hacker (CEH)
Management
 EC-Council Certified Security
Analyst v9(ECSA)
17 V G R Phani Kumar J 9.3+ years 12+ Years  CISM

Management
18 Zaman Akhtar 5+ years 11 Years  ISO 27001:2013 LI

 ISO 22301 LA
Management
 CEH
19 Shuchika Bhanot 1.7+ years 8 Years  ISO 27001:2013 LA
 ISO 22301 LA
STAR Certification
20 Aayush Ankesh 3+ years 8 years  ISO 27001:2013 -

 Check Point Certified Security
Administrator
Management
STAR Certification
 CEH Certified
21 Avinash Kumar 5+ years 8+ Years  ISO/IEC 27001:2013

(Lead Auditor)
 Certification in I.T Security
from IIBF
 Certification in Cyber Crime
and Fraud Management from IIBF
Management
STAR Certification
22 Nachiketa Sharma 3.5+ years 8 + Years  ISO27001:2013 LI and LA

Management
23 Nirmalendu Ray 2.9+ years 9+ Years  ISO/IEC 27001:2013 LI

and LA
Management
24 Sharmistha 3+ years 5 + Years  CISA

Mukhopadhyay  ISO 27001:2013 Lead
Auditor
 CSA STAR Lead Auditor
 Qualys- Vulnerability
Management and Policy
Compliance
25 Ipsa Sinha 3+ years 5+ Years  ISO/IEC 27001:2013
Lead Auditor
Management
STAR Certification
26 Nitin Kumar Pote 3+ years 5.3 Years  ISO 27001:2013 LA
27 Sainath R Shenoy 7+ years 8 Years  Qualys: Vulnerability

Management
 ISO 27001:13 LA
28 Ajitesh Rai 2+ years 4+ Years  CISA

 ISO 27001:2013 LA
 ISO 22301 LA
29 Aniket Burande 2+ years 3+ years  ISO/IEC 27001:2013

Lead Auditor
 ISO 22301 LA
30 Rahul Singh 2+years 5+ years  ISO 27001:2013 LA

 CISE
 ECSA
* This is an indicative list of individuals.Ernst and Young LLP has an exhausti

employees having capabilities and expertise in information security.
project value.
 Advisory for ISO 27001 Implementation & Certification for
Network, which involved end to end certification of more than 10 locatio
 Third Party Audit for State Wide Area Network and S

Centres(Vulnerability Assessment - 500+node).
An indicative list of tools used are as follows:
Freeware
 Nmap -- Port scanner
 Nessus -- Vulnerability scanner
 Nikto -- Web server/application vulnerability scanner
 Metasploit Framework – Exploit code development framework for penetration tests
 Peach – Python based fuzzer framework
 Libnet – High level API for construction & injection of network packets
 WireShark – Network protocol analyzer
 Ettercap - Terminal-based network sniffer / interceptor / logger for ethernet LANs
 Somersoft -- Security configuration, registry entries and access control lists on syste
 running the Windows operating system.
Commercial
 App Detective -- Vulnerability assessment and review of security configuration of My
 Oracle, Sybase, IBM DB2, MS SWQL Server, Lotus Notes/Domino, Oracle Application
 Server, Web Applications.
 Bv-Control Suite -- Security assessment -Microsoft Windows, Active Directory, Micros
 Exchange, Microsoft SQL Server, UNIX (Sun Solaris, HP-UX, AIX, Red Hat and SUSe
 Linux), Internet Security, Check Point Firewall I
 HP WebInspect – Web application security assessment
 IPLocks VA – Database configuration and vulnerability assessment
 Immunity Canvas – Vulnerability exploitation framework for penetration tests
 eTrust -- Online vulnerability management framework.
 Bv-Control -- Security and segregation of duty review for SAP
Proprietary
 iNTerrogator -- Review of security configuration of systems running the windows
 operating system.
 *nix scripts -- A collection of scripts to assess the security configuration including file
 level ACLs on *nix systems (SCO OpenServer, Linux, HP-Ux, AIX, Solaris, *BSD).
 Spider -- Web application security assessment
 FakeOra -- Security assessment of 2-tier applications that use Oracle 8i (and above) as
 the RDBMS).
 S-SAT -- A traveling SAP Security tool.
 Permit -- ERP risk assessment and control solution tool.
 Assessor -- Configuration review of Oracle Financials system.
 WebSmack – Web application inventory and vulnerability assessment
 EY/Mercury – Web based technical work plan generator to perform security configuration
 review of IT infrastructure
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
registered in India with Registrar of Companies under Ministry of Corporate Affairs. E
in 150 countries which provide services across Assurance and Advisory Business Ser
Transaction Advisory Services.
12. Whether organization is a subsidiary of any foreign based organization? : Yes
Ernst & Young LLPis registered in India with Registrar of Companies under Ministry o
EY’s Global Headquarter is in London.
Address
25 Churchill Place Canary Wharf E14 5EY London
phone: +44 20 7951 2000
fax: +44 20 7951 1345

Ernst & Young LLPis registered in India with Registrar of Companies under Mini
Affairs. EY has its 700 offices in 150 countries
*Information as provided by Ernst and Young LLP on 23rd December 2019
Ba
g LLP has an exhaustive strength of
tion security.
& Certification for National Knowledge

f more than 10 locations across India.
ea Network and State Data
re/proprietary):
k for penetration tests
k packets
ger for ethernet LANs
ess control lists on systems

urity configuration of MySQL,
mino, Oracle Application
, Active Directory, Microsoft

AIX, Red Hat and SUSe
sment
penetration tests
g the windows
ration including file

Solaris, *BSD).
cle 8i (and above) as
ent
security configuration
Experts : No
: Yes Ernst & Young LLPis

of Corporate Affairs. EY has its 700 offices
Advisory Business Services, Tax,
tion? : Yes
anies under Ministry of Corporate Affairs.
: Yes,
Companies under Ministry of Corporate
mber 2019
Back
napshot of skills and competence of CERT-In empanelled Information Security Auditing Or
M/s NETMAGIC IT SERVICES PVT. LTD.

Netmagic IT Services Pvt. Ltd.
Lighthall 'C' Wing, Hiranandani Business Park, Saki Vihar Road, Ch
(East) Mumbai 400 072
 Network security audit (Y/N) : YES
 Web-application security audit (Y/N) : YES
 Wireless security audit (Y/N) : YES
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : YES
 Red Team Assessment (Y/N) : YES

Govt. :
PSU :
Private :

handled by them)
Network security audit : 56
Web-application security audit : 34
Wireless security audit : 1
Compliance/ other audits (ISO 27001, PCI, etc.) : 22
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
1 Srinivas Prasad 12 years 12 years CISC, CPH, CPFA, ISO

27001 LA, CPISI
2 Subramaniam 4 years 9 years CISSP, CCSP, CCNP
Mariappan
3 Bhushan Pandloskar 9 years 16 years ISO 27001 LA, CISC
4 Ashish Agrawal 6 months 2 years ISO 27001 LA, ECIH

Security Auditing Organisation
rganization :
, Saki Vihar Road, Chandivali, Andheri
: 2006
: YES
: YES
: YES
: YES
: YES
: 0
: 0
: 37
: 37
56
34
1
22
: 2
: 4
: NA
: NA
: 32
: 38

5 Sandeep Kand 1 year 4 year ISO 27001 LA
project value.
Out of 25+ large projects of Netmagic, one of the largest and complex project was to
Security with following detail scope.
The scope of entire activity includes:
 Vulnerability Assessment / Penetration Testing
 Configuration Audit of Network Devices
 Technical /Configuration Assessment of (Windows and Unix) Servers
 Policy and Process review & Audit
 Red Team Assessment
 Breach Assessment

Open Source
 Webscarab/Paros/Burp
 Grendle scan/Nikto/w3af
 KALI Linux
 Dir buster
 WebSecurify
Commercial
 Nessus
 Hacker Guardian
 Netgear Wi-Fi Scanner
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes

YES. Oversight through formal contract and purchase order terms and conditions
NTT Limited
*Information as provided by Netmagic IT Services Pvt. Ltdon 23-12-2019
Ba
Snapshot of skills and competence of CERT-In empanelled Information Security Auditing O
M/s Network Intelligence India Pvt. Ltd.

Network Intelligence India Pvt. Ltd. 5th Floor, Lotus B
Off Andheri Link Road, Andheri West, Mumbai – 4000

CATEGORY: ASSESSMENT
Subcategory:Technical Security Assessments
Network Security: Yes
Web Applicationand Web Services Security: Yes Mobile Application / Thick-Client: Yes
Source Code Review: Yes
Infrastructure VAPT, PCI ASV Scanning: Yes VOIP and IVR Testing: Yes
Configuration Review (Operating Systems, Databases, Network Devices): Yes Configurat
Solutions such as PIM, DAM, WAF, etc.): Yes Wireless Security Audit: Yes
Subcategory: Strategic Assessments
ERP Security (SAP, Oracle): Yes Cloud Security Assessment: Yes
Application Security Design Review: Yes Banking Products - SWIFT, Finacle, etc.: Yes De
Blockchain Assessment: Yes SDLC Gap Assessment: Yes
OT and IoT Security Assessment: Yes ICS Security Assessment: Yes
Subcategory: Offensive Assessments
RedTeam Assessment: Yes Adversary Simulation: Yes Password Cracking: Yes DDoS Sim
Bug Bounty Program: Yes Phishing / Spear Phishing: Yes Vishing, Smshing: Yes
Subcategory: Advisory and Consulting
Technical Security Audits: Yes
Maturity Assessment as per frameworks (C2M2, NIST, etc.): Yes War Game Assessment:
Remediation Consulting: Yes
Data Flow and Data Classification: Yes Awareness Drills: Yes
CATEGORY: Governance Risk & Compliance Subcategory: Consulting:

a. ISMS ISO 27000 Series implementation: Yes
b. Implementation of Cloud security against CSA STAR, transition consulting: Yes
complex project was to carry out Information
d Unix) Servers
e/proprietary):
xperts : Yes ( If yes, kindly provide
conditions
ls : No
zation? : Yes If yes, give details
: No
12-2019
Back
n Security Auditing Organisation
rganization:
Ltd. 5th Floor, Lotus Business Park,
West, Mumbai – 400053. India
: 2001
n / Thick-Client: Yes
g: Yes
evices): Yes Configuration Review (Security
dit: Yes
T, Finacle, etc.: Yes DevOps Security: Yes
Yes
Cracking: Yes DDoS Simulation: Yes

Smshing: Yes
War Game Assessment: Yes
: Consulting:
ition consulting: Yes

c. BCMS ISO 22301 Implementation: Yes
d. ITSM ISO 20000 Implementation: Yes
e. Risk management ISO 31000 consulting: Yes
f. GDPR and Privacy related implementation: Yes
g. SWIFT Service Bureau compliance requirements consulting: Yes
h. HIPPA, HITRUST implementation: Yes
i. SSAE 18 SOC 1, SOC 2, SOC 3 compliance and certification: Yes
Subcategory: Auditing:
a. IT Security Audit: Yes
b. Information Systems Audit: Yes
c. Infrastructure Audits: Yes
d. Network security audits: Yes
e. Internal Audits for ISMS, BCMS, Cloud Security: Yes
f. Cyber Security Audits: Yes
g. Regulatory Compliance Audits for all regulators: Yes
h. GDPR Assessment: Yes
i. IOT/ SCADA maturity assessments based on NIST: Yes
j. SWIFT CSP Audits: Yes
k. HIPPA third party assessment: Yes
l. Third Party Audits/ Vendor Risk Management: Yes
4. Information Security Audits carried out in last 12 Months: Govt.& PSU:70+
Private:500+
Total Nos. of Information Security Audits done:570+

handled by them)
Network & wireless security audit:100+ Web-application security audit: 400+
Compliance audits (ISO 27001, PCI, etc.):80+ ICS & OT Security Audits:5

Technical Certifications of Team Members
Certified Ethical Hacker
Offensive Security Certified Professional (OSCP
Certified Information Security Consultant (CISC)
Certified Information Systems Auditor (CISA) & Certified Information Systems Security
Professional (CISSP)
Associate Fellow of Business Continuity Institute (AFBCI by The BCI, UK) / Certified Business
Continuity Professional (CBCP by DRI International USA)
CREST Certified
PCI DSS Qualified Security Assessor (QSA)
ISO 27001 Lead Auditor / Lead Implementer/ ISO9001 / ISO 14001 / ISO23001 / BS25999 /
ITIL / ISO20000 / ISO22301
Cyberark/Imperva/QRadar/Arcsight Certified
Certified Professional Hacker (CPH) / Certified Professional Forensics Analyst (CPFS)
Total Nos. of Technical Personnel in the organisation

S. Name of Duration Experience in Qualifications related to Information security
No. Employee with<organization> Information
Security
nsulting: Yes
tification: Yes
es
Yes
Months: Govt.& PSU:70+
(Organization can add categories based on project
n security audit: 400+

T Security Audits:5
ity audits:
Count
119
15
131
10
2
5
45
30
149
450+
ation security audits in Government and Critical sector
ated to Information security
1 KKM 18 18
2 AG 6 12
3 AM 3 24
4 SA 9 9
5 SS 1 44
6 WH 11 11
7 MA 2 5
8 NRS 4 5
9 UP 7 7
10 SS 4 9
11 VV 2 20
12 MS 4 5
13 MS 4 7
14 SJ 5 5
15 AS 4 5
16 GS 2 7
project value.
Project Category: Industrial Control System Cybersecurity Assessment
Client: One of India’s Largest Private sector Power Company
Location: 27 plants across India
Value: Rs.2.5 crore+
Requirement / Scope: In late 2018, the client asked us to help them dramatically impr
readiness by achieving a cybersecurity maturity model across the 5 business units using
frameworks, standards and regulatory compliance controls. These controls had never be
their 75 power plants and was thought to be too high a bar for application to these syste
wanted to maintain a consistent program across both IT and OT and, hence, established
of their assets.
During the 6-month project we worked hand in hand with the client to not only establish
convergence cybersecurity program in their OT environment, but to also build a sustaina
and security management road map with integrated cybersecurity blueprint of their digit
journey. Assessment and Risk Road map provided them visibility into their gaps, vulnera
design flaws. Our Security Assessment and Program ensured compliance but also captur
investment, speeds resolution of emerging events and provides unparalleled visibility int
practices.
 Leveraged the tool to make changes to assets and networks – e.g., removal of decom
software across all sites, elimination of unnecessary services and ports, implementation
devices where feasible, etc.
 Record technical feasibility exceptions for any devices where the control was not feas
compensating controls in their place
 Creation/revision of procedures for areas such as patching, change management, etc
 Lockdown application whitelisting

 Leverage the assessment tools installed in phase 1 to provide ongoing assessmen
patch updates, new asset discovery, change management alerting, etc.
1. Qualys
2. Nessus
3. BurpSuite
4. Firesec
5. Checkmarx
6. Kali Linux Suite

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Y
We have partnered with various international security solutions which we are reselling and /
the region. Some of the 3rd party products are:
1. IBM QRadar
2. HP ArcSight & Fortify
3. Qualys
4. Tenable Nessus
5. Appknox
6. Checkmarx
7. TripWire
8. Cylance
9. CyberArk
10. CyberX
13. Locations of Overseas Headquarters/Offices, if any:

Listing of our branch offices is given below
USA
Network Intelligence LLC 16192, Coastal Highway,
Lewes, Delaware 19958, County of Sussex
UAE
Network Intelligence India Pvt Ltd 803, Blue Bay Tower, Business Bay, Dubai, United Arab Emirates
Singapore
Network Intelligence Pte Ltd 30 Cecil Street
#19-08 Prudential Tower
Singapore (049712)
*Information as provided by Network Intelligence India Pvt. Ltd. on 23rd December 2019
Ba
PCI QSA, CISA, CISSP
CCNA, ITIL v3
CISA, ISMS & BCMS LA, Cloud
Security CSA Star Certified Auditor, ITIL4,
COBIT5, COBIT 2019
LA – ISMS, BCMS, PCIQSA, ISO 27001 LA
AFBCI, CBCP, CRISC, LA – ISO 22301 /

27001 / 20000 / 9001
CPH, ISO 27001 LA
ITILv3 Foundation, PRINCE2 Foundation and
Practitioner
PCIQSA, CISM, ISO 27001 LA
CCSK v4, CISM, PCIQSA, CISA, CSA STAR
Auditor, ISO 27001 LA, CEH
CISSP, CISA, CEH, CCNA, LA ISMS, BCMS,
ITSM
ISO 27001 Lead Implementer, ISO 20000
Practitioner,
OSCP, CEH, CCNA, Crest
Certification
OSCP, CEH, ISO 27001 LA
CREST, CRT, OSCP, ISO 27001 LA
OSCP
CISA, OSCP, ITIL, CEH, CHFI, ECSA
handled in terms of scope (in terms of volume, complexity, locations etc.) along with
y: Industrial Control System Cybersecurity Assessment

dia’s Largest Private sector Power Company
ts across India
re+
pe: In late 2018, the client asked us to help them dramatically improve their cybersecurity
ng a cybersecurity maturity model across the 5 business units using combination of
ds and regulatory compliance controls. These controls had never been applied at scale across
and was thought to be too high a bar for application to these systems. However the client
consistent program across both IT and OT and, hence, established the same objective for all
project we worked hand in hand with the client to not only establish a comprehensive IT/OT
curity program in their OT environment, but to also build a sustainable, dynamic compliance
ment road map with integrated cybersecurity blueprint of their digital transformation
and Risk Road map provided them visibility into their gaps, vulnerabilities, risk posture and
curity Assessment and Program ensured compliance but also captured value from their
esolution of emerging events and provides unparalleled visibility into otherwise disconnected
ol to make changes to assets and networks – e.g., removal of decommissioned/unnecessary

tes, elimination of unnecessary services and ports, implementation of complex passwords on
e, etc.
feasibility exceptions for any devices where the control was not feasible, and develop
ls in their place
of procedures for areas such as patching, change management, etc.
ication whitelisting
assessment tools installed in phase 1 to provide ongoing assessment in real time – e.g.,
w asset discovery, change management alerting, etc.
urity Audit Tools used (commercial/ freeware/proprietary):
te
arx
x Suite
to External Information Security Auditors / Experts : No ( If yes, kindly provide

oU, contract etc.))
n has any Foreign Tie-Ups? If yes, give details : Yes
various international security solutions which we are reselling and / or providing support in
3rd party products are:
adar
ght & Fortify
Nessus
x
arx
n is a subsidiary of any foreign based organization? : No If yes, give details
as Headquarters/Offices, if any:
ven below
Coastal Highway,
of Sussex
d 803, Blue Bay Tower, Business Bay, Dubai, United Arab Emirates
Cecil Street
work Intelligence India Pvt. Ltd. on 23rd December 2019

Back
M/s Net-Square Solutions Pvt. Ltd

Net Square Solutions Private Limited.
1, SanjivBaugbaug, Near Parimal Crossin
380007, Gujarat.
(CERT-IN empaneled since 2013)

Govt. :
PSU :
Private :
5. Number of audits in last 12 months,
Network Security Audits
Application Security Audits
CISSPs : 1
BS7799 / ISO27001 LAs : 1
CISAs : 1
DISAs / ISAs : <number of>
Other security certifications are mention
Number of Analysts with other certifications -
Mention the number of Analysts with other certifications below
NSCE : 1
CEH : 15
CCNA : 3
Net Square also runs its own certification program ca
Certified Expert (NSCE). Details of this are also availa
provided above.
7. Details of technical manpower deployed for information security audits in Government and C
This is confidential information. Kindly contact us on the contact details provided abo
technical manpower.
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
value.
Net Square takes its non-disclosure agreement with customers very seriously and th
position to share this information. Kindly contact us on the contact details provided a
testimonials.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):Net Squa
methodology for testing all kinds of IT environment ranging from network, thick clien
application, mobile application, IoT devices etc. For details of the methodology and a
use, kindly contact us as the details provided above.
10. Outsourcing of Project to External Information Security Auditors / Experts:(If yes, kindly p
arrangement (MoU, contract etc.) : Yes, this is done ba
requirement of client and fitment of a partner with whom Net Square has partnership
these agreements are governed by Non- Disclosure clauses, we cannot provide such
public domain. We bring in the right partner to the table when we see a need for one
11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes. Cannot provi
Disclosure agreements with our foreign partners.
*Information as provided by Net Square Solutions Private Limited on February 24, 2019
Ba
nformation Security Auditing Organisation
Solutions Private Limited.
augbaug, Near Parimal Crossing, Paldi, Ahmedabad -
ujarat.
: 2001
: Y
: Y
: Y
: Y
:
5
1
25+
50+
: 25+
: 25+
dits :
1
1
1
<number of>
rity certifications are mentioned below in Clause 7

tions -
rtifications below
1
15
3
own certification program called Net Square
Details of this are also available from the contacts
curity audits in Government and Critical sector
e contact details provided above for details of
s of volume, complexity, locations etc.) along with project
stomers very seriously and therefore is in no

the contact details provided above for customer
freeware/proprietary):Net Square has a proprietary

nging from network, thick client application, web
ails of the methodology and a list of tools that we
uditors / Experts:(If yes, kindly provide oversight
: Yes, this is done based on the
om Net Square has partnership agreements. Since
uses, we cannot provide such information on a
e when we see a need for one.
give details: Yes. Cannot provide details due to Non-
sed organization? : No
: No
imited on February 24, 2019
Back
M/s Paladion Networks Pvt Ltd

Paladion Networks Pvt Ltd Head Office
Shilpa Vidya 49, 1st Main, 3rd Phase, JP Nagar,
Bangalore-560078
2. Carrying out Information Security Audits since : <Year>: 2000

 Network security audit : Ye
 Web-application security audit : Ye
 Wireless security audit : Ye
 Compliance audits (ISO 27001, PCI, etc.) : Ye
 Source Code Review : Y

Govt. : m
PSU : m
Private : m
Total Nos. of Information Security Audits done : m
5. Number of audits in last 12 months , category-wise (Organization can add categories base
them)
Network security audit : 1000+ IP addresses
Web-application security audit : 500+ applications
Wireless security audit : 20+ locations Complian
PCI, etc.) : 25+

CISSPs : 10+
BS7799 / ISO27001 LAs : 25+
CISAs : 10+
DISAs / ISAs : 5+
Any other information security qualification : 50+ CEH Total No
: 700+
organizations (attach Annexure if required):
We have 700+ technical personnel who are into information security projects. H
them-
S. Name of Duration Experience in Qualifications
rganization :
2000
Yes
Yes
Yes
Yes
Yes
more than 5
more than 5
more than 50
more than 100
an add categories based on project handled by
1000+ IP addresses
500+ applications
20+ locations Compliance audits (ISO 27001,
50+ CEH Total Nos. of Technical Personnel
n security projects. Here are a few of

No. Employee with Information Security related to Information
Paladion security
1 Balaji V 10+ yrs 10+ yrs CISSP
2 Sanjeev Verma 9+ yrs 9+ yrs CISSP
3 Prashant Kumar Verma 9+ yrs 10+ yrs CISSP, Digital Evidence

Analyst, Cyber Crime
Investigator, Qualys Certified
Specialist
4 Santosh Jadhav 5+ yrs 10+ yrs CEH, CISSP
5 Shahabuddin Siddiqui 6+ yrs 8+ yrs Certified Web Hacking &

Security, Professional, ITIL
v3, Qualys Certified
Professional
6 Dawood Haddadi 6+ yrs 8+ yrs Certified Web Hacking

Security Professional, ISO
27001 Lead
Auditor
7 Hardik kumar Vashi 5+ yrs 8+ yrs CISA (1297325), ISO27001
LEAD AUDITOR
(ISM01MO913-0103), CCNA
(CSCO11433404), QSA
8 Hariharan Anantha 5+ yrs 8+ yrs ISO 27001, CEH, QSA

Krishnan
project value.
We execute 500+ projects each year globally. Here are a few of them-
S.No Customer Details Scope Project Value
1 Global Bank with Delivery Centre a) Secure configuration review Rs. 5 crore+
in India b) Firewall rule base audit
c) Internal penetration test
d) External penetration test
e) Host discovery
f) Web application vulnerability scan
2 A large PSU in Western India a) Secure configuration review Rs. 1 crore+

b) Source Code Review
me, complexity, locations etc.) Along with
a few of them-
c) Internal penetration test
d) External penetration test
e) Policy and Procedures
f) Web application penetration
3 A large Private Bank in India a) Security Testing Rs. 3 crore+

b) Security Monitoring
c) Threat Advisory
4 Large IT company in South India 25 Web Application Per quarter, 30IPs Per Rs. 1 crore+
Quarter-Network Penetration Testing, 10
Applications Per Year-Code Review, 10
Mobile Application Testing

S. No Activities Security Audit tools
1 Network Penetration Testing KALI Linux, Nslookup, Dnsrecin, Dnsmap, Metagoofil, fragroute,
whisker, Nmap, Firewalk, SNMPc, Hping, xprobe, Amap, Nessus,
Nikto, L0phtcrack, John the ripper, Brutus and Sqldict.
2 Wireless Penetration Testing AirSnort, WinDump, Ethereal, WEPCrack, NetStumbler, Kismet,

AirTraf, WaveStumbler, Aircrack-ng Suite & Ettercap
3 Internal Vulnerability Scanning Qualys Guard & Nessus Professional
4 Application Security Assessment Burp Proxy and Scanner, Paros Proxy and Scanner, Wireshark,
Winhex, , CSRF Tester, Elixan, OpenSSL, tHCSSLCheck, Firefox
Extensions, NetSparker
5 Social Engineering KALI Linux, Paladion tools
6 ASV Scans Qualys professional
7 War Driving Netstumbler, Kismac, or Kismet
8 Source Code Review Checkmarx & Paladion Preparatory tool
9 Configuration Review RISKVU IST, Tenable Nessus
10. Outsourcing of Project to External Information Security Auditors / Experts: No

*Information as provided by Paladion Networks Pvt Ltd. on 10/09/2012
Ba
re/proprietary):
agoofil, fragroute,
be, Amap, Nessus,
Sqldict.
Stumbler, Kismet,
tercap
nner, Wireshark,
SSLCheck, Firefox
Experts: No
n 10/09/2012
Back
M/s PricewaterhouseCoopers Pvt. Ltd

PricewaterhouseCoopers Pvt. Ltd.
Building 8, 7th Floor, Tower C, Dlf Cyber City, Gurgaon, Haryana 122002

 Mobile Application Security Testing (Android & IOS ) : Yes
 Secure Code Review
(Java, .Net, Python, C/C++, Android, IOS etc.) : Yes
 Configuration Testing : Yes
 Red Teaming Exercise : Yes
 API Testing (Java, .Net, Python etc.) : Yes
 Security Architecture Review : Yes
 Data Protection Compliance Audit
(IT Act Sec 43A compliance, Upcoming Data Protection Act of India etc.) : Yes
 Regulatory Information Security Audit (Aadhaar
(AUA , Sub-AUA etc.) , RBI, IRDAI etc.) : Yes
Govt. :
PSU :
Private :
handled by them)
 Network security audit : 200+
 Web-application security audit : 500+
 Wireless security audit : 50+
 Compliance audits (ISO 27001, PCI, etc.) : 200+
6.Technical manpower deployed for information security audits :

CISSPs :
OSCP :
CEH :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
elled Information Security Auditing Organisation
ecurity Auditing Organization:
Cyber City, Gurgaon, Haryana 122002
: 1992
)
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
of India etc.) : Yes
: Yes
s:
50+
10+
250+
300+
e (Organization can add categories based on project
: 200+
: 500+
: 50+
: 200+
urity audits :
5+
10+
50 +
80+
12+
None
500+
600+
We have over 600 + technical manpower involved in Government & Crit
organizations across organization. For a reference purpose we are sharing deta
resources here below. Additional resource details can be submitted if required.
S.no. Name of the Duration Experience in Information
employee with PwC Security
14 years 10
1 Rahul Aggarwal 19 years
months
5 years 7
2 Rajinder Singh 14 years
months
3 VikasSood 2 years 27 years
4 Manish Gupta 7 years 2 9 years

months
4 years 1
month
5 Ankit Goel 10 years
5 years 8
6 FaizHaque 7 years
months
technical manpower involved in Government & Critical Sector
nization. For a reference purpose we are sharing details of 10
tional resource details can be submitted if required.
Information Security
· CISSP
· BS7799 Lead Auditor
· ISO 20000 Lead Auditor
· CISSP
· CIPP/US CIPP/E
· DCPP
· CEH
· BCCS
· CISRA
· CCNA
· ISO31000
· ISO27001
CISM CISSP CISA

GIAC Certified Incident Handler (GCIH)
COBIT TOGAF CHFI CEH ECSA LPT
ISO 22301
· CEH
· Oracle certified Java Professional
· OSCP
· CEH
· OWASP Member
· ISO 27001 Lead Auditor – Information

Security Management System (ISMS)
· ISO 22301: 2012 Lead Auditor –
Business Continuity System
· BS 10012 – Personal Information
Management
· DSCI Certified Privacy Professional
(DCPP)
· ISO 27001 Lead Implementer –
Information Security Management
System (ISMS)
· TOGAF 9 – The Open Group
Architecture Framework
7 Anas Viquar 12 years 12 years
2 years 4
months
8 G Karthik 2 years 4 months
2 years 6
9 Swapnil Sharma 7 years
months
10 Nagesh Gautam 5 years 7 years
project value.
PwC PL has done more than 100 Cyber security project in India in last 1 year. Some o
1. Unique Identification Authority of India PwC PL is assisting UIDAI with Governa

and Performance for the internal and external ecosystem including Forensics and F
vulnerability assessment and penetration testing of IT applications and infrastructure, ne
across different locations.
2. Central Board of Indirect Tax and Customs
CBIC’s IT infrastructure and core business applications are managed by multiple vendors
of the IT infrastructure and multi-vendor environment, CBIC required assistance wit
implementation of over all security governance, ISMS framework, contract governance,
framework in line with ISO 27001 standard, VAPT, WASA, third party security compli
audits.
3. State Bank of India
PwC was involved in providing the following governance, risk, and compliance (G
of information security, cyber security: Control testing, VAPT,WASA, Security and p
assessments, Security program management and evaluation, among others.
· ISO27001 LI
· BS 25999 Lead Implementer
· Six Sigma Green Belt
· Offensive Security Certified

Professional (OSCP)
· ISO 9001:2015 Lead Auditor
· Relevant OEM Certifications: Certified

in ArcSight Enterprise Security Manager
· Red Hat Certified Engineer
· CEH
· OSCP
· CCIE
· CEH - Certified Ethical Hacker v7

· ECSA - EC-Council Certified Security
Analyst v4
· NXA – Rapid7 Certified Nexpose
Administrator
· QCSVM – Qualys Certified Specialist in
Vulnerability Management
· ArcSight ESM Security Administrator
and Analyst
· MSPCS – Metasploit Pro Certified
Specialist
· MCESM – McAfee Certified in
Enterprise Security Manager
· ITIL – ITIL Foundation
· Static and Dynamic Malware Analysis
Training
· Forensic training for identify Malwares
trends
in terms of scope (in terms of volume, complexity, locations etc.) along with
n 100 Cyber security project in India in last 1 year. Some of the projects are-
uthority of India PwC PL is assisting UIDAI with Governance, Risk Compliance

ernal and external ecosystem including Forensics and Fraud review. Conducted
penetration testing of IT applications and infrastructure, network and security audit
ct Tax and Customs

ore business applications are managed by multiple vendors. Given the complexity
multi-vendor environment, CBIC required assistance with design and
urity governance, ISMS framework, contract governance, risk assessment
27001 standard, VAPT, WASA, third party security compliance and performance
ng the following governance, risk, and compliance (GRC) services in respect

r security: Control testing, VAPT,WASA, Security and process audits and
am management and evaluation, among others.
9. list of Information Security Audit Tools used ( commercial/ freeware/proprietary):
S. No. Type of Tool
1 Commercial
2 Open Source
3 Proprietary

PricewaterhouseCoopers Pvt. Ltd. (“PwCPL” or “the Company” hereinafter), a distinct andsepar
incorporated under the Companies Act, 1956, engaged in renderingadvisory and consulting se
Indian member company of this global network and provide advisory and consulting serv
PricewaterhouseCoopers Pvt. Ltd. (“PwCPL” or “the Company” hereinafter), a distinct andsepar
incorporated under the Companies Act, 1956, engaged in renderingadvisory and consulting se
Indian member company of this global network and provide advisory and consulting serv
13. Locations of Overseas Headquarters/Offices, if any : NA

*Information as provided by PricewaterhouseCoopers Pvt. Ltd. on 23rd Dec 2019.
Ba
9. list of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Tools
1. Webinspect
2. Nessus Professional Feed
3. Maltego
4. Accunetix
5. Burp Professional Suite
6. HPE Fortify
1. Nmap
2. Metasploit
3. Backtrack
4. Nessus Home Feed
5. Wireshark
1. Phish Pro
2.PwC Windows Script
3. PwC Unix Script
4. PwC SQL/Oracle Script
5. PwC Server Script
10. Outsourcing of Project to External Information Security Auditors / Experts : No (If yes, kindly provide
PricewaterhouseCoopers Pvt. Ltd. (“PwCPL” or “the Company” hereinafter), a distinct andseparate legal entity being
incorporated under the Companies Act, 1956, engaged in renderingadvisory and consulting services. PwCPL is an
Indian member company of this global network and provide advisory and consulting services.
12. Whether organization is a subsidiary of any foreign based organization? : Yes If yes, give details
PricewaterhouseCoopers Pvt. Ltd. (“PwCPL” or “the Company” hereinafter), a distinct andseparate legal entity being
incorporated under the Companies Act, 1956, engaged in renderingadvisory and consulting services. PwCPL is an
Indian member company of this global network and provide advisory and consulting services.
13. Locations of Overseas Headquarters/Offices, if any : NA

*Information as provided by PricewaterhouseCoopers Pvt. Ltd. on 23rd Dec 2019.
Back
/proprietary):
xperts : No (If yes, kindly provide
: Yes
er), a distinct andseparate legal entity being
sory and consulting services. PwCPL is an
ory and consulting services.
on? : Yes If yes, give details
er), a distinct andseparate legal entity being
sory and consulting services. PwCPL is an
ory and consulting services.
: NA
n 23rd Dec 2019.
Back
M/s STQC Directorate
STQC Directorate,
6 CGO Complex and STQC IT Centers at Delhi, Kolkata, Mohali, Pune, Bangalore, Hyderabad, T
2. Carrying out Information Security Audits since : <2003>

 Wireless security audit : No
Govt. : 57
PSU : 36
Private : 27
5. Number of audits in last 12 months , category-wise (Organization can add categories based
them)
Wireless security audit : Nil
Compliance audits (ISO 27001, PCI, etc.) : 12

CISSPs : NIL
BS7799 / ISO27001 LAs : 17
CISAs : NIL
DISAs / ISAs : NIL
CEH : 10
Certified Professional for Secure software engineering : 6
7. Total Nos. of Technical Personnel : 27

8. Details of technical manpower deployed for information security audits in Government and Critic
(attach Annexure if required)
No. <organization Security Information security
>
Center Security,
1 Mr. Sanjeev Kumar 1993 Appl. Security 2
ation :
angalore, Hyderabad, Trivandrum, Chennai.
: <2003>
Yes
Yes
No
Yes
57
36
27
119
add categories based on project handled by
16
90
Nil
12
NIL
17
NIL
NIL
10
6
: 27
Government and Critical sector organizations
Secure software
development, ISMS LA,
Master Trainer
2 Mr. Manoj Saxena 1985 2
3 B.K. Mondal Jan-90 ISMS LA, CEH 13
4 Aloke Sain Nov-91 ISMS LA, CEH 11
5 Subhendu Das Jun-89 ISMS LA, CEH 13
6 Chittaranjan Das Nov-86 ISMS LA, CEH 5
7 Tapas Bandyopadhyay
May-91 ISMS LA, CEH 9
8 Malabika Ghose Jul-89 CEH 9
9 Manikanta Das Mar-84 ISMS LA, CEH 9
CEH, Master Trainer (ISEA

10 Arpita Datta Jun-95 Project) 9
11 Debasis Jana Sep-82 ISMS LA, CEH 13
CPSSE (Certified
Professional for Secure
Software Engineering)
12 Sanjay K. Prusty Dec-95 9
13 Arup Datta Apr-98 CNSM 3
14 Subrata Giri Jan-13 CNSM 1
15 Himadri Roy Feb,1989 ISMS LA 5
16 E.Kamalakar Rao Oct-89 ISMS LA 7
S.P.Tharesh Kumar
17 Mar-00 CNSM 4
18 V P Yadav January, 1984 -- 4
S.Velmourougan 1990 ISMS -LA, STQC- CISP,

19 CEH
ISMS LA, Wireless LAN
Security, Secure Software
TV Subramanyam Feb-87 3
Engineering
20
MV Sep-86 ISMS LA, STQC CISP, 7
21 Padmanabhaiya STQC CIISA
ISMS LA, Master Trainer

(ISEA Project), Secure
Software Engineering,
Sushil Kumar Nehra
22 Jun-93 13
23 Kamini Malik May-86 ISMS LA 13

ISMS LA, ITSM LA,
24 A K Sharma Oct-89 ITIL Process Manager 13
25 Arvind Kumar Sep-86 ISMS LA 13
Rakesh Maheshwari Aug-87 ISMS LA, ITSM LA, 13

ITIL Process Manager,
Master Trainer (ISEA
Project)
26
App Sec Training, Network
Security, CC, ISEB
Dhawal Gupta May-08 5
Intermediate, CNSM
27
value. 28 number of Important Government website hosted at various locations.
10. List of Information Security Audit Tools used ( commercial/ freeware/proprietary) :

Appscan, Nessus, SAINT exploit, Acunetix wvs, Metasploit,Paros, Burp, Webscraber,
SSL Digger, whois, nmap etc
*Information as provided by STQC Directorate as on 07 January 2014
Ba
mplexity, locations etc.) along with project
us locations.
prietary) :
, Burp, Webscraber, Proprietary scripts,
s : No
uary 2014
Back
M/s SUMERU SOFTWARE SOLUTIONS PVT LTD

1st Floor, SAMVIT”,
Near Art of Living International Center, Next to Udayapura Bus Stop,
Behind Sri Anjeneya Temple / Anganawadi School, 21st KM Kanakapura M
Udayapura, Bangalore – 560082

 Secure code review : Yes
 Mobile application security audit : Yes
 Security code training : Yes
 Application security training : Yes
 Hardening training : Yes
 Forensic security audit : Yes

Govt. : 42
PSU : 23
Private : 20
them)

CISSPs : 1
BS7799 / ISO27001 LAs : 17
CISAs : 1
DISAs / ISAs : NIL
Any other information security qualification : 15
Total Nos. of Technical Personnel : 5
ation :
yapura Bus Stop,

21st KM Kanakapura Main Raod,
: 2005
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
42
23
20
85
add categories based on project handled by
28
40
10
7
1
17
1
NIL
15
5
Government and Critical sector organizations

1 VASANTHANAG GB Jan 2016 4 Years – ISMS 2 Years, 7 ISMS LA, CWHH, CCNA, MCP
months – IT
2 Jitendra Kumar Sharma Jan 2014 2+ years CEH
3 Ajan Kancharla Dec 2015 2 Years, 5 months ISMS Lead Implementer CEH
v7
HP ArcSight ESM 6.5
Administration
4 Ravikumara S D July 2014 4 Years, 8 months ISMS LA QMS LA
5 ARUL P Feb 2015 1 Year, 1 month CEH ,EJPT

6 Abhinav Rajput Aug 2015 1 Year, I month(8 months CCNA –(CISCO
in HCL as Network Certified Network associate)
Engineer)
7 Vyankatesh Paskanti Feb 2015 1 year Certified Ethical Hacker
(CEH)
8 Sandeep V Feb 2015 2+ Years EC Council- Certified Ethical
Hacker v8 – Cert No:
ECC25199916210
Udemy- Basics Of Web
Application Penetration
Testing –
UC-DJU4VFMX
eLearnSecurity Junior
Penetration Tester - EJPT-
200191
eLearnSecurity Web
application Penetration
Tester –
EWPT – 200
Offensive Security Certified
Professional
(OSCP)
9 Morsa Jagadeesh Babu July 2014 1 Year, 8 months EC Council- certified Ethical
Hacker v8 (CEHv8) - Cert
No: ECC56126713211,
eLearn security Junior
Penetration Tester (eJPT) -
Cert No: EJPT- 200245,
Udemy Basics of Web
Application Penetration
Testing - Cert No: UC-
WVFHUEM8
10 Sasikumar TM Oct 2014 1 Year, 6 months ISO 27001: 2013 LA,

OCJP(Oracle Certified Java
Programmer)
11 Siva T Oct 2015 3+ Years CEH
12 Sathish T Aug 2016 1 Year CEH
13 Ranjith R Aug 2016 1 Year CEH
14 Shivsankar B Mar 2015 1+ Year ISO 27001:2013 LA
15 Shashank Pramod Dixit July 2008 7 Years, 5 months OSCP, CISSP
16 Krishna Kumar Aug 2008 7 years 8 months GREM, GMOB, GPEN,

Sengoda GWAPT, GWEB, eCPPT,
eWPT
17 Rajesh M Dec 2007 13+ (5 years of ISO 27001:2013 LA
information security
experience)
18 Sandeep Erat Jan 2003 13 +years CISA, ISO 27001:2013 LA
19 V.Rajagopal Jan 2010 7 Years ISO 27001:2013 LA & ISO

9001 2008 LA
value.
Large Global Presence Hotel- 95 hotels, both network and web applications,
Project value : RS 120,00,000.00 (1.2 Crores)

Commercial – Burp Suit Professional, Nessus, Netsparker
Freeware –
Kali Linux Operation system Mallory
Putty, Echomirage HPing2
Dsniff
GFI Languard Samspade Superscan Saint
Sara Firewalk Xprobe2 Toolsets Hunt Brutus Fragroute
Shadow Security Scanner Nmap

*Information as provided by < organization> on <date>
Ba
mplexity, locations etc.) along with project
nd web applications, Across the globe.
prietary):
: No
etc.))
Back
M/s. Sysman Computers Private Limited

Sysman Computers312, Sundram, Rani Laxmi Chowk, Sion Circle,

 Network security audit (Y/N) - YES
 Web-application security audit (Y/N) - YES
 Mobile-application security audit (Y/N) - YES
 Wireless security audit (Y/N) - YES
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) - YES
 Main business application audit - YES
 Cyber Forensics - YES
 IT GRC Consulting - YES
 Techno-legal compliance/consulting - YES
 Audit of Certifying Authorities/e-sign/RA/ASP - YES
 Audit of UIDAI AUA / KUA / ASA / KSA - YES
Govt. : <number of> PSU : <number of> Private : <number of>

(over 80 branches)
Total Nos. of Information Security Audits done organisations
:
:
:
:
(Organization can add categories based on project handled by them)
Network security audit: <number of> :
Web-application security audit: <number of> :
Mobile-application security audit: <number of> :
Wireless security audit: <number of> :
Compliance audits (ISO 27001, PCI, RBI): <number of> :
Cyber Forensics :
IT GRC Consulting/Audit :
Audit of Certifying Authorities/e-sign/RA/ASP :
Audit of UIDAI AUA / KUA / ASA / KSA :
CISSPs : <number of> :
BS7799 / ISO27001 LAs : <number of> :
CISAs : <number of> :
DISAs / ISAs : <number of> :
Any other information security qualification: <number of> :
Total Nos. of Technical Personnel : :
nformation Security Auditing Organisation
am, Rani Laxmi Chowk, Sion Circle, Mumbai 400022 Contact : Dr. Rakesh M Goyal, Managing DirectorPhone – 99672-48000 / 99672-47000Email – ra
: 1991
- YES
- YES
- YES
- YES
- YES
- YES
- YES
- YES
- YES
- YES
- YES
:
of> Private : <number of>
done organisations
04
04
56
64
dled by them)
14
24
06
01
03
14
02
08
12
dits :
01
05
04
01
04
08
No. Sysman Security Information security
1 Dr. Rakesh M Goyal Feb 1985 29 years PhD, CISA, CISM, CCNA,
CFE, CCCI
2 Vaibhav Banjan May 2007 17 years CISA, DISA
3 Anand Tanksali April 2010 13 years CCNA, CCSA
4 Winod P Karve Sep 1999 21 years CISA, ISO27001 LA
5 Mohammad Khalid March 2011 10 years CCNA, ISO27001 LA
6 Pallavi Goyal April 2010 9 years ISO27001 LA, CCNA,CEH
7 Ankur Goyal March 2012 11 years ISO27001 LA

8 Kiran Chugh June 2015 12 years CISA, CISSP, ISO27001 LA
project value.
1. IT Infrastructure with 150 servers, 2500+ nodes, 120 switches, 30 routers sprea
over India alongwith matching DR site.
2. Application audit with 32 modules used by 6000 people
3. e-governance Web-application with 23 modules exposed to world
Mostly used - Nmap. Superscan, Nessus, Metasploit, Kali, SecurityF

Belarc, w3af, GFI, Aircrack, Nikto, Kismet, NetStumbler, WebSecur
Temper data, N-stalker, ZAP, Secure Auditor, Web developer toolb
upon requirement). Finally Manual exploitation.
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No ( If

No. No outsourcing of assignment. But engagement of external kno
Sysman team is done, based on special skills required for the assig
For this, we have (a) Confidentiality and Non Disclosure Agreemen

Security and other Policies and (c) clear cut scope of work, with cl
client.
11. Whether organization has any Foreign Tie-Ups? NO
If yes, give details : NA
12. Whether organization is a subsidiary of any foreign based organization? : NO
If yes, give details : NA
13. Locations of Overseas Headquarters/Offices, if any : We are pure Desi organisation
HQ or office.
*Information as provided by Sysman Computers on 23 December 2019
Ba
hes, 30 routers spread over 50 locations all
world
e/proprietary):
sploit, Kali, SecurityForest, sqlmap, MBSA,

Stumbler, WebSecurify, Burp Suite,
Web developer toolbar. (others depending
n.
Experts : Yes/No ( If yes, kindly provide
ement of external known experts alongwith

equired for the assignment.
Disclosure Agreement; (b) adherence to IT

cope of work, with clear knowledge of
: NA
zation? : NO
: NA
re Desi organisation. There is no overseas
19
Back
M/s SISA Information Security Pvt Ltd
SISA Information Security Pvt Ltd
#3029, SISA House, 13th Main Road, HAL 2nd Stage, Indiranagar, Bangalore

 Network security audit (Y/N) - Yes
 Web-application security audit (Y/N) - Yes
 Wireless security audit - Yes
 Compliance audits (ISO 27001, PCI, etc.) - Yes
 RBI PSS Audits - Yes
 Forensic Investigation - Yes
 Mobile Application security audit - Yes
 Information Security Awareness and Trainings - Yes
 Secure Code review - Yes
 Risk Assessment - Yes
 Incident response - Yes
 API Test - Yes

Govt. : <0
PSU : <1
Private : <4

handled by them)
Network security audit
Web-application security audit Wireless security audit
Compliance audits (ISO 27001, PCI, etc. including Forensic, Code review etc)
6. Technical manpower deployed for informationsecurity audits : CISSPs
BS7799 / ISO27001 Las
CISAs
DISAs / ISAs
Any other information security qualification(OSCP) Total Nos. of Technical Personnel
:
:
:
:
:
:
:
:
L 2nd Stage, Indiranagar, Bangalore - 560 008. India
: <2001>
quired)
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
Months :
: <0>
: <1>
: <450+>
Audits done : 451+
ensic, Code review etc)

rity audits : CISSPs
al Nos. of Technical Personnel
<115+>
<185+>
<15+>
<255+>
<3>
<30+>
<3>
<1>
< 2>
<90+>
S. Name of Duration with Experience in
No. Employee <organization> Information
Security
1 Renju October 2006 13 Years 2

Varghese Jolly months
2 Lohith January 2015 5 Years

Narayana
3 Yogesh Patel 2014 5 years 1 month
4 Vivek Singh 2015 5 years in

Chauhan Information
security arena
5 Anantha Oct 2017 4 years in

Krishna Information
security
arena
project value.
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):Refer to Annexure 1


*Information as provided by <SISA Information Security Pvt Ltd> on <Dec 30, 2019>
Ba
Qualifications related to Information security
CISA, CISSP, GCFA, PCI QSA, PA QSA
NM.B.A IT, MSc ISS and Trained in: CEH, ECSA, Sans
IDS, Sans CF, Sans IHHT, BSI 27001
Master of Technology
(M.Tech.)Info rmation Security & Management,
Bachelor of Engineering
(B.E.)Computer Technology
PCI QSA, GCFA, Core PFI
 B.E. --Computer Science Engineering

 CEH v8
•Certified Professional Hacker – IIS
•Certified Professional Forensics Analyst – IIS
•Digital Forensics Investigator – Asian School of Cyber
Law
Engineering- E&E, Associated CISSP, OSCP, CISCO

-CCNA and CCNP. CEH, CHFI
roject handled in terms of scope (in terms of volume, complexity, locations etc.) along with
ecurity Audit Tools used ( commercial/ freeware/proprietary):Refer to Annexure 1
oject to External Information Security Auditors / Experts : No ( If yes, kindly provide

t (MoU, contract etc.))
ization has any Foreign Tie-Ups? If yes, give details : No
ization is a subsidiary of any foreign based organization? : No
verseas Headquarters/Offices, if any : No

ed by <SISA Information Security Pvt Ltd> on <Dec 30, 2019>
Back
Annexure
Tools :
** Please note that list of tools mentioned below are the major tools used for testing. Additional too
requirement of testing.
S.No Task Tool Name
Web Application Burp Suite

OWASP ZAP
Nikto
SQLMap
Kali OS
Mobile Application Burp Suite
MobSF
Drozer
ApkTools
Mobisec
Thick Client Burp Suite

Echo Mirage
Fiddler
TCP Relay
Sysinternal Tools
(eg.ProcMon)
Wireshark
 Nessus
 Nmap
 AngryIPscannner
Network Scan  Kalilinux
 Metasploit
 Burpsuite
Ba
Annexure 1
ols mentioned below are the major tools used for testing. Additional tools can be used as per
Commercial Tool/ Open Source Tool/ Proprietary

Tool
Commercial
Open Source
Open Source
Open Source
OS containing open source tools
Commercial
Open Source
Open Source
Open Source
Customized OS for mobile application testing containing

open source tools
Commercial
Open Source
Open Source
Open Source
Open Source
Open Source
Back
M/s Torrid Networks Pvt. Ltd
Torrid Networks Pvt. Ltd. , C-171, 2nd Floor, Sector 63, Noida, NCR
 Network security audit Yes
 Web-application security audit Yes
 Mobile application security audit Yes
 Wireless security audit Yes
 Compliance audits (ISO 27001, PCI, DOT Audit, etc.) Yes
 DoT Audit Yes

Govt. : More th
PSU : Around
Private : More th
Total Nos. of Information Security Audits done : Around 2
them)
Mobile Application security Audit : 20+
DoT Audits : 2
BS7799 / ISO27001 LAs : 4
CISAs : 2
CEH : 10
Critical sector organizations (attach Annexure if required)
S. No. Name of Duration with Experience in Qualifications related to
Employee Torrid Networks Information Security Information security
1 D.S October 2006 13 CISA, CEH, ISO

ce of CERT-In empanelled Information Security
uditing Organization:
r 63, Noida, NCR
2006
Yes
Yes
Yes
Yes
dit, etc.) Yes
Yes
: More than 75
: Around 5
: More than 100
done : Around 200
nization can add categories based on project handled by
25+
100+
20+
7+
5+
2
its :
4
2
10
35
curity audits in Government and
27001 LA, ECSA, LPT
2 S.K February 2011 6 ISO 27001
3 S.P July 2014 3 CEH

4 N.S February 2015 2 Diploma in Cyber Security
5 P.A March 2016 2.5 PG Diploma in IT

Infrastructure, Systems &
Security
6 P.Y March 2016 1.5 CEH, CPFA, CPH, CISC
etc.) along with project value.
No. of Computer Systems : 10000
No. of Servers : 500
No. of Switches : 250
No. of Routers : 25
No. of Firewalls : 18
No. of IDS' : 10
Metasploit, Burp Suite SQLMAP, Dnsenum, Knockpy, whatweb, Nikto, Subbrute, Re
Fiddler, Tamper data, Live http header, Appscan, Accunetix, Wapplyzer, Dirbuster, wfuzz
Nessus, Hydra, fping, Wireshark, Tcpdump, testssl, sslscan, rpcclient, Ethercap, enum4
netcat, Nipper-ng, Microsoft Baseline Security Analyzer, Intrust, Intrufi
10. Outsourcing of Project to External Information Security Auditors / Experts : No (If yes, kin
arrangement (MoU, contract etc.))
* Information as provided by Torrid Networks Pvt. Ltd. on 25th November, 2016
Ba
s of volume, complexity, locations
/ freeware/proprietary):
whatweb, Nikto, Subbrute, Recon-ng, Owasp zap,
tix, Wapplyzer, Dirbuster, wfuzz, Weevely, Nmap,
an, rpcclient, Ethercap, enum4linux, snmpwalk,
er, Intrust, Intrufi
ditors / Experts : No (If yes, kindly provide oversight
n 25th November, 2016

Back
M/s ValueMentor Consulting
ValueMentor Consulting LLP, Koratty Infopark, Thrissur, Kerala – 680 308

 Mobile Application Audit : Yes
 Thick/Thin client Audit : Yes

Govt. : 12
PSU : 6
Private : 22

handled by them)
Compliance audits (ISO 27001, IS Audit, Swift etc.) : 1
Mobile Application Audit : 8
Thick/Thin Client Audit : 0
CISSPs : 3
BS7799 / ISO27001 LAs : 2
CISAs : 5
DISAs / ISAs : 0
7. Details of technical manpower deployed for information security audits in Government and C
No. <ValueMentor> Information Security Information
security
1 Binoy Koonammavu 7 Years 10+ Years PCI QSA, CISSP, CISA,

CISM, CRISC, SBCI, CCSK
Organization :
– 680 308
<2013>
: 12
: 6
: 22
: 41
its in Government and Critical sector

2 Jobbin Thomas 7 Years 10+ Years CISSP, CISA, ISO 27001:
2013 LA
3 Balakrishnan Alingal 5.4 Years 15+ Years CISSP, CISA, CISM
4 Angela Maria Paulson 7 Years 12+ Years PCI QSA, CISA, CISM, ISO
27001:2013 LA
5 David Joseph 2.5 Years 8+ Years CEH, CISA, ISO
27001:2013 LI, PCI QSA
6 Ronald Mathew 4.5 Years 4+ Years ISO 27001:2013 LI, CEH
7 Pooja A R 2.3 Years 3+ Years ISO 27001:2013 LI

8 Nithin V S 2.4 Years 9+ Years CEH, CCNA
9 Nisa Johnson 1.3 Years 2+ Years ECSA
10 Sailas Jose 1.5 Years 2+ Years CEH, ECSA
11 Nikhil Tony 0.5 Years 0.5 Years CEH
12 Mohammed Faris 0.5 Years 1+ Years CEH
project value.
Website/Web Application –
Client Name: Kran Consulting LLP
Scope Details:
Name of Application - MACRO FISCAL PROJECTION Total Number of
Number of Dynamic Pages – 480 Number of Static Pages – 120 Num
Number of Input Forms – 650
Number of roles – Normal user- 3, Power User- 2, Admin user - 1 Nu
2500
Number of API's used – Email Gateway
Project Value: 1,50,000.00

Network security audit Web-application security audit
Nessus Professional Accunetix Vulnerability Scanner Burp
PCI Clone System ASV Scanner Kali Linux tools Professional Scanner
Metasploit Framework OpenVAS Zed Attack Proxy (ZAP) Kali Linux tools
Nmap Script Hping2 Script Ike - scan WireShark Nikto
In-house scripts WP-Scanner Dirbuster SQLMap
In-house scripts Browser Addons
CTION Total Number of Pages - 600

Static Pages – 120 Number of login modules - 1
er- 2, Admin user - 1 Number of Input Fields -
re/proprietary):
Wireless security audit Mobile Application Audit
Fern Wifi Aircrack AirSnort Cain & Abel MobSF
Kali Linux tools Burp Professional Android Debug
Bridge Drozer
Exposed Fremework Cydia
SSLUnpinning APKTool QARK
Frida
Kali Linux tools
Thick/Thin client Audit
Burp Professional Echo Mirage
Wireshark WinHex
Proccess Monitor CFF Explorer IDA
Debugger
Kali Linux tools

provide oversight arrangement (MoU, contract etc.))
12. Whether organization is a subsidiary of any foreign based organization? : Yes/
No If yes, give details
*Information as provided by <ValueMentor Consulting LLP> on <23-12-2019>
Ba
/ Experts : Yes/No ( If yes, kindly
tails : Yes/No
tion? : Yes/
: Yes/No
n <23-12-2019>
BacK
M/s Wipro Limited
Wipro Limited, Doddakannelli,
Sarjapur Road, Bangalore - 560 035, Karnataka, India

Govt. : 20
PSU : 25
Private : 20
them)
Web-application security audit : 150 +
CISSPs : 76
BS7799 / ISO27001 LAs : 131
CISAs : 75
DISAs / ISAs : NA
out of 7500 Cyber Security Professionals

1 Ramesh Shetty 10 13 CEH, CISSP
2 Vishal Dhamke 2 7 CEH, ECSA-LPT
3 Akash Jain 1 12 CEH
4 Veerender Dev Cherala 2 9 CEH, ISO 27001 lead
auditor
5 Jagadish Nayak 2 13 CEH
rganization :
a, India
2005
: Yes
: Yes
: Yes
: Yes
: 20+
: 25+
: 200+
: 250+
0
0+
0+
0
+

6 Debadatta Patti 2.5 11 CEH, GIAC-WAPT
7 Satheesh Angamuthu 2 13 CEH
8 Runa Dwibedi 3 12 CEH

9 Suresh Nag 2 11 CEH
etc.) along with project value
Sl. No. Project Location
1 DIAL Delhi
2 NPCI Hyderabad
3 SBI Mumbai
4 NIC Delhi

Sl. Tool Name Type Purpose
No
1 IBM Appscan Commercial Web Application and Web Service testing
2 HP Web Inspect Commercial Web Application and Web Service testing
3 Accunetix Commercial Web Application and Web Service testing
4 Burp Pro Commercial Web Application testing

5 Zap proxy Free Web Application testing
6 Paros Proxy Free Web Application testing
7 Nikto Open Source Web Application testing
8 w3af Free Web Application testing
9 Kali Supported Web Free Web Application testing
Application Tools
10 HP Fortify Commercial Application Source Code Review
10 Checkmarx Commercial Application Source Code review
11 IBM Appscan source Commercial Application Source Code review
12 OWASP Orion, LAPSE, O2 Open Source Application Source Code review
13 OWASP SWAAT Open Source Application Source Code review

14 Eco Mirage Free Thick Client Testing
15 Fiddler Proxy Free Intercepting Tool Web and Thick cli Apps
16 Firefox Plugins/ Extensions Free Web Application Testing
17 Rapid7 Nexpose Commercial Vulnerability Scanner

18 Qualysguard Commercial Vulnerability Scanner
19 Metasploit Commercial Exploitation Tool
20 Core Impact Commercial Exploitation Tool
21 Canvas Commercial Exploitation Tool
22 Social Engineering Toolkit Free Social Engineering Tool
me, complexity, locations
e/proprietary):
23 Tenable Nessus Commercial Vulnerability Scanner
24 GFI Lanuard Commercial Vulnerability Scanner
25 Retina Commercial Vulnerability Scanner
26 OpenVas Open source Vulnerability Scanner
27 Angry IP Scanner Free Port/service scanner
28 Nmap Free Port/service scanner
29 Aircrack Free Wireless Pen testing tool
30 Kismet Free Wireless Pen testing tool
31 All Kali supported tools Open source All in Tools
32 SQL Map Open source SQL Injection exploitation tool

oversight arrangement (MoU, Contract etc))
11. Outsourcing of Project to External Information Security Auditors / Experts : N

*Information as provided by Wipro Ltd. on 20th March 2018
* Information as provided by Wipro on 24-05-2013
Ba
M/s Centre for Development of Advance Computing (C-DAC)
Centre for Development of Advanced Computing (C-DAC)
(A Scientific Society of Department of Electronics and Information Technology, Government of
Plot No. 6 & 7, Hardware Park, Sy No. 1/1, Srisailam Highway,
Pahadi Shareef Via Keshavagiri (Post) Hyderabad - 500005
Contact Person: Mr Ch.A.S.Murty Email: cswan [at]cdac[dot]in
Contact Number:- 040-23737124, 9248920122
Fax:- 040-23738131

 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : ISO 27001, Cloud
(KSA/KUA/ASA/AUA), e-Sign ASP,OWASP etc.,

Govt. 2 – completed , 1 – ISMS in progress
PSU : -
Private : -
them)
Network security audit : 8 number of audits to government organizatio
security audit : 78 number of web audits to government and private organiza
Mobile applications - 5 mobile apps certified ( 10 audits in progress)
: 3 number of organizations had wireless in network audit scope
Compliance audits (ISO 27001, PCI, etc.): All 78 web audits are compliance aud
 56 - OWAS
 20 - CCA Co
Audits
 2 - AADHAR
 1 - ISO 270
CISSPs : 2
BS7799 / ISO27001 LAs : 1
CISAs : Nil
DISAs / ISAs : Nil
rs / Experts : No (If yes, kindly provide
ditors / Experts : No (If yes, kindly provide
details : No
rganization? : No If yes, give details
: No
Back
of CERT-In empanelled Information Security
ing Organization :
Technology, Government of India)
: 2011
: Yes
: Yes
: Yes
: ISO 27001, Cloud, PCI, AADHAR UIDAI
rogress
-
-
3
tion can add categories based on project handled by

o government organizations Web-application
ment and private organizations
ed ( 10 audits in progress) Wireless security audit
network audit scope
audits are compliance audits as follows:
 56 - OWASP
 20 - CCA Compliance ASP e-Sign
Audits
 2 - AADHAR UIDAI compliance
 1 - ISO 27001 - in progress
:
2
1
Nil
Nil
 SANS Certified – 16
 Cert-CC – 3
 CEH – 17
 ECSA – 4
Total Nos. of Technical – 36
7. Details ofPersonnel
technical manpower deployed for information security audits in Government and Critical sect
project value. : 16 major projects handled which include government network infrastructure au
websites".
Freeware Commercial Inhouse
1. Nmap 17. Httprint 1. Acunetix - WebSAFE

2. Nikto 18. Curl 2. Burpsuite
3. Netcat 19. Tcpdump Professional
4. W3af 20. Fimap 3. Nessus
5. Wapiti 21. SwfScan 4. Netsparker
6. Sqlmap 22. Hydra 5. Nexpose
7. Zapproxy 23. John the Ripper 6. IBM AppScan
8. Skipfish 24. Ssltest
9. Wget 25. Sslstrip
10. Cmsexplorer 26. Cain and Abel
11. Joomscan 27. Brutus
12. Backtrack , Kali 28. Airmon -ng
13. Openssl 29. Hping
14. Dirbuster 30. Scapy
15. Wireshark 31. Loki
16. Parosproxy 32. wsfuzzer
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No ( If ye

*Information as provided by C-DAC on 24.11.2016
Ba
dits in Government and Critical sector organizations (attach Annexure if required) Refer Annexure – A
of volume, complexity, locations etc.) along with

nment network infrastructure audits and various
freeware/proprietary):
ditors / Experts : Yes/No ( If yes, kindly provide
Back
Annexure –
7. List of technical manpower deployed for information security audits in Government and
organizations
S. Name of Duration with C- Experience in
No. Employee DAC since Information
Security
1 Murthy.Ch.A.S May, 1999 11+
2 Eswari PRL Feb 2000 11+
3 Indraveni.K July 2005 10+
4 Himanshu.P Sept 2006 07+

5 Ravi Kishore Mar-2008 7
Koppuravuri
6 Tatikayala Sai Feb 2007 8.6

Gopal
7 C Sireesha Feb-2007 8
8 Jyostna G Mar 2006 9
9 Mahesh Patil Aug-04 8
10 Sandeep Romana Sep-2007 8
11 Naushed Tyeb Oct 2008 05+
12 Nandeeshwar B Oct 2008 05+
13 Titto Thomas Sept 2015 0.6
14 Mallesh May, 1999 2

15 Atiya Fatima Feb 2000 1.5
16 Vamsi Krishna Mar-2008 1.5

17 Raghuvaran Feb 2007 1.5
18 I L N Rao Feb-2015 1.5
19 Rahul Kumar Aug 2011 5
20 Sandeep Chaparla Jan 2014 3
Ba
Annexure – A
er deployed for information security audits in Government and Critical sector
Qualifications related to Information security
 ISMS LA
 SANS - GAWN
 SANS - GXPN
 CERT-CC Certified Incident Handling, Forensics
Analysis and Network Security in CMU, USA
 CERT-CC Certified Incident Handling,

Forensics Analysis and Network Security in CMU,
USA
 GREM
 SANS GWAPT
 SANS Advanced Web Application
Penetration Testing and ethical hacking
 SANS GREM
 GIAC Web Application Penetration Tester (GWAPT)
from SANS
 GIAC Security Essentials (GSEC)
 GIAC Certified Web Application Defender (GWEB)
 GMOB
 GREM, ECSA, CEH7
 CISSP
 CCNA
 ECSA
 CEH , EC-Council
 ECSA
 CEH , EC-Council
 ECSA
 EC Council Security Analyst
 CEH, EC-Council
Back
Snapshot of skills and competence of CERT-In empanelled Information Security Auditing OrganisationM/s Xiarc

Xiarch Solutions Pvt. Ltd
352, 2nd floor, Tarun, Opp Kali Mata Mandir, Outer Ring Road, Pitampura, N
Ph: 011 -4551 0033, 9810874431
Fax 011 -6617 3033

 Cyber Forensics investigations : Yes
Govt. : 2+
PSU : 1+
Private : 7+
handled by them)
Cyber forensics Investigations : 4+
PCI Consulting : 1+
CISSPs : 2
BS7799 / ISO27001 Las : 1
CISAs : 1
DISAs / ISAs : 0
7. Updated details of technical manpower deployed for information security audits in Governm
S. No. Name of Employee Duration with Experience in Qualifications related to
Xiarch Solutions Information Information security
Pvt. Ltd Security
1 Utsav Mittal 6 years 9+ years CISSP, CEH, MS Infosec Purdue

Univ, USA
Auditing OrganisationM/s Xiarch Solutions Pvt Ltd
ing Organization :
uter Ring Road, Pitampura, New Delhi 110034
: 2008
Yes
Yes
Yes
Yes
Yes
2+
1+
7+
20+
ation can add categories based on project
5+
7+
1+
2+
4+
1+
:
2
1
1
0
2
7+
on security audits in Government and Critical sector
2 Ashish Chandra 1 Years 1+ year CISE, BSC (IT) , GNIIT,
MCA (pursuing)
3 Vidushi 1.5 years 1.5+ years BTech, CISE
4 Kritika 2 years 1+ years Btech, CISE
5 Alekh Mittal 2 years 2+ years Btech, CISE
project value.
 Vulnerability Management for the Largest KPO firm in the world, scope included V
servers, 5000 desktops and over 200 network devices, 10+ web application. Location
Australia, India and UK
 Managing complete IS and compliance service for one of the first and largest NBFC in
PCI audit, CMMI, ISO 27001, Vulnerability assessment, web app security, network and w
management, SIEM and DLP implementation
 Nmap , Superscan
 Backtrack kali linux Live CD,
 Encase, FTK, Pro discover etc.
 Custom Scripts and tools.
 Metasploit Framework, Netcat , BeEf
 Wireshark – Packet Analyser
 Cisco Netwitness.
 Tenable Nessus
 Rapid7 Nexpose community edition
 Burpsuite
 SQL Map
 Tamper Data
 Directory Buster
 Nikto
 Ettercap
 Paros Proxy
 Webscarab
 Brutus

12. Whether organization is a subsidiary of any foreign based organization?
*Information as provided by Xiarch Solutions Pvt. Ltd on 23/6/2014
Ba
M/s RSM Astute Consulting Pvt. Ltd.
1. Name & location of the empanelled Information Security Auditing Organization: RSM Astut

 Network security audit (Y/N)
 Web-application security audit (Y/N)
 Wireless security audit (Y/N)
 Compliance audits (ISO 27001, PCI, SOX, etc.) (Y/N)
 IT General Controls
 IT Policy Compilation
 Vulnerability assessment & Penetration test
 IT infrastructure audit
 Review of Applications Implementation
 (Both Pre & Post Implementation)
 End Point Security Review
 Application Security Review
 Secure Code Review

Govt.
PSU
Private

 Network security audit
 Web-application security audit
 Mobile Application Security Audit
 Wireless security audit
 Compliance audits (ISO 27001, PCI, etc.)
 IT General Controls
 Vulnerability Assessment & Penetration Testing
 IT Infrastructure Audit
 Review of Applications Implementation
(Both Pre & Post Implementation) :

CISSPs
BS7799 / ISO27001 LA
CISAs
DISAs / ISAs
CEH
volume, complexity, locations etc.) along with
the world, scope included VA, PT of over 500

0+ web application. Location encompassed US,
the first and largest NBFC in india, work included

app security, network and wifi security, log
eware/proprietary):
rs / Experts : No ( If yes, kindly provide
tails : No
anization?
: No
: No
/6/2014
Back
ing Organization: RSM Astute Consulting Pvt. Ltd.
: 2011
: Yes
/N) : Yes
: Yes
CI, SOX, etc.) (Y/N) : Yes
: Yes
: Yes
ration test : Yes
: Yes
tation
) : Yes
: Yes
: Yes
: Yes
: 1
: 2
: 29
ity Audits done : 32
: 10
: 15
: 3
: 3
CI, etc.) : 5
: 13
ration Testing : 12
: 2
tation
: 6
:
: 1
: 18
: 6
: 8
: 5
CCNA
Total Nos. of Technical Personnel
S. Designation Duration with Experience in Qualifications related to
No. RSM Astute Information Information security
Consulting Security
1 Director > 3 years 17 years Master – IT, CISA, CISP, CISSP,

CIISA, SAP-Net Weaver Security
Certification, IS0 22301 Lead
Implementor, ISO 27001 LA,
ECSA
Principal Consultant ISO 27001 LA, Master of Finance and
Control, SAP FI, Celonis Viewer, Analyst
2 < 1 year 15 years
and Data Scientist
3 Sr. Manager >5 11 years CA, CISA, ISO 27001 LA

yea
rs
4 Sr. Manager < 3 years 23 years B.E, CISA
5 Sr. Manager < 4 years 12 years PGDBM, ISO 27001 LA
6 Manager <1 year 6 years B.E., CEH, ISO 27001 LA
7 Manager < 1 year 5 years BE, CISA, ISO 27001 LA
8 Manager < 2 years 4 years BCA, CEH, OSCP, ISO 27001 LA
9 Asst. Manager <4 years < 4 years CA, CISA
10 Asst. Manager <1 year < 2 years CA, CISA
11 Sr. Officer < 3 years < 3 years CEH, ME (IT), BE (CS), RHCSA-
Linux RHEL 7
etc.) along with project value.
Clients Details
World’s leading ITES Company Information Security and Cyber Security Services for
their 3 delivery centers in Mumbai, Pune and UK. The
Project value was Rs. 2.63 Crores
India’s leading Scheduled Bank Review of application security, API security and mobile
application security assessment for one of the largest
Scheduled Banks. The assessment coverage was for
150 applications of the Bank: The scope involved:
 Application Security Assessment
 VAPT
 Mobile Application Security Assessment
 API Security Assessment
: 2
: 31
me, complexity, locations

 Nessus Professional Burp Suite
 Acunetix
 Nmap
 Wireshark Backtrack
 Metasploit OpenSSL Winaudit NetCat
 Nipper
 Appscan
 SQLmap
 OWASPZAP
 Checkmarx Static Code Analyzer.
(RSM Astute Consulting Private Limited is a member firm of RSM International located in
London, EC4N 6JJ – United Kingdom)
*Information as provided by RSM Astute Consulting Pvt. Ltd on 23th December 2019
Ba
The Project value was Rs.35,04,600/-
mation Security Audit Tools used ( commercial/ freeware/proprietary):
essional Burp Suite
acktrack
penSSL Winaudit NetCat
Static Code Analyzer.

of Project to External Information Security Auditors / Experts : No (If yes, kindly provide
gement (MoU, contract etc.))
organization has any Foreign Tie-Ups? If yes, give details : Yes

ute Consulting Private Limited is a member firm of RSM International located in 50 Cannon Street,
C4N 6JJ – United Kingdom)
organization is a subsidiary of any foreign based organization? : No
s of Overseas Headquarters/Offices, if any : N/A
s provided by RSM Astute Consulting Pvt. Ltd on 23th December 2019
Back
M/s Qadit Systems & Solutions Pvt Ltd
1. Name & location of the empanelled Information Security Auditing Organization : Qadit Sys
Ltd, Chennai

Govt. : 63
PSU : 0
Private : 11
them)
Network security audit: : 10
Web-application security audit: : 64
Compliance audits (ISO 27001, PCI, etc.): : 27
CISSPs : 1
BS7799 / ISO27001 LAs : 6
CISAs : 9
DISAs / ISAs : 4
S. Name of Employee Duration Experience in Information Qualifications related
No. with Qadit Security
Systems
1 V. Vijayakumar 18 years 18 years CISA, ISMS LA, ISA, CEH
2 Mahesh Balan 18 years 18 years CISA, ISMS LA, ISA, CEH
3 N. Swameshwar 15 years 15 years CISSP, ISA, CEH
Organization : Qadit Systems & Solutions Pvt
: 2002
Yes
Yes
Yes
Yes
: 63
: 0
: 116
: 179
can add categories based on project handled by
dits in Government and

4 Sanjay Kadel 15 years 15 years CISA, ISA
5 R. Narayanan 15 years 15 years CISA, CIA
6 R. Ramesh 15 years 15 years CISA, CISM, LA, CPISI
Guru
7 Santhanam 10 years 10 years CISA
8 Indira Rao < 1 year 2 years CISA, CRISC, LA, CPEGP, CPISI
9 Rajendra Kumar < 1 year 3 years CISA, LA, CPISI
10 Aishwarya K 3 years 3 years ECSA
11 Suman Raj 2 years 3 years ECSA
project value.
Client : A project for Government of Tamilnadu
Scope: Information System Security Audit, Developing Security Policy & Procedures, Applicatio
Coverage: all municipalities across Tamilnadu Project Value: Rs. 27 lakhs
Proprietary
 NsVulnAssessor
 Ora DBSecAssessor
 MSSQL DBSecAssessor
 Router Config security assessor scripts
Commercial
 Tenable Nessus Professional Edition
 Titania Nipper Network Device Configuration Review Tool
 Acunetix Web Application Vulnerability Assessment Tool
 Codified Security Mobile Security Assessment Tool
Achilles Hydra Owasp Mantra

Aircrack-Ng IronWASP Paros Proxy
BackTrack/ KaliLinux John the Ripper Pwdump
Brutus Lynis Snort

Cain and Able Maltego w3af
DOMTools Metasploit Webinspect
Community
Edition
Dsniff MobSF WebScarab
Firewalk NetCat Whisker
Hping Netstumbler Wikto
HTTPrint Nikto Wireshark
HTTrack Nmap

13. Locations of Overseas Headquarters/Offices, if any : Nil

*Information as provided by Qadit Systems & Solutions Pvt Ltd on 23rd December 2019
Ba
M/s Varutra Consulting Private Limited
Varutra Consulting Private Limited
Corporate Office:
A-302 & A-303, Oxy Primo,Gate No. 599, Bakori Phata, Pune-Nagar Highw
Wagholi, Pune-412207, MH, India.
2. Carrying out Information Security Audits since 2

3. Date of empanelment by CERT-In:
Network security audit (Y/N) - Yes
Web-application security audit (Y/N) - Yes
Wireless security audit (Y/N) - Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) - Yes

Govt. : <3>
PSU : <>
Private : <22>
6. Number of audits in last 12 months, category-wise (Organization can add categories based
them)
Source Code Review :
Managed Security Services :
Cloud Security Assessment :
Mobile Application Security (iOS, Android, Windows) :
Software Product Security Testing :

CISSPs : <1> - Appeared
BS7799 / ISO27001 LAs : <2>
CISAs : <number of>
Any other information security qualification: <7 – Certified Ethical Hackers from EC Council, 1C
from EC-Council>
Total Nos. of Technical Personnel 11
& Procedures, Application Software Audit

khs
re/proprietary):
Experts : No ( If yes, kindly provide
: No
tion? : No If yes, give details
: Nil
rd December 2019
Back
Organization:
hata, Pune-Nagar Highway,Opp. Jain College,
2012
- Yes
- Yes
- Yes
- Yes
: <3>
: <>
: <22>
: 25
: <10>
: <6>
: <2>
: <3>
: <5>
: <1>
: <4>
s) : <5>
: <1>
- Appeared
kers from EC Council, 1CHFI, 1 CISP, 1 ECSA

S. Name of Duration with Experience in Qualifications related to
No. Employee <Varutra> Information Security Information security
Mr. Kishor 2 years 8 Masters in Computer Science,

Sonawane months Certified Ethical Hacker, ISO
1 10+ years
27001 – Lead
Auditor
Bachelor in Computer Science,
CEH, CHFI,CCSA,
2 Mr. Omkar Joshi 2 months 2 years
CISP and ISO 27001 Lead
Auditor
3 Mr. Jeevan 1 year 10 2 years BE (Computer Science), CSLLP-
Dahake month Appeared
1 year 10 BE (Computer Science),Certified
4 Mr. Snehal Raut month 1 year 10 months Ethical Hacker
1 year 6 BE (Computer
5 Mr. Sachin Wagh months 2 years Science),Certified Ethical Hacker
Mr. Chetan BE (Computer Science),Certified

6 Gulhane 2 years 2 years Ethical Hacker
project value.
Network and Applications (Mobile + Web) Security Assessment consisting of more tha
network level vulnerability assessment and penetration testing, 20 web and mobile ap
(Ministry of Communications and Information Technology,
Kingdom of Saudi Arabia).
Complexity: High. This was the complex project as the assessment included security test
various types and platforms of servers such as Windows, Linux, Unix, MSSQL Databases,
Oracle Databases, DB2 Databases, VOIP, Network Sniffing, Wireless Network Pentest, VL
, Application Security Testing for Web Applications and Mobile Application of Android, iOS
platforms, Web Services ,
Social Engineering etc.
At present conducting source code review, threat modeling, SDLC review for 10 web and
the same client.
10. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Commer
Vulnerability Assessment & Penetration Testing – Rapid 7 Nexp

QualysGuard, GFI Languard, etc.
Application Security Assessment – IBM Appscan, HP WebInspect, Burpsuit
NTOSpider, etc.
Freeware Tools
Vulnerability Assessment & Penetration Testing – Nessus, Nmap, Op
KaliLinux, BackTrack, AirCrack, Helix (Forensics) etc.
Application Security Assessment – W3af, Nikto, BurpSuite, FireBug,
Stalker, WebScarab, Powerfuzzer, etc.
Proprietary Tools
MVD - Mobile Vulnerability Database, provides mobile operating
vulnerabilities for Android, iOS, Blackberry and Windows platforms.
MASTS - Mobile Application Security Testing Suite: Security Testing Suite
applications.
11. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No (If yes,
Yes, NDA (Non Disclosure Agreement getting signed between the two parties before outs
external experts.
13. Whether organization is a subsidiary of any foreign-based organization?
*Information as provided by Varutra Consulting Private Limited on on 3rd Nov 2015
Ba
M/s Varutra Consulting Private Limited
Varutra Consulting Private Limited
Corporate Office:
A-302 & A-303, Oxy Primo,Gate No. 599, Bakori Phata, Pune-Nagar Highw
Wagholi, Pune-412207, MH, India.
2. Carrying out Information Security Audits since 2

3. Date of empanelment by CERT-In:
Network security audit (Y/N) - Yes
Web-application security audit (Y/N) - Yes
Wireless security audit (Y/N) - Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) - Yes

Govt. : <3>
PSU : <>
Private : <22>
them)
Managed Security Services :
Cloud Security Assessment :
Mobile Application Security (iOS, Android, Windows) :
Software Product Security Testing :

CISSPs : <1> - Appeared
BS7799 / ISO27001 LAs : <2>
CISAs : <number of>
Any other information security qualification: <7 – Certified Ethical Hackers from EC Council, 1C
from EC-Council>
Total Nos. of Technical Personnel 11
udits in Government and
t consisting of more than 1,200 IP addresses for

g, 20 web and mobile applications for MCIT
nt included security testing and hacking of

Unix, MSSQL Databases, MySQL Databases,
ess Network Pentest, VLAN Hopping and Hacking
plication of Android, iOS and Windows
C review for 10 web and mobile applications for
e/proprietary): Commercial Tools
ng – Rapid 7 Nexpose, Nessus,
HP WebInspect, Burpsuite, Acunetix WVS,
– Nessus, Nmap, OpenVAS, MBSA, Nipper,

tc.
, BurpSuite, FireBug, SQLMap, N-
des mobile operating system level

ndows platforms.
: Security Testing Suite for android mobile
Experts: Yes/No (If yes, kindly provide oversight
e two parties before outsourcing any project to
: No
tion?
: No
: No
on 3rd Nov 2015
BacK
Organization:
hata, Pune-Nagar Highway,Opp. Jain College,
2012
- Yes
- Yes
- Yes
- Yes
: <3>
: <>
: <22>
: 25
: <10>
: <6>
: <2>
: <3>
: <5>
: <1>
: <4>
s) : <5>
: <1>
- Appeared
kers from EC Council, 1CHFI, 1 CISP, 1 ECSA

No. Employee <Varutra> Information Security Information security
Mr. Kishor 2 years 8 Masters in Computer Science,

Sonawane months Certified Ethical Hacker, ISO
1 10+ years
27001 – Lead
Auditor
Bachelor in Computer Science,
CEH, CHFI,CCSA,
2 Mr. Omkar Joshi 2 months 2 years
CISP and ISO 27001 Lead
Auditor
3 Mr. Jeevan 1 year 10 2 years BE (Computer Science), CSLLP-
Dahake month Appeared
1 year 10 BE (Computer Science),Certified
4 Mr. Snehal Raut month 1 year 10 months Ethical Hacker
1 year 6 BE (Computer
5 Mr. Sachin Wagh months 2 years Science),Certified Ethical Hacker
Mr. Chetan BE (Computer Science),Certified

6 Gulhane 2 years 2 years Ethical Hacker
project value.
Network and Applications (Mobile + Web) Security Assessment consisting of more tha
network level vulnerability assessment and penetration testing, 20 web and mobile ap
(Ministry of Communications and Information Technology,
Kingdom of Saudi Arabia).
Complexity: High. This was the complex project as the assessment included security test
various types and platforms of servers such as Windows, Linux, Unix, MSSQL Databases,
Oracle Databases, DB2 Databases, VOIP, Network Sniffing, Wireless Network Pentest, VL
, Application Security Testing for Web Applications and Mobile Application of Android, iOS
platforms, Web Services ,
Social Engineering etc.
At present conducting source code review, threat modeling, SDLC review for 10 web a
for the same client.
Vulnerability Assessment & Penetration Testing – Rapid 7 Nexp

QualysGuard, GFI Languard, etc.
Application Security Assessment – IBM Appscan, HP WebInspect, Burpsuit
NTOSpider, etc.
Freeware Tools
Vulnerability Assessment & Penetration Testing – Nessus, Nmap, Op
KaliLinux, BackTrack, AirCrack, Helix (Forensics) etc.
Application Security Assessment – W3af, Nikto, BurpSuite, FireBug,
Stalker, WebScarab, Powerfuzzer, etc.
Proprietary Tools
MVD - Mobile Vulnerability Database, provides mobile operating
vulnerabilities for Android, iOS, Blackberry and Windows platforms.
MASTS - Mobile Application Security Testing Suite: Security Testing Suite
applications.
Yes, NDA (Non Disclosure Agreement getting signed between the two parties before o
external experts.
13. Whether organization is a subsidiary of any foreign-based organization?
*Information as provided by Varutra Consulting Private Limited on on 3rd Nov 2015
Ba
M/s Cyber Security Works Pvt. Ltd.
Registered Office:
Cyber Security Works Pvt. Ltd
No.3, III – Floor, E- Block, 599, Anna Salai Chennai –
Corporate Office:
Cyber Security Works Pvt. Ltd
No.6, 3rdFloor, A- Block, IITM Research Park Taraman
Chennai – 600 113

 Network Vulnerability Assessment / Audit Yes
 Web-application security Assessment / Audit (Y/N) Yes
 Wireless security audit (Y/N) Yes
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) Yes
 SDLC Review and Code Security Review Yes
 Application Penetration Testing Yes
 Network Penetration Testing Yes
 Information Security policy review, development and assessment Yes
 Mobile Application Security Assessment and Penetration Testing Yes
 Data Mining for Vulnerable Patterns from Complex and Large-Scale Networks Yes
 Ransomware Assessments Yes
 Red Team Assessments Yes
 IoT Security Assessments Yes
 SCADA and Critical Infrastructure Assessments Yes
 Social Engineering Assessments Yes
 Cloud and Virtual Security Assessment Yes
 Electronic Discovery and Digital Forensics Yes
 Malware Synthesis and Analytics Yes
 Incident Response Yes
 AUA/KUA Compliance audit Yes
 e-Sign Compliance audit Yes
Govt. :
PSU :
Private :

handled by them)
udits in Government and
t consisting of more than 1,200 IP addresses for

g, 20 web and mobile applications for MCIT
nt included security testing and hacking of

Unix, MSSQL Databases, MySQL Databases,
ess Network Pentest, VLAN Hopping and Hacking
plication of Android, iOS and Windows
DLC review for 10 web and mobile applications
e/proprietary): Commercial Tools
ng – Rapid 7 Nexpose, Nessus,
HP WebInspect, Burpsuite, Acunetix WVS,
– Nessus, Nmap, OpenVAS, MBSA, Nipper,

tc.
, BurpSuite, FireBug, SQLMap, N-
des mobile operating system level

ndows platforms.
: Security Testing Suite for android mobile
Experts: Yes/No (If yes, kindly provide oversight
the two parties before outsourcing any project to
: No
tion?
: No
: No
on 3rd Nov 2015
BacK
Organization:
Anna Salai Chennai – 600 006.
search Park Taramani
: 2008
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
e Networks Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
: 26
: 1
: 21
: 292
: 27
: 239
Mobile-application security audit :
CISSPs :
BS7799 / ISO27001 Las :
CISAs :
DISAs / ISAs :
No. CSW Information Information security
Security
8.4Years 9.5Years ISO LA, PCI-ASV
1 Ravi Pandey Certified
2 Sridhar Krishnamurthi 10.7Years 20.7 Years CISA, CISSP, ISO LA
7.6Years ISO LA, PCI-ASV
3 Gunnam Ramesh 7.6 Years Certified
4 Arjun Basnet 5.11 Years 5.11Years CEH, PCI-ASV Certified
Ravichandran R 1.2 Years 16.2 Years CISA, CFE, CEH, CCISO,
5 CPISI, ECSA, ISO LA
6 Sathish Kumar 5.10 Years 5.10 Years CEH
7 Vengatesh Nagarajan 5.5 Years 5.5 Years CCNA Security
8 Bonthala Satya Suvarna 4.4 Years 4.4 Years CompTIA Pentest+
9 DereddyMaheswari 4.4 Years 4.4 Years
10 Surabhi Kumari 4.3 Years 4.3 Years
11 Bhaskar.G.K 3.1Years 3.1Years
12 Swaraj Rai 2.9Years 2.9Years CEH
13 Rakesh Kumar M 2.5Years 2.5Years CEH
14 Dilip Raja Peddu 2.3 Years 2.3 Years
15 Raj Kumar Shah 1.4 Years 3.1 Years
16 Neha Agarwal 1.2 Years 1.2 Years
17 Balamurugan P 1.10 Years 1.10 Years
18 Vijayakumar M 1.10 Years 1.10 Years
19 Lourdhu Raj 1.6 Years 1.6 Years
Periyanayagam
20 Saran B 2.1 Years 2.1 Years
21 Raj Kumar T M 1.6 Years 1.6 Years
22 Sushil Bhojwani 1.6 Years 1.6 Years CEH
23 Vasantha Kumar T 0.10 Year 1.5 Years CEH, CHFI, CIE, ECSA
Richard Paul Dharmaraj S 0.6 Year
24 2.6 Years ECSA
25 Mohamed Yasir Hashim 0.5 Year 0.5 Year

project value.
 Vulnerability assessment and Penetration testing of network infrastruct
applications for a large Financial Services Company with offices across 68 Locati
cannot declare the name of organization as we have NDA singed with th
 Complexity: Project involved of Network Security Assessment, Internal and

Assessment and Penetration Testing, Security Configuration Review, Applica
Mobile Application Security Assessment.
9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):
Commercial Tools
 Acunetix
 Nessus
 Nexpose
 Burp Suite Pro
 Qulays
Proprietary
 Risk Quotient- SaaS based cyber risk exposure platform.
 VapSploit - Data mining tool for network infrastructure security assessment.
 WebSploit - Data mining tool for web infrastructure security assessment.
Freeware Tools:
 Nmap
 Netcat
 Snmp Walk
 Metasploit
 Kali Linux
 Paros
 Burp Suite
 Brutus
 Nikto
 Firewalk
 Dsniff
 SQL Map
 John the ripper
 Paros
 Wikto
 Ethereal
 Netcat
 Openvas
 W3af
 OWASP Mantra
 Wireshark
 Ettercap
 Aircrack – Ng
 Cain & Abel
 Ironwasp
 OWASP Xenotix
 Fiddler
 Tamperdata
 Social Engineering Toolkit
Yes, we have partners for providing information security services in the respect
I. Partner with ICE Information Technology to provide Information Security Service
ICE Information Technology
P.O. Box: 120661, Dubai, UAE
P.O Box: 31078, Abu Dhabi, UAE
II. Partner with RiskSense Inc. to provide Information Security Services in USA RiskSen
4200 Osuna Road NE, Suite 3-300
Albuquerque, NM 87109, USA

*Information as provided by Cyber Security Works Pvt Ltd on 23-Dec-2019
Ba
18
1
7
udits:
1
4
2
0
20
30
ecurity audits in Government and Critical sector
ations related to
ation security
ISO LA, PCI-ASV

Certified
ISA, CISSP, ISO LA
ISO LA, PCI-ASV
Certified
H, PCI-ASV Certified
A, CFE, CEH, CCISO,
I, ECSA, ISO LA
CEH
CCNA Security
CompTIA Pentest+
CEH
CEH
CEH
H, CHFI, CIE, ECSA
ECSA
ms of volume, complexity, locations etc.) along with

n testing of network infrastructure and web
pany with offices across 68 Locations in India. (We
s we have NDA singed with them)
ecurity Assessment, Internal and External Vulnerability

ty Configuration Review, Application Penetration Testing,
platform.
ucture security assessment.
ure security assessment.
uditors / Experts : No ( If yes, kindly
give details : Yes

ecurity services in the respective countries.
ovide Information Security Services in UAE
n Security Services in USA RiskSense Inc
organization? : No
: No
Ltd on 23-Dec-2019
Back
M/s Deccan Infotech Pvt. Ltd.

Name- Deccan Infotech (P) ltd
Address-13J, Jakkasandra Block 7TH Cross, Koramangala, B
2. Carrying out Information Security Audits since : < 1996>
 Network security audit (Y/N) < YES>
 Web-application security audit (Y/N) < YES>
 Wireless security audit (Y/N) < YES>
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) < YES>
Govt. : <number of> 03

PSU : <number of> 00
Private : <number of> 45

handled by them)
Network security audit: <number of> 15
Web-application security audit: <number of> 20
Wireless security audit:<number of> 08
Compliance audits (ISO 27001, PCI, etc.):<number of> 05

CISSPs : <number of> 01
BS7799 / ISO27001 LAs : <number of> 06
CISAs : <number of> 02
DISAs / ISAs : <number of> 00
Any other information security qualification:<number of> 03
1 Mr. Dilip Hariharan 06/05/1996 23 yr C|CISO, CRISC, CISM,
CISA, CEH, CHFI, CFE,
CCNA, ISO 27001
Lead Auditor &
Implementer, ISO
9001:2008 LEAD
AUDITOR, BS 15000
IMPLEMENTER, SANS
certified in hacker
techniques, exploits &
rganization:
Cross, Koramangala, Bangalore-560034

: < 1996>
< YES>
< YES>
< YES>
< YES>
03
00
45
48
15
20
08
er of> 05
01
06
02
00
ber of> 03
12

incident handling
2 Mr. N. Aravindh 08/11/2017 2 yr ISO 27K1
Krishna N Implementer
3 Mr. G Sathish Kumar 10/11/2017 2 yr ISO 27K1
Implementer
4 Mr. Amit Gupta 01/02/2018 25 yr ISO 27K1
Implementer
5 Mr. Rajesh Kumar M 02/02/2018 4 yr ISO 27K1
Implementer
6 Mr. P.B 07/07/2018 22yr ISO 27K1
Manjunath Implementer
7 Mr. Sri Ram G 05/03/2019 16yr CISA, CISSP
8 Mr. Vishal Singh 01/05/2019 3 yr PG-Diploma Network

and Cyber Security - CDAC
project value.
 Web applications Security audit for more than 100 sites of A government organisation with
web development technologies amounting to approximately 30 Lakhs.
1. Burp Suite
2. NMAP
3. Hping3
4. John The Ripper
5. NetCat
6. PW DUMP
7. Wireshark
8. OWASP ZAP
9. KALI Linux
10. Rapid7
11. Acunetix
12. TCP Dump
13. Nexpose – Commercial tool
14. Brutus
15. Metasploit - Commercial
16. Mozilla Tools for web app audits
17. Fiddler
18. Dir buster
19. Nipper
20. Nikto
21. W3AF
22. Android tamer
23. Immuniweb Mobile scanner


*Information as provided by <Deccan Infotech (P) ltd > on <21-Dec-2019>
Bac
M/s Security Brigade InfoSec Pvt. Ltd.
Security Brigade InfoSec Private Limited 165 3rd Floor, Kohinoor Estate,
Near Sunmill Compound, Lower Parel, Mumbai, Maharashtra India

• Network security audit (Yes)
• Web-application security audit (Yes)
• Wireless security audit (Yes)
• Compliance audits (ISO 27001, PCI, etc.) (Yes)
• Red Team Assessment
• Web Application Penetration Testing
• Mobile Application Penetration Testing
• Network Penetration Testing
• Network Vulnerability Assessment
• Web Application Automated Vulnerability Assessment
• WAP Application Penetration Testing
• Thick Client Penetration Testing
• Firewall Configuration Review
• Wireless Penetration Testing
• Server Configuration Review
• Database Configuration Review
• Source Code Review
• Email Configuration Review
• Network Architecture Review
• Process and Policy Review
• Incident Response
• Spear Phishing Activity
• Data Leakage Gap Analysis
• Defacement Monitoring
• Forensics Investigation & Analysis
• Application Malware Scan
• Network Malware Scan
• ShadowMap
Govt. : 10+
PSU : 10+
Private : 300+
nment organisation with different databases and
/proprietary):
ls : No
: No
Dec-2019>
Back
anization :
state,
: 2006
0+
0+
00+
04+
5. Number of audits in last 12 months, category-wise (Organization can add categories base
by them)
CISSPs : -
BS7799 / ISO27001 LAs : 1
CISAs : -
DISAs / ISAs : -
Duration with Experience in

<organization> Information Security
S. No. Name of Employee
1 Yash Kadakia Oct-06 19 years
2 Chintankumar Joshi Apr-11 9 Years
3 Abhinav Awasthi Dec-16 3 Years
4 Ayush Kumar Dec-17 2 Years
5 SiddarthGowrishankar Dec-17 2 Years
6 Ishan Patil Jul-18 1.6 Years
7 Madhusudhan Kumar Sep-18 1.6 Years
8 Deepak Kandpal Oct-18 1.3 Years
9 Abhishek Gupta Nov-18 1.1 Years
10 Niraj Shivtarkar Dec-18 1.3 Years
11 Aditya Patil Mar-19 9 months
12 Joe Kurian Jul-19 2.4 years
13 Ramneek Jul-19 6months
14 Abhishek Bhoir Dec-19 Fresher
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
value: 200+ Audits, Combination of Network Security,
Application Security, Mobile Application Security, Risk Assessments, Pan-India + 5 Glob
Information Gathering
- Bile-Suite
- Cisco torch
- SpiderFoot
- W3af
- Maltego
- SEAT
- In-House sdFinder
- … and 50 other tools

Port Scanning
- Nmap
- In-House networkMapper
- Amap
- Foundstone
- hPing
- ... and 30 other tools
Application Security Assessment

- In-House webSpider
- In-House webDiscovery
- In-House webTester
- Achilles
- Sandcat
- Pixy
- W3af - Nikto
- Paros

Threat Profiling & Risk Identification
- In-House Risk Assessment
Network & System Vulnerability Assessment
- Metasploit
- Nessus
- SAINT
- Inguma
- SARA
- Nipper
- GFI
- Safety-Lab
- Firecat
- Owasp CLASP
- Themis
- In-house VAFramework
Exploitation
- Saint
- SQL Ninja
- SQL Map
- Inguma
- Metasploit

Social Engineering
- Social-Engineering Toolkit (SET)
- Firecat
- People Search

Privilege Escalation
- Cain & Abel
- OphCrack
- Fgdup
- Nipper
- Medusa
- Lynix
- Hydra
- … and 40 others
Commercial Tools
- Nessus Commercial - Burp Suite

*Information as provided by <Security Brigade InfoSec Private Limited> on <December
Ba
nization can add categories based on project handled
100+
300+
10+
10+
dits :
-
1
-
-
8
14
ecurity audits in Government and
Qualifications
related to
Information
security
ECPPT
ECPPT
CEH
ISMS LA, CEH
CEH and CND
ECPPT
CEH
CISEH
CISEH
CISEH
ECPPT
ECPPT
ECPPT
CISEH
ms of volume, complexity, locations etc.) along with project
Assessments, Pan-India + 5 Global Locations, 1 Crore+

l/ freeware/proprietary):
uditors / Experts : No
(MoU, contract etc.))
give details : No
d organization? : No
: No
Private Limited> on <December 19, 2019>
Back
M/s Payatu Technologies Pvt Ltd.
Payatu Technologies Pvt Ltd,
502 Tej House, 5 MG Road, Camp, Pune - 411001
 Network security audit : (Y/N)
 Web-application security audit : (Y/N)
 Wireless security audit : (Y/N)
 Mobile Application Audit
 IoT (Internet of Things) product security audit :
 ICS/SCADA security audit :
 Cloud Infrastructure security audit :
 Crypto Implementation security audit :
 Code Review :

Govt. :
PSU :
Private :

handled by them)
Mobile Application Audit : 20+
IoT (Internet of Things) product security audit : 7+
SANS GWAPT : 1
OPSE : 1
OSCE : 1
CEH : 10
ECSA : 1
Any other information security qualification:<number of>
project value.
Web Application and Network security audit one for the USA based Analytics Product C
achieved PCI certification for their product and clod based Infrastructure.
1. Volume: 50+ URLS, 1500+ Internal IPs, 500+ external IPS
2. Complexity: High
3. Project Value USD 117000

Information Gathering
1. Dnsenum
2. Fierce domain scan
3. Dig
4. Whois
5. Wget
6. Google Advanced search
Mapping
1. Nmap
2. Scapy
3. Ike-scan
4. Superscan
5. Dirbuster
6. Openssl
7. THC SSLCheck
8. Sslscan
9. Netcat
10. Traceroute
11. Snmpcheck
12. Smtpscan
13. Smbclient
14. Wireshark
15. Web Browser
1. Nessus Professional
2. Openvas
3. Skipfish
4. Ratproxy
5. IronWASP
6. Grendel scan
7. Web securify
8. Burp suite professional
9. Paros Proxy
10. SOAPUI
Exploitation
1. Custom python script
2. W3af
3. Metasploit
4. Sqlmap
5. Sqlninja
6. BeEF Framework
7. Hydra

13. Locations of Overseas Headquarters/Offices, if any : Yes

1. The Hague – Netherlands
2. Sydney - Australia
*Information as provided by Payatu Technologies Pvt Ltd on 30-March-2018
Ba
rganization :
, Pune - 411001
: 2011
(Y/N)
(Y/N)
(Y/N)
: 0
: 1
: 25+
udits done : 25+
cation:<number of>
: 15
sed Analytics Product Company to help them

astructure.
S
e/proprietary):
: No
on? : No If yes, give details
: Yes
h-2018
Back
M/s Suma Soft Pvt. Ltd.
Suma Soft Pvt. Ltd. "Suma Center", 2nd Floor,
Opp. Himali Society, Erandawane, Pune, Maharashtra – 411 004.
Tel: +91- 20 - 40130700, +91- 20 - 40130400
Fax: +91- 20 - 25438108

 Cyber Security Audits : Yes
 Web & Mobile Application Penetration Testing : Yes
 API Security Testing : Yes
 Vulnerability Assessment/Penetration Testingof IT Infrastructure : Yes
 Network Penetration Testing : Yes
 Wireless Security Testing : Yes
 Compliance Audits (ISO 27001, PCI, BCMSetc) : Yes
 Software License Compliance Audits : Yes
 Compliance - IT Audits
(Based on guidelines issued by RBI, IRDA, SEBI, Stock Exchanges) : Yes
 Digital Forensic Investigations : Yes
 Secure Source Code Analysis as a Service : Yes
 24/7 Security Monitoring as a Service : Yes
 Cloud Security Compliance Assessment : Yes
Govt. :
PSU :
Private :

handled by them)
Compliance audits (ISO 27001, PCI, etc.)
:
:
:
:
:
:
:
:
:
:
:
CISSPs
BS7799 / ISO27001 LAs CISAs
CEH
CEH, ECSA OSCP OSWP
DISAs / ISAs
Floor,
Maharashtra – 411 004.
30400
: 2008
: Yes
: Yes
: Yes
: Yes
ucture : Yes
: Yes
: Yes
: Yes
: Yes
nges) : Yes
: Yes
: Yes
: Yes
: Yes
: 0
: 0
: 35
done : 35
8
28
1
5
3
4
7
3
3
1
1
dits :
CCSE, CCI, ACE, ITIL, RHCE, CCNP, CCNA,
S. Name of Employee Duration Experience in Information
No. with Suma Soft Security
01 Surendra Brahme 19 20
02 C.Manivannan 19 20
03 Milind Dharmadhikari 7 17
04 Anil Waychal 19 15
05 Sumit Ingole 5 6
06 Narendra Bhati 5 6
07 Praveen Gauttam 4 4
08 Suraj Waghmare 2.9 3.8
09 AmeyNaniwadekar 2.10 3.5
10 Rajinikanth Bhandare 2.10 3
11 Sunil Kande 1.4 1.4

12 Omprakash Deshmukh 1 1
13 SanketKaware 0.6 1.8

project value.
 Client: PSU organization from Financial Services industry involved
Type of Audit: Network Security Audit
Scope of Work: The scope of our audit included review of following areas –
 DC Infrastructure & Network Audit,
 LAN Infrastructure
 Vulnerability Assessment of 280+ internal IP addresses including routers,
servers etc.
 Penetration Testing of 55+ public facing IP addresses
 Conduct Vulnerability Assessment and Penetration Testing
 Finalization of report and submission of the same to the client manageme
IT Environment: 350+ IP address

 Client: Co-operative Bank
Type of Audit: Security Audit of Network, Web application, M
NPCI Agent Audit
Scope of Work: The scope of our audit included review of fo
 DC Infrastructure & Network Audit
 DR Site Audit
 Intranet Applications Audit
 Banking Agent Audit
 Vulnerability Assessment / Penetration Test and
Scanning
 Android Mobile Application Security Audit
 Client Location Site Security Audit (LAN)
 Client: Private Organization in end to end Logistic Solution
Type of Audit: Security Audit of Web& Mobile Applications, APIs and AWS hos
 Conduct Vulnerability Assessment and Penetration Testing on Web Applic
 Conduct Vulnerability Assessment and Penetration Testing on Android Mo
 Conduct Vulnerability Assessment and Penetration Testing on Network In
 Tests vulnerabilities in web sites and applications to ensure that all the fa
inaccuracies are removed.
 Analyze and execute advanced testing techniques against all verified vuln
penetrate through the web-based application.
 Perform re-testing after receiving confirmation from the developers on fix
 Finalization of report and submission of the same to the client
management
IT Environment: 5 Web Applications, 3 Mobile Apps, 150+ APIs, 100+ virtual hosts in AWS
Commercial
 Burp Suite Pro
 Nessus
 Netsparker
Freeware
 Kali Linux
 Metasploit
 Sqlmap

No. We do not outsource our engagements to external consultants. However, we enga
consultants / experts in the field of information Security to work alongside our team b
required for the engagement. Project Management and delivery of the engagement is
For this purpose, we use Confidentiality and Non-Disclosure Agreements before engaging
assignments with defined scope of work and with clear knowledge of the client. Also the
adhere to IT Security and other Policies of Suma Soft and also of the client during the co
partnered with some niche cyber security companies from the USA and Israel to become th
13. Whether organization is a subsidiary of any foreign based organization : N

*Information as provided by Suma Soft Pvt. Ltd. on 24-November-2016
Ba
mation security qualification:
E, ITIL, RHCE, CCNP, CCNA,
echnical Personnel : 13
deployed for information security audits in Government and Critical sector

equired)
security
FCA,CISA,DISA
CISA
CISA, ISO27001LA,ACE,
CCNA,CSQP
CISA,ISO27001LA,ITIL,RHCE,Sun
Solaris
OSCP, CEH, ECSA, IBM Certified
Specialist - Rational AppScan
OSCP, OSWP,CEH
CEH, ECSA
CEH, ECSA,CCNA, ISO27001LA
CEH, CCNA
CEH
CEH
-
in terms of scope (in terms of volume, complexity, locations etc.) Along with
rganization from Financial Services industry involved in Primary market

work Security Audit
he scope of our audit included review of following areas –
re & Network Audit,
ure
sessment of 280+ internal IP addresses including routers, switches, firewalls,
ting of 55+ public facing IP addresses

rability Assessment and Penetration Testing
report and submission of the same to the client management.
ddress
erative Bank
Type of Audit: Security Audit of Network, Web application, Mobile Application and
NPCI Agent Audit
DC Infrastructure & Network Audit
DR Site Audit
Intranet Applications Audit
Banking Agent Audit
 Vulnerability Assessment / Penetration Test and Desktop Security
Scanning
 Android Mobile Application Security Audit
 Client Location Site Security Audit (LAN)
e Organization in end to end Logistic Solution
urity Audit of Web& Mobile Applications, APIs and AWS hosted IT Infrastructure
he scope of our audit included review of following areas –
rability Assessment and Penetration Testing on Web Application
rability Assessment and Penetration Testing on Android Mobile Application
rability Assessment and Penetration Testing on Network Infrastructure.
bilities in web sites and applications to ensure that all the false positives and
emoved.
xecute advanced testing techniques against all verified vulnerabilities in order to
the web-based application.
ting after receiving confirmation from the developers on fixing of issues
report and submission of the same to the client
s, 3 Mobile Apps, 150+ APIs, 100+ virtual hosts in AWS

dit Tools used ( commercial/ freeware/proprietary):
nal Information Security Auditors / Experts : No ( If yes, kindly provide

act etc.))
ur engagements to external consultants. However, we engage known external
e field of information Security to work alongside our team based on specific skills
nt. Project Management and delivery of the engagement is done by Suma Soft.
identiality and Non-Disclosure Agreements before engaging the consultants for

pe of work and with clear knowledge of the client. Also the consultants need to
er Policies of Suma Soft and also of the client during the course of the engagement.
y Foreign Tie-Ups? If yes, give details : Yes Suma Soft has

security companies from the USA and Israel to become their channel partner India.
bsidiary of any foreign based organization : No If yes, give details
uarters/Offices, if any : No
ma Soft Pvt. Ltd. on 24-November-2016
Back
M/s AGC Network
AGC Network,
2nd Floor, Equinox Business Park, Tower 1, (Peninsula Techno Park) Off Bandra Kurla Complex, LBS
Mumbai – 400070.


Govt. : 4
PSU : NA
Private : 15
5. Number of audits in last 12 months, category-wise (Organization can add categories based o
them)
6. Technical manpower deployed for information security audits : CISSPs
DISAs / ISAs
Any other information security qualification : CEH(8),ECIH(3),CHFI(1),CISM(2)
: 10
: 15
: 2
: 5
: NA
: 3
: 3
: NA
S. Name of Employee Duration with Experience in Information Security
No. <organizatio n>
1 AnantBhat 9 Months 8 years (Total Exp 15+)

2 SachinRatnakar 10 Years 15 Years (Total Exp 25+)
3 Kris Coutinho 8 years 10 years( Total Exp 12+ )
4 SaudattaKundaikar 1.5 years 5.3 years

ence of CERT-In empanelled Information Security
ng Organization :
rk) Off Bandra Kurla Complex, LBS Marg Kurla (West)
: 2017
: Yes
: Yes
: Yes
(Y/N) : Yes
4
NA
15
8
ion can add categories based on project handled by
CISSPs
I(1),CISM(2)
14
y audits in Government and Critical sector organizations
10
15
2
5
NA
3
3
NA
CISA,CISM,CEH V10,IBM
QRADAR SIEM
CISA,ISO Lead Auditor
CISA,CISM,ISO Lead
Auditor
CEH
5 TejasPharande 1.1 3.5 years (Total Exp 5.5 years)
6 Satya Narayan Yadav 4.4 years 9.5 years
7 Deepak Joshi 2 years 2 Years

8 SanketPrajapati 6 months 3 years (Total Exp 6 years)
9 AkashShinde 1 month 1.4 years
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
value.
Sudarshan Chemicals - Network VAPT of Internal/External IP, configuration audit. Project

QUALYS, NESSUS, WIRESHARK, IBM APP SCAN,KALI LINUX,OWASP ZAP,SAN
,BURP SUITE.
10. Outsourcing of Project to External Information Security Auditors / Experts : No (
mode of arrangement (MoU, contract etc.))
13. Locations of Overseas Offices : Yes
A. AUSTRALIA:-
a. MELBOURNE (Suite 2, Level 3 West Tower,608 St Kilda Rd,Melbourne, Victoria, 3004)
b.SYDNEY (Level 8, Avaya House, 123 Epping Rd, NorthRyde, NSW, 2113)
B. PHILIPPINES: - (AGC Networks Philippines, Inc., AnEssar Enterprise 4th Floor, Jaka Building,
Makati City – 1226)
C. SAUDI ARABIA: - (Building no.113, Al Narjes Complex, Abu Bakr Road, Riyadh, KSA)
D. KENYA: - The Oval, 2nd Floor, Westlands | Nairobi | Kenya
E. NEW ZEALAND: -Floor 17, 120 Albert Street, Auckland Central, Auckland 1010, New Zealand
F. UAE:-
a. DUBAI (Emaar Business Park, Building No. 4, Office # 508, PO Box 58569, Sheikh Zayed Road, D
Emirates)
b. ABU DHABI (AGC Networks L.L.C. Al Nayadi Building 115, Office No. 701 Sheikh Rashid Bin Saee
Abu Dhabi, United Arab Emirates)
G.USA:-
a. DALLAS (222 W Las Colinas Blvd, Suite 200 North Tower, Irving, Texas, 75039, Texas, USA)
b. FLORIDA (7970 Bayberry Rd, Suite 5, Jacksonville, Florida 32256)
c. MINNESOTA (10050 Crosstown Circle, Suite 600 Eden Prairie, MN 55344)
d. MINNESOTA (9155 Cottonwood Lane N Maple Grove, MN 55369)
H. SINGAPORE: - (AGC Networks Pte Limited 50 Raffles Place, # 32-01 Singapore Land Tower Sing
*Information as provided by <AGC Networks Limited> on <20.12.2019>
Ba
CEH,ECIH,CHFI
CEH,ECIH,COMPTIA
SECURITY+,MCAFEE
SIEM,QRADAR SIEM
CEH,ECIH
ISO Lead Auditor
CEH
volume, complexity, locations etc.) along with project
IP, configuration audit. Project Value:- 5 Lakhs
eware/proprietary):
N,KALI LINUX,OWASP ZAP,SANTOKU OS,ACUNETIX
rs / Experts : No ( If yes, kindly indicate
etails : No
anization? : No
: Yes
lbourne, Victoria, 3004)

SW, 2113)
Enterprise 4th Floor, Jaka Building, 6780 Ayala Avenue,
Bakr Road, Riyadh, KSA)
l, Auckland 1010, New Zealand
Box 58569, Sheikh Zayed Road, Dubai, United Arab
ce No. 701 Sheikh Rashid Bin Saeed Street (Airport Road)
g, Texas, 75039, Texas, USA)

56)
MN 55344)
9)
32-01 Singapore Land Tower Singapore 048623)

.12.2019>
Back
M/s iSec Services Pvt. Ltd
iSec Services Pvt. Ltd.607-608, Reliable Business Center, Anand Nagar Jogeshwari (W),Mumbai 40

3. Date of empanelment by CERT-In :
 Network security audit : (Yes)
 Web-application security audit : (Yes)
 Wireless security audit : (Yes)
 Compliance audits (ISO 27001, PCI, etc.) : (Yes)

Govt. : <15>
PSU : <2>
Private : <19>
6. Number of audits in last 12 months , category-wise (Organization can add categories based on pr


BS7799 / ISO27001 LAs : <3 >
Any other information security qualification : <3>
Name of Employee Duration with Experience in

<organization> Information Security
S. No.
1 Mayur Khole >4 years >4 years

2 Naman Chaturvedi >4 years >4 years
3 Anil Patil 1 month >3 Years
4 Deepak D.R. >2.5 years >2.5 Years
and competence of CERT-In empanelled Information Security
ion

ess Center, Anand Nagar Jogeshwari (W),Mumbai 400102, INDIAemail: contactus@isec.co.in
: 2001
:
quired)
: (Yes)
: (Yes)
: (Yes)
: (Yes)
Months :
: <15>
: <2>
: <19>
: 36
e (Organization can add categories based on project handled by them)
: <3>
udit : <15>
: <7>
001, PCI, etc.) : <11>
urity audits :
: <3 >
: <3>
: 6
ation security audits in Government and Critical sector organizations
ISO LA 27001:2013
ISO LA 27001:2013
CEH v8.0
CEH v7.0
Jyoti Shankar Singh
5 >5 years >5 years
6 Krapesh Bhatt 2 months >3 years

value.
Client Name: Syntel Ltd.
Locations covered: Mumbai (2 locations), Pune (2 locations), Chennai (2 locations) and Gurgaon (1
Scope: ISMS Compliance Audits on daily basis for a year, Handling U.S. Clients audits at locations, i
sessions to employees in reference to Information Security at regular Intervals, Doing Risk Assessm
Transition done from ISO 27001:2005 to ISO 27001:2013, DR and BCP drills for each account.
Manpower Deployed : 3 resources (one each at Mumbai Chennai and Pune). Project Value: INR 5
Commercial:
 Burp Suite Pro
Fre  Nmap
ewa  Nikto
re:  Metasploit
 OpenVas
 Wireshark
 Crowbar
 Nessus
 Webscarab
 Paros
 Wapiti
 Nemesis
 NetCat
 Brutus
 GrendeIscan
 Havij
 Hydra
 Httprint
 Hydra
 W3af
11. Outsourcing of Project to External Information Security Auditors / Experts : No (I

13. Whether organization is a subsidiary of any foreign based organization? : No If

*Information as provided by iSec Services Pvt. Ltd. on 23/3/2017

Bac
ISO LA 27001:2013
PGDM Cyber Security

(in terms of volume, complexity, locations etc.) Along with project
cations), Chennai (2 locations) and Gurgaon (1 location)

year, Handling U.S. Clients audits at locations, imparting training
ecurity at regular Intervals, Doing Risk Assessment at annual basis,
:2013, DR and BCP drills for each account.
umbai Chennai and Pune). Project Value: INR 50 lacs.
mmercial/ freeware/proprietary):
ecurity Auditors / Experts : No (If yes, kindly provide
f yes, give details : No
gn based organization? : No If yes, give details

ny : No
. on 23/3/2017
Back
M/s KPMG
1. Name & location of the empaneled Information Security Auditing Organization :
KPMG
DLF Building No. 10, 4th Floor, Tower B DLF Cyber City, Phase 2 Gur

• Network security audit - Y
• Web-application security audit - Y
• Wireless security audit - Y
• Compliance audits (ISO 27001, PCI, etc.) – Y
• Cyber Forensic and Incident Analysis - Y

Govt. : 3 -4
PSU : 15 – 20
Private : 20 -30
5. Number of audits in last 12 months, category-wise (Organization can add categor

handled by them)
 CISSPs :
 BS7799 / ISO27001 Las :
 CISAs :
 CEH :
 CCSK/ OSCP :
 CCNA/ CCNP/ CCIE :
 CHFI/SANS GIAC / GCFE :
 Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Governmen

on Security Auditing Organization :
Tower B DLF Cyber City, Phase 2 Gurgaon 122002
ce : 1996
if required)
- Yes
dit - Yes
- Yes
001, PCI, etc.) – Yes
Analysis - Yes
st 12 Months :
: 3 -4
: 15 – 20
: 20 -30
: 100
y-wise (Organization can add categories based on project
30+
80+
20+
40+
n security audits:
: 6+
Las : 25+
: 15+
: 60+
: 12+
: 15+
CFE : 5+
al Personnel : 350+
nformation security audits in Government and Critical sector

No. KPMG Security Information security
1 Sony Anthony 17yrs 23yrs ISO 27001, ISO 22301,
ISO 20000
2 Manish Tembhurkar 5yrs 16yrs CEH, CCNA, CISA, ISO
22301
3 Urmimala Dasgupta 8yrs 12yrs CEH, ISMS- 27001:2013,
ITIL,
QualysGuard
4 Anupama Atluri 8yrs 12yrs CEH, CCSK, ISO Lead

Implementer, IBM Certified
Pen tester
5 Aditya Tawde 4yrs 11yrs ISO 27001, DSCI –LA

6 Jayant Singh 9yrs 10yrs CEH, ISMS 27001
7 Harsha Bhatt 5yrs 6yrs CEH, OSCP, CBE
8 Rishabh Dangwal 5yrs 9yrs OSCP, CREST, CEH, ECIH,
PRINCE2, CCNA, RHCE,
PRINCE2-
Practioner, ITIL
9 Abhishek Dashora 5yrs 7yrs CEH, CCSK

10 Anshul Gupta 2yrs 7Yrs CEH, CISSP, ECSA,
ISO27001 – LA, Prince2
11 Anish Mitra 4Yrs 8Yrs OSCP, CEH,ECSA,
CCSK,ITIL, Qualys Certified
Pen tester
12 Roopesh Yadav 8yrs 9yrs DCPLA, ISO 27001, ISO

22301, ISO 20000,
ArcSight ESM Analyst,
13 Kedar Telavane 8yrs 12yrs CISA, CCNA, ISO 27001

14 Pratiksha Doshi 10yrs 17yrs CISSP, CEH
15 Somaskandan 6yrs 9yrs ISO 27001, CEH, ISO 22301
Sankarnarayanan
16 Romharsh Razdan 9yrs 10yrs ISO 27001, CCSK, CSM
17 Rushil Chaturvedi 5yrs 6yrs CISA, CCSK, CSM
18 Vipin Kumar 5yrs 7yrs CEH
19 Areeb Naqi 3yrs 8yrs OSCP, CREST, CEH, ECIH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, lo
project value.
Security Assessment across multiple telecom clients in India:
 KPMG has been providing a variety of security advisory and assessment
operators/ service providers to help them strengthen the overall security pos
technology eco-system, which comprises of critical IT/ Telecom assets, technolo
4G/LTE, Cloud, SDN, VNF and other domains. KPMG has been performing continuo
development of minimum baseline security standards (MBSS) for various netw
devices, circle wise security reviews based on MBSS and international security sta
ITU-T, 3gpp etc., secure design and architecture reviews of various emergin
solutions – such as M2M, eSIM, NFV, IoT etc. We also assisted clients
in security testing of web based and mobile based applications, vulne
penetration testing of internal and external facing infrastructure components,
testing, security testing of telecom radio devices like Femtocell and Pico cells
KPMG has been running cyber threat intelligence and online reputation managemen
keep the clients updated on latest security threats and help them safeguard agains
 Value of the engagement is more than INR 8 CR
Security Testing for Oil and Gas Corporation
 KPMG performed technical security audit of Network Devices, Servers, Applicat
deployed at primary data center and disaster recovery data center which inc
procedure review, vulnerability assessment and penetration testing, network a
security configuration review at the major Indian multi-national oil and gas corp
 Value of the engagement was more 50 lakhs.
Security Audit for Nationalized Bank:
 KPMG was engaged with a leading bank to conduct comprehensive information
audit every quarter of its application assessment, vulnerability assessment of netw
external penetration testing, IT DR review, Wide Area Network review and review
process. KPMG conducts periodic security assessment for the bank’s IT systems
covering Data Centre including NOC and SOC, Data Recovery Site, IT Head office in
office at any place having installed critical application/IT infrastructure or likely to b
Data Warehouse, Call Centres, sample ATM machines and other sample offic
the country.
 The value of engagement was more than INR 50 Lakhs.
Security Assessment of Power Utility Organization
 KPMG worked with a power and utility company in India to perform co
assessment of its OT and IT Infrastructure at Kolkata. In its assessment, KPMG ana
controls in IT and operational technology (OT) systems which were deployed
Transmission and Distribution etc. The security assessment included review of D
plant automation systems like PADO, BVMS; review of Transmission and Dis
system, HT Outage Management System, Meter Data Acquisition System, dev
configuration, vulnerability assessment, technical security testing of web and mobi
of OT security policy and procedures.
 The value of engagement is more than INR 35 Lakhs.
Security Audit of a multiple BFSI Client
 KPMG is currently working with leading banks on the application security
includes manual security testing of organization’s business critical application
applications, payment applications, privacy applications, thick client applications
As part of the security testing service KPMG is responsible to manage the overall se
of the client from project initiation to delivery phase. KPMG is also responsible to c
and documentation of the issues identified and track them to completion with the h
developers.
 The overall value of these projects is approximately INR 1 Cr.
Cyber Incident Response (Data Breach) support
 KPMG team performed root cause analysis and cyber incident support fo
brokerage in Mumbai. The assessment included a root cause analysis into t
leaked sensitive information of the client on the dark web. KPMG conducted
containment, remediation and support in recovery of IT operations
 Post incident management support KPMG also provided support in implementatio
measures for the client across the infrastructure and number of training sessions
to attenuate the impact of the incident.
 KPMG further conducted number of security assessments for its network architecture
and application to identify vulnerabilities and provided recommendations to
 The overall value of the project was spread for more than 2 years and the value was
Commercial
 Acunetix,
 Burp,
 Nessus
 AppScan
 WebInspect
Proprietary
 KRaptor,
 KPMG Digital Signals Insights Platform,
 KPMG SABA,
 K-Risk-Intel Tool
 KPMG Vulnerability Management Platform
Open source tools
 BackTrack,
 Kali Linux,
 Fiddler,
 Paros,
 SQLMap,
 nmap,
 Wireshark

*Information as provided by KPMG on 20th Dec 2019
Ba
of volume, complexity, locations etc.) along with
s in India:
dvisory and assessment services to telecom
the overall security postures across their
/ Telecom assets, technology solutions across 3G,
been performing continuous security assessments,
MBSS) for various network elements and
international security standards/ guidelines like
iews of various emerging technology-based
sisted clients
ased applications, vulnerability assessment and
nfrastructure components, SIM card security
Femtocell and Pico cells etc. In addition to this,
ne reputation management advisory programs to
lp them safeguard against the same.
Devices, Servers, Applications, and systems

ry data center which included the policy and
ration testing, network architecture review and
i-national oil and gas corporation.
omprehensive information systems and security

bility assessment of network devices and servers,
twork review and review of policy and
for the bank’s IT systems and infrastructure
very Site, IT Head office in Delhi/NCR or any other
nfrastructure or likely to be installed, Enterprise
s and other sample office network spread across
hs.
in India to perform comprehensive security

its assessment, KPMG analyzed the security
ms which were deployed in the Generation plant,
nt included review of DCS and other power
of Transmission and Distribution SCADA
Acquisition System, device security
y testing of web and mobile application and review
the application security testing services which

siness critical applications, internet facing
s, thick client applications and source code review.
e to manage the overall security testing program
MG is also responsible to conduct risk assessment
m to completion with the help of application
NR 1 Cr.
yber incident support for a leading retail

ot cause analysis into the data breach which
web. KPMG conducted incident analysis,
IT operations
support in implementation of mitigation
ber of training sessions for senior management
or its network architecture, database, servers

ded recommendations to patch the same.
2 years and the value was more than 2.5 Cr.
freeware/proprietary):
Experts : No
tract etc.))
details : No
ation? : No
Back
M/s Mahindra Special Services Group
Mahindra Special Services Group
(A Division Of Mahindra Defence Systems Limited) Mahindra Towers, 1st Floor 2- A , Bhikaji Cama Pl
110066, India
 Compliance audits(ISO 22301) : Yes

Govt. : 20
PSU : 10
Private : 69
5. Number of audits in last 12 months , category-wise (Organization can add catego
handled by them)

CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security qualification (CISM, CEH, CND) :
7. Details of technical manpower deployed for information security audits in Government
Information Total experience
Security related in information
qualifications security related
Working with the (CISSP/ISMS LA / activities
Technical Personnel’s
S. No. Place of Posting organisation since CISM/ CISA/ ISA (years)
Name
(month & year) etc., state as
applicable)
ISO 27001 LA,

ISO 27001 LI, ISO
22301 LA,
05-
1 Shailesh Srivastava Mumbai 2008 16.7
zation :
1st Floor 2- A , Bhikaji Cama Place New-Delhi-
: 2002
Yes
Yes
Yes
Yes
Yes
: 20
: 10
: 69
: 99
Organization can add categories based on project
40
100
30
40
:
0
17
3
0
15
32
security audits in Government and
Total experience
in information
security related
activities
(years)
16.7
CISM
2 Vipul Mathur Mumbai 06-2009 ISO 27001 LA

3 Anil Govindu Mumbai 02-2012 ISO 27001 LA
ISO 27001 LA,
ISO 22301 LI,
CISA
4 Chiragali Peerzada Mumbai 12-2013
ISO 27001 LA,
5 Neeraj Rathi Mumbai 01-2014 ISO 22301 LI
6 Sunil Sharma Mumbai 09-2014 ISO 27001LA

7 Suresh Mishra Mumbai 02-2015 ISO 27001 LA
ISO 27001 LA
8 K Harisaiprasad Delhi 02-2016 ; CISA
Navin Kumar Pandey ISO 27001 LA,

9 Delhi 09-2016 ITIL
10 Praful Mathur Delhi 10-2016 ISO 27001 LA

11 Deepak Pandita Delhi 10-2016 CEH
12 Malay Toprani Mumbai 10-2016 ISO 27001 LA
13 Dinesh Usnale Mumbai 10-2016 CEH
14 Niraj Nerurkar Mumbai 04-2017 ISO 27001 LA
15 Prakash Salunkhe Mumbai 08-2017 ISO 27001 LA
16 Varsha Bhale Mumbai 09-2017 CEH
17 Aamir Peerzada Mumbai 04-2018 ISO 27001 LA
18 Divya Mhatre Mumbai 07-2018 ISO 27001 LA
19 Shruti Kulkarni Mumbai 09-2018 CEH
20 Akshay Patil Mumbai 10-2018 CEH
21 Vaibhav Bhagat Mumbai 10-2018 CEH
CEH, CND, CHFI
22 Rohit Hire Mumbai 11-2018
23 Ganesh Mane Mumbai 12-2018 OSCP

24 AnishaGokuldas Mumbai 12-2018 ISO 27001 LA
Certified SOC
25 Sanjay SV Bangalore 12-2018 Analyst,CEH
26 Kamalteja Kasturi Bangalore 12-2018 CEH

27 Seema Jaybhaye Mumbai 01-2019 CEH
ISO 27001
LA:2013; ISO
22301 LA; CEH;
CISA
28 Prathik Shanbhag Mumbai 01-2019
29 Vaibhav Chavan Mumbai 03-2019 CEH
30 Dipali Bhanushali Mumbai 03-2019 ISO 27001 LA
31 Tushar Rasam Mumbai 04-2019 CEH
32 Shweta Walhekar Mumbai 06-2019 CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, location
project value.
 Bajaj Finserv- Consulting for ISO 27001.
 Airport Authority Of India- Consulting for ISO 27001, IS Audit, VA PT( Network and a
 Union Bank of India - Consulting For ISO 27001 and ISO 22301
 State bank of India - VA PT( Network and application)
 Crisil - Consulting for ISO 27001, IS Audit, VA PT( Network and application)
10. Outsourcing of Project to External Information Security Auditors/Experts : No

*Information as provided by Mahindra Special Services Group (A Division of Mahindra Defen
26th December 2019
Ba
10.8
17.0
11.0
21.0
41.0
18.9
12.5
6.5
8.0
4.5
15.0
5.9
9.10
8.6
3.10
6.0
2.0
4.7
2.0
2.7
1.0
9.11
1.0
1.7
3.10
3.0
5.9
7.5
6.5
2.10
3.8
erms of volume, complexity, locations etc.) along with
1, IS Audit, VA PT( Network and application)
22301
ork and application)

al/ freeware/proprietary):
uditors/Experts : No
tc.))
ve details : No
d organization? : No
: No
oup (A Division of Mahindra Defence Systems Limited) on
Back
M/s Cigtial Asia Pvt Ltd
Cigtial Asia Pvt Ltd,
Bangalore 560029

 Network security audit : (Y)
 Web-application security audit : (Y)
 Wireless security audit : (Y)
 Compliance audits (ISO 27001, PCI, etc.) : (N)
Govt : 6
PSU : 0
Private : 2110
Total Nos. of Information Security Audits done : Around 2000
handled by them)
Web-application security audit : About 2081
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:OSCP, CEH, Internal Certific
No. Cigital Security Information security
1 Somnath Neogi Guha > 10 Years >12 Years CEH, OSCP
2 Yamel Patel > 2 Years > 2 Years CEH, OSCP

3 Anupam Sain > 10 Years >10 Years CEH
4 Sourav Bhadra > 8 Years >8 Years CEH
5 Darshan V > 3 Years >1 Year CEH
6 Jeevan Kumar > 2 Years >2 Years CEH
7 Pravat Sahoo > 1 Year >1 Year CEH
Organization:
: 2004
: (Y)
: (Y)
: (Y)
: (N)
10
ound 2000
ut 2081
: 0
: 0
: 0
: 0
CEH, Internal Certifications
: 60

8 Siddharth Bavisker > 2 Years > 2 Years CEH
project value.
Customer Volume Complexity Location Approximate
Project Value
One of the largest Mobile applications Critical business Onsite Mumbai, INR 4.5Mn
Private bank in India Applications Bangalore and
Remote (from
Bangalore)
One of the Instructor led trainings On selected New Delhi INR 600K
Government technologies
Autonomous
organizations India
One of the Insurance Red Teaming, Complex business Onsite and remote INR 2.5MN
companies in India consulting, mobile and applications and red locations in
web application teaming assignments Bangalore
assessments
One of the Software Web Applications, High complex business Onsite at client INR 6.5MN
products company Architecture risk applications location in Bangalore
based in Bangalore analysis and Advanced
Pen testing
One of the Global IT Network Testing Internal and external Remote location in INR 1.5MN
Services and Support Bangalore
company focused on
Financial Services
market

1. IBM App Scan
2. Burp Suit Pro
3. SSLizer
4. Nessus
5. N Map
6. Wire shark
7. TCP Dump
8. IGT
9. WinSCP
10. Drozer
11. Hooper
12. APK Debug
13. SQLI Browser
14. Protecode SC
15. Protecode ES
16. Coverity
17. SQL Map
(If yes, kindly indicate mode of arrangement (MoU, contr
*Information as provided by Cigital Asia Pvt Ltd on 24/03/2017
Bac
e/proprietary):
Experts: No
rrangement (MoU, contract etc.))
Back
M/s HCL Comnet Ltd.
HCL Comnet Ltd.
 Mobile Application Security: 3 UPI and BFSI
 Forensic Audit: in BFSI sector
Govt. : 7 Large Govt. Cust

PSU : 2 Large PSU
Private : 6 large Private Ent
5. Number of audits in last 12 months , category-wise (Organization can add categories

handled by them)
Network security audit : 50000 Servers/infra, 100+ firewall audits
Web-application security audit : 1500+ Wireless security audit : 30+
Compliance audits (ISO 27001, PCI, etc.) :5 ISO 27001:2013, 1 PCIDSS v3.2 Certification
Application Source Code Review 6

CISSPs : 5
BS7799 / ISO27001 LAs : 25 LAs
CISAs : 10
CISMs : 5
Star Certified (Cloud Security) : 10+
OSCP : 2
Any other information security qualification:5 CEH, 10 ISO 22301 LAs, OE
Qualys, RSA, Checkpoint, CISCO, Juniper Certified) Total Nos. of Technica
: 35+ resources
Employee <organizati on> Information
Security
s and competence of CERT-In empanelled Information Security
sation
rmation Security Auditing Organization:

net Ltd.
s since : 2008
more if required)
: Y
: Y
: Y
) (Y/N) : Y
FSI
in last 12 Months :
: 7 Large Govt. Customers

: 2 Large PSU
: 6 large Private Enterprise
n Security Audits done : 30+
tegory-wise (Organization can add categories based on project
000 Servers/infra, 100+ firewall audits

00+ Wireless security audit : 30+
ISO 27001:2013, 1 PCIDSS v3.2 Certification
mationsecurity audits :
5
25 LAs
10
5
10+
2
ecurity qualification:5 CEH, 10 ISO 22301 LAs, OEM Certifications (Skybox,
t, CISCO, Juniper Certified) Total Nos. of Technical Personnel
for information security audits in Government and Critical sector
Qualifications
related to
Information
1 Sandeep 10+ years 9+ years
Kumar Pasi
2 Ashwani 2.8 Years 2+ Years
3 Nitin Sharma 4.9 Yrs 3 Yrs
4 Saurabh 2 Years 6+ Years

Mishra
5 Nand Kishore 2.7 Years 6 years
Kumar
6 Roopesh 10+ years 9+ years
Ramakris
hna Kamat
7 Mohan Raj 2.1 Yrs 5 Yrs

Venkates an
8 Satish 2 years 2 years

Rangabha tla
9 Ashish 1 year 8 7+ Yrs

Chauhan months(app rox.)
10 Sikha moni 2+ Years 6+ Years

Bhuyan
11 Kshitij Kishore 10+ years 9+ years

Bharadwa j
12 Abhishek 7 Yrs 5 Yrs

Kumar
project value.
1. SBI Security Operations Center – 40000 + infrastructure for V
websites (quarterly), approx. 50 firewalls monthly, ISO 27001:20
Archer GRC Secops integration with SIEM and Nessus – all SBI Br
DC/DR – Approx. 46 Cr.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Qualysg
Appscan, HP Fortify, Skybox, Nipper, Nessus, Nexpose, Metasploit, Kali Linux, Open Source To
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No : No (

mode of arrangement (MoU, contract etc.))
*Information as provided by HCL Comnet Ltd. on 23-03-2017.
Ba
security
ISO 27001-2013,
QGCS
CCNA,
QGCS,BCMS
CEH,ISO 22301,
QGCS, PCI-
DSS from SISA
CEH, QGCS
CEH and QGCS
ISO 27001-2013
ISO 27001:2013,
CEH, ITIL
ISO 27001-2013 LA
ISO 27001-2013 LA
ISMS, BCMS,
ITIL, COBIT, PCI-
DSS
from SISA
ISO 22301, QGCS
CISSP, CISA,
CISM, ISO
27001:2013,
ISO 22301
s of scope (in terms of volume, complexity, locations etc.) along with
y Operations Center – 40000 + infrastructure for VA (quarterly), 300

erly), approx. 50 firewalls monthly, ISO 27001:2013 certifications, RSA
ops integration with SIEM and Nessus – all SBI Branches terminating at
x. 46 Cr.
used (commercial/ freeware/proprietary): Qualysguard, Accunetix, IBM
, Nexpose, Metasploit, Kali Linux, Open Source Tools
mation Security Auditors / Experts : Yes/No : No (If yes, kindly indicate
Ltd. on 23-03-2017.
Back
M/s Lucideus Tech Pvt. Ltd.
Lucideus Tech Pvt. Ltd.
● Network security audit (Y/N) : Yes
● Web-application security audit (Y/N) : Yes
● Wireless security audit (Y/N) : Yes
● Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
Govt. : 5
PSU : 3
Private : 30

Network security audit : 5000+ IP Addresses
Web-application security audit : 1000+ Web Applications

CISSPs : 0
BS7799 / ISO27001 LAs : 1
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : OSCP, LCEH, MCP
S. No. Name of Employee Duration with Experience in Information
Lucideus Security
1 VB 4.5+ Years 7+ Years

2 RT 3.5+ Years 7+ Years
3 RD 1.5+ Years 2.5+ Years
4 MK 1+ Years 2.5+ Years
5 AJ 3+ Years 5+ Years
ation
mation Security Auditing Organization :

.
since : 2012
more if required)
: Yes
: Yes
: Yes
etc.) (Y/N) : Yes
last 12 Months :
: 5
: 3
: 300+
Security Audits done : 45+
egory-wise
: 5000+ IP Addresses
: 1000+ Web Applications
: 150+
: 40
ation security audits :

0
1
0
0
OSCP, LCEH, MCP
40+
or information security audits in Government and Critical sector
LCEH
LCEH
LCEH
LCEH
LCEH
project value.
● One of India’s biggest retail payment system
Activities - Secure Code review, Application security assessment, Network
Configuration Review, DDoS Testing.
● One of India’s Leading e-commerce platform
Activities - Continuous Web Application security
Penetration Testing, Online Reputation Managemen
etc.
● One of India’s Leading FMCG Companies
Activities - Application security assessment, Network Architecture review,
Risk Assessment
● One of India’s Leading Aviation Companies
Penetration Testing
● One of India’s Leading Defence Organisation
Activities - Application security assessment, Network Architecture review,
Risk Assessment
● One of India’s Leading Private Banks
Penetration Testing
Web Application Source Code
Review Network VAPT Web Application VAPT
● CheckMarx ● Burp Suite

● MS CAT ● OWASP Zap
● FxCop ● Skipfish
● OWASP SWAAT ● Arachini
● RIPS ● Xenotix
● LAPSE+ ● Nmap ● BeeF
● Visual Studio and other ● Nessus ● Tilde Scanner
IDE ● OpenVAS ● Nikto
● Metasploit ● SQL Map
● W3af
● Dirb
● Nessus (for Web App
Scanning)
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No :

NO ( If yes, kindly indicate mode of arrangement (MoU, contract etc.))
*Information as provided by Lucideus Tech Pvt. Ltd. on 25th March, 2017.
Ba
stem
rity assessment, Network Architecture review,
form
Web Application security assessment, Network
e Reputation Management, Secure Code review
work Architecture review, Configuration Review,
ies
ation
work Architecture review, Configuration Review,
are/proprietary):
Experts : Yes/No :
U, contract etc.))
arch, 2017.
Back
M/s Sandrock eSecurities Private Limited
Sandrock eSecurities Private Limited
E-46, Rani Garden Extension, Shashtri Nagar, Delhi - 110031
 Webapplication security audit : Y
 Compliance audits (ISO 27001, PCI, etc.) : N
Govt.
PSU
Private

handled by them)
CISSPs
BS7799 / ISO27001 Las
CISAs
DISAs / ISAs
Any other information security qualification
1 Rachna Agarwal April 2014 5 Years
2 Ankush Garg June 2015 4 Year Diploma in Cyber Law
3 Daman Preet June 2015 4 Year

project value.
rganization :
Delhi - 110031
: 2011
: Y
: Y
: Y
: N
: 50+
: 5+
: 2
udits done : 50+
5+
50+
0
0
: 0
: 0
: 0
: 0
cation : 2
: 3
e/proprietary):
Burp Suite Commercial
Nmap Freeware
Nikto Freeware
Mozilla Firefox with Security Add-Ons Freeware
Web Scarab Freeware
Sqlmap Freeware
Cain and Abel Freeware
W3af Freeware
HTTrack Freeware
Nessus Commercial
Metasploit Freeware
Nexpose Freeware
Brutus Freeware
MBSA Freeware

*Information as provided by Sandrock eSecurities Pvt. Ltd. on 23-Dec-19
Ba
Experts : No
ract etc.))
tails : No
tion? : No
: No
23-Dec-19
Back
M/s VISTA InfoSec
VISTA InfoSec,
001, North Wing, 2nd Floor, Neoshine House,
Opp. Monginis Factory, Link Road, Andheri (West), Mu
India.
 Compliance audits (ISO 27001, PCI, etc.) : (Y)

Govt.
PSU
Private
5. Number of audits in last 12 months

Sr. No Category Client Name
1 Pvt. K-Raheja
2 Pvt. KJSB
3 Pvt. SAASANT
5 Pvt. Xander
6 Pvt. HEVO Data
7 Pvt. 3DI Systems
8 Pvt. USEReady
9 Pvt. PARKAR Consulting
10 Pvt. Answer iQ
11 Pvt. JNET Technologies
12 Pvt. Hansa Management Services

shot of skills and competence of CERT-In empanelled Information Security
ting Organisation
panelled Information Security Auditing Organization :

VISTA InfoSec,
001, North Wing, 2nd Floor, Neoshine House,
Opp. Monginis Factory, Link Road, Andheri (West), Mumbai, Maharashtra,
India.
ecurity Audits since : 2004
ry wise (add more if required)
: (Y)
dit : (Y)
: (Y)
001, PCI, etc.) : (Y)
carried out in last 12 Months :

Govt. : 30+
PSU : 45+
Private : 140+
months
Project
Regulatory Compliance Audit

13 Pvt. KARCO Regulatory Compliance Audit
14 Pvt. Orbund Regulatory Compliance Audit
15 Pvt. KL HI-TECH Regulatory Compliance Audit
16 Pvt. Belong Regulatory Compliance Audit
17 Pvt. Fino Regulatory Compliance Audit
18 Pvt. Continuum Regulatory Compliance Audit
19 Pvt. DCI Indonesia Regulatory Compliance Audit
20 Pvt. CompensationCloud Regulatory Compliance Audit
21 Pvt. Pragma Edge Regulatory Compliance Audit
22 Pvt. OPPO Regulatory Compliance Audit

CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security qualification:PCI QSA, CRIS
Sr.No. Name of Employee Duration with Experience in
VISTA Information Qualifications related to
InfoSec Security Information security
1 SrushtiMohadikar Jun-14 5 CCNA R&S, CEH, PYTHON
2 Rohan Bangera Apr-12 7 CISC, CPFA, CPH NxG
3 SachinPagare Nov-15 4 CAST, CEH, ECSA
4 MayurPatil Nov-15 4 CEH,
5 Anshuman Dubey Aug-14 5 ISMS LA
6 BhagyashreeMulgund Jan-13 6 PRISM
8 Vibha Yadav Nov-13 6 ISMS LA, Diploma in

Certified, Manager in
ance Audit
ance Audit
ance Audit
ance Audit
ance Audit
ance Audit
ance Audit
ance Audit
ance Audit
ance Audit
92+
105+
30+
80+
dits :
4
8
3
1
urity qualification:PCI QSA, CRISC, CEH, OSCP
rsonnel : 61
ualifications related to
nformation security
CNA R&S, CEH, PYTHON
CISC, CPFA, CPH NxG
CAST, CEH, ECSA
CEH,
ISMS LA
PRISM
ISMS LA, Diploma in

Certified, Manager in
9 Rohan Patil Aug-05 14 eCPPT
10 Narendra Sahoo Dec-04 25 CISSP, CISA, ISMS LA,

CRISC
11 SaruChandrakar Oct-12 7 CISA, ISMS LA
12 Anil Yadav Feb-14 6 CISC
13 Pravin K Nov-06 13 CISA, CISSP
15 Sneha Karan Jan-16 3 CEH
16 ShaileshWagh Feb-16 3 CEH
17 NirajYewlekar May-17 2 CCNA, CCNP
18 DevduttaGawade Jun-17 3 CCNA, MCSA Server 2012
19 SnehaDessai Aug-17 4 CEH
21 AshutoshMastud Jun-17 7 ISO 27001 LA, CCNA
22 Samarth Nigam Aug-17 2 ISO 27001 LA,ITIL

Foundation
24 Abhishek Ghorpode Apr-17 3 ISO 27001 LA
25 Xavier Sahaya Jan-16 18 ISO 27001 LA
26 UdayNarkhede Feb-16 3 ISO 27001 LA
27 Simran Singh May-17 4 Masters in Cyber Law
28 Kranthi Kumar Ragula Jun-17 3 ISO 27001 LA
29 Rakesh Jaiswal Aug-17 2 ISO 27001 LA
30 Vijay Thakur Aug-17 3 ISO 27001 LA
31 Syed Asad Feb-16 3 CEH
project value.
Projects Volume Complexity Locations
DCI End to regulatory The largest data center in Indonesia

Compliance Indonesia
JNET End to regulatory A prominent data analytics Hydrabad, India

Compliance company
GPPJSB–Compliance Endtoend compliance One ofthelargest Co- 75locationsacross

Management operativebank Maharashtra
KRahejaCorp.– EndtoEnd Compliance. One ofthelargest Real Mumbai

Compliance Management EstateCompany in India
eCPPT
CISA, ISMS LA,
A, ISMS LA
CISC
SA, CISSP
CEH
CEH
NA, CCNP
CSA Server 2012
CEH
001 LA, CCNA
7001 LA,ITIL
oundation
O 27001 LA
O 27001 LA
O 27001 LA
s in Cyber Law
O 27001 LA
O 27001 LA
O 27001 LA
CEH
olume, complexity, locations etc.) along with

NPCI –Compliance EndtoEnd Compliance Umbrella Organisationfor Mumbai,Chennai,
Management all retail payment Hyderabad
systemsin India
Parkar Consulting End to End Regulatory A prominent data analytics Pune, India & USA
compliance company

o Rapid7 NeXpose
o IBM Rational AppScan
o NESSUS
o GFI Languard.
o Acunetix WVS.
o QualysGuard.
o BurpSuite.
o MetaPacktPublishingoit.
o Nikto.
o Wikto.
o BackTrack Security Distro.
o Paros Proxy.
o Nmap.
o Exploits DB from “astalavista”, “packetstormsecurity”, “exploitdb” etc.
o Google Hack DataBase.
o Inhouse customized Scripts.
o Zero Day Scripts / Exploits.
o Other Tools (As when required by the type of work).
10. Outsourcing of Project to External Information Security Auditors / Experts: No (If yes,

We have Virtual offices in USA and Singapore
*Information as provided by VISTA InfoSec on 21/12/2019
Ba
are/proprietary):
xploitdb” etc.
Experts: No (If yes, kindly provide oversight
tails : No
nization? : No If yes, give details
: Yes
Back
M/s Sify Technologies Limited
Sify Technologies Limited.
2nd Floor, TIDEL Park, #4, Rajiv Gandhi Salai, Taramani, Chennai-600113

 Process Audit : (Y)
 Mobile Application Security Audit : (Y)
Govt. :
PSU :
Private :

Process Audit : 1
Mobile Application Testing : 1

CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
(CEH)
(2 associates holding dual certifications)
Sify Information Information security
Security
1 Ganesh Balaraman 2.4 years 20 CISSP , CEH

2 Karthik P 9 months 14 ISO 27001 Lead
Auditor
Organization:
nai-600113
: 2004
: (Y)
: (Y)
: (Y)
: (Y)
: (Y)
: (Y)
: 1
: 1
: 11
: 13
: 7
: 4
: 0
: 0
: 1
: 1
: 1
: 2
: 0
: 0
: 4
: 5

3 Nandhini Nithiyanandam 2.5 years 8.5 CEH , ISO 270001
Lead Auditor
4 Madheshan G 11 months 3.5 CEH
5 Caleb Ranjith 3 months 2.5 CEH
project value.
Company Name Complexity Volume Project Value
SANMAR Penetration Testing – Quarterly for 4 years Confidential

Vulnerability Assessment Bi-Annually for 4 years
Process Audit for 4 years

Acunetix, Nexpose,Nessus, Metasploit, Nmap, BurpSuite, Kali Linux, OWASP Zap
A Sify technology is headquartered in Chennai with sales offices Pan India, USA
Singapore.
*Information as provided by Sify Technologies Limited on2nd January 2020
Ba
Project Value
al
are/proprietary):
Linux, OWASP Zap
/ Experts : No
tails : No
ation? : No
: Yes
offices Pan India, USA, UK, Dubai and
anuary 2020
Back
M/s Locuz Enterprise Solutions Ltd.
Locuz Enterprise Solutions Ltd.401, Krishe Sapphire, Main Road, Madhapur, Hyderabad – 500081. P
2. Carrying out Information Security Audits since : August 200

 Compliance audits (ISO 27001, PCI, etc.) : Y

Govt. :
PSU :
Private :

handled by them)
Cloud Security :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
1 Mr R Nageshwar Rao 6 + Years 7.5 + years CEH, CCSA, ISMS

Naik Trained
2 Mr. Sashidhar 4 +years 4 +years CEH,ISO
Somireddy 7001:2015 LA-
ecurity Auditing Organization:

Main Road, Madhapur, Hyderabad – 500081. Phone #: +91-40-45004600 | Fax #: +91-40-45004601.http://www.locuz.com
: August 2001
quired)
: Y
: Y
: Y
: Y
Months :
: 40
: 02
: 12
mation Security Audits done :
se (Organization can add categories based on project
9
37
5
1
2
urity audits :
: 1
1 LAs : 2
: NIL
: NIL
ion security qualification : 12
nical Personnel : 15
CEH, CCSA, ISMS

Trained
CEH,ISO
7001:2015 LA-
Certified
3 Uttam Mujumdar 14 + Years 11 +years CISSP
4 Narendra Nath Swarna 5+ Years 5+ Years LA ISO 27001:2005
5 Milind Mistri 5+ Years 4 + Years CCIE Security

6 NIHAL 3 + years 2 +years CCIE Security
7 Chandan 3 + Years 3 + Years CCIE Security
Along with project value.
Client Location Activity Period Locations Value

Name
Tasec Mumbai Security Assessment, 2016-2017 2 locations Confidential
Vulnerability Assessment,
Breach assessment, Social
Engineering, Firewall
Configuration review
LVGI Mumbai Vulnerability Assesment and 2016-2017 1 Location Confidential

Penetration Testing (Both
Internal And External )
Eros Mumbai Security Assessment, 2016-2017 1 Location Confidential

International Vulnerability Assessment, IT
Infrastructure Consulting
Services &
Gap Analysis
Ness Bangalore Vulnerability Assesment and 2016-2017 3 Locations Confidential

Technologies Penetration Testing (Both
Internal And External )

Nmap Superscan
Metasploit & Securityforest - Penetration Testing
Process explorer, Sigcheck, Kproccheck - Windows Kernel & malwa
Netstumbler & Kismet – WLAN Auditing Nikto - Web server vulnera
SQLMap – SQL Injections
Wireshark – Protocol Analyzer BackTrack tools
Burp Proxy Nessus

(If yes, kindly indicate mode of arrangement (MoU, contract etc.))
*Information as provided by Locuz Enterprise Solutions Ltd. on 27th March 2017
Bac
M/s Digital Age Strategies Pvt. Ltd.
Digital Age Strategies Pvt. Ltd.
Registered Office # 28, "Om Arcade", 2nd & 3rd Floors Thimmappa Reddy Layout, Hulimavu
Bannerghatta Road Bangalore – 560076
2. Carrying out Information Security Audits since : 8th March, 2
 Network Information security policy and
Against best security practices : Yes
 Process Security Audit : Yes
 Internet Technology Security Audit : Yes
 Communications Security Audit : Yes
 Internet & Mobile Security Testing : Yes
 Physical Access Controls & Security Audit : Yes
 Software Vulnerability Assessment Audit : Yes
 Penetration Testing : Yes
 Business Continuity Planning / Disaster Recovery Audit : Yes
 CBS/Core/ERP Application Audits : Yes
 Software Asset Management Audit : Yes
 Sarbanes’ Oxley Act (SOX) Audit : Yes
 Application & Data Migration Audit : Yes
 Application Source Code Review : Yes

 Govt. : 680
 PSU : 571
 Private : 62
them)
 Network security audit : 110 +
 Web-application security audit : 370+
 Wireless security audit : 06 +
 Compliance audits (ISO 27001, PCI, etc.) : 270+
 Network Information security policy Audit against
best security practice : 160+
 Internet Technology Security Audit : 50+
 Mobile Security Testing : 130+
 Physical Access Controls & Security Audit : 350+
 Vulnerability Assessment Audit : 450+
 Penetration Testing : 250+
me, complexity, locations etc.)
re/proprietary):
ting
dows Kernel & malware detection
- Web server vulnerability scanner
Experts : No
tc.))
March 2017
Back
Organization :
ddy Layout, Hulimavu
: 8th March, 2004
s
s
0
1
10 +
70+
6+
70+
+
0+
0+
0+
0+
 Business Continuity Planning / Disaster Recovery Audit : 80+
 CBS / Core / ERP Application Audits : 40+
 Application & Data Migration Audits : 20+
 Application Source Code Review : 160+
 CISSPs : 03
 BS7799 / ISO27001 LAs : 26
 CISAs : 16
 DISAs / ISAs : 01
 Any other information security qualification :
 CEH / CHFI : 38
 BCMS/Las : 05
 CISM : 05
 CRISC : 03
 OSCP : 01
 OSCE : 01
 OSWP : 01
 Total Nos. of Technical Personnel : 57
As per the Annexure – A Manpower List Enclosed
project value.
1. Andhra Bank – Rs. 43,90,000/-
 IS Audit of all IT Areas including VA & PT.
2. Dena Bank – Rs. 42 Lakhs Approx.
 Continuous IS Audit, IS Audit of all IT areas & VA PT
3. LIC of India – Rs. 30 Lakhs Approx.
 Online Scanning of Web Application, Web Application firewall
4. Allahabad Bank – Rs. 40 Lakhs Approx.
 Online Scanning, Monitoring of, Anti phishing Attack
5. GNCTD - Delhi e-Governance – Rs. 45 Lakhs Approx.
 Continues VA & PT of IT Assets and Applications.
6. Reserve Bank of India, HO Mumbai
 CBS Data Migration Audits of RBI across the Country from Au
 Vulnerability Assessment & Penetration Testing for RBI Netwo

Value of order Rs. 68.70 Lacs + Rs. 1.20 Lacs.
 Reserve Bank of India, RTGS Application Data Migration Audit
Value of order Rs. 13.20 Lacs
7. ONGC, Govt. of India – Paperless Office Implementation – Third Party Au
Infotech Ltd., for 2017-2018.
8. Odisha Power Transmission Corporation Limited (OPTCL), Govt. of Odisha
IT Security Auditor including ISO 27001:2013 Implementation for OPTCL/GRI
2017 – 2023. Value of Order Rs. 27.43 Lacs Approx.
9. Central Bank of India, Mumbai
• Cyber Security Audit and Comprehensive Audit of CBS Project & other Appl
Value of Order Rs 14.50 Lacs Approx.
10. Federal Bank Ltd. Kerala
• IS Audit of IT infrastructure, VAPT and Concurrent Audit of Data Center, IT
Operations Department of the Bank 2016-18. Value of Order Rs
15.50 Lacs Approx.
11. Ministry of Finance & Economic Affairs, Government of The Gambia 2015
• ICT Audit covering Data Centre, Disaster Recovery Site, Audit of Epicore Co
of Nine Applications, Vulnerability Assessment and Penetration Testing of the
all IT Assets. GapList of Information Security Audit Tools used ( commercial/
Assessment against COBIT Version 5.0, Gap Assessment against ISO 27001:
Risk Assessments, Future Capacity Plan, Way Forward Initiatives for IT etc. V
Lacs.
12. Bank of Uganda

• Attack & Penetration Testing of Bank of Uganda during 2016 – 17 etc. Valu
Lacs.
13. Nashik Municipal Corporation
• Security Audit of Softwares and Network System for 2015-16. Value of the
14. Indian Bank
• IS Audit of all areas of Audit like DC, DRS, Treasury, ATM Internet Banking
including ITMS Migration Audit, CAAT Tools Evaluation, Capacity Planning, Ris
Review, VA & PT of entire Bank etc. for 2015 -16 & 2016-
17. Value of the Order Rs. 24 Lacs.
15. Canara Bank, Head Office, Bangalore
• Vulnerability Assessment and Penetration Testing for Bank’s Network, Serv
Websites etc from 2016 to Till date . Value of order Rs. 15 Lakhs.
16. Corporation Bank

• Comprehensive Audit of Bank's Data Center, IT Applications, IT Network, a
Assurance of the IS Audit Function including VA & PT for 2015- 16. Value of o
17. Wipro - Data Migration Audit of 803 Branches of RRBS of UCO Bank acros
Rs. 32.12 Lacs.
18. Allahabad Bank, HO, Kolkata

• CBS Data Migration Audit for 586 branches of two RRBs sponsored by Allahabad Bank for the
13. Value of order Rs. 35.36 Lacs.
19. Canbank Computer Services Ltd., a Subsidiary of Canara Bank
• Core Banking Solution Migration Audits of 805 RRBs of Canara Bank for 2011-12 on behalf o
Rs. 56.66 Lacs.
I. Commercial Tools
1. Nessus Pro
2. FTK
3. N Case
4. Burp Suite Professional
II. Open Source

1. Kali Linux
2. Nmap
3. Wireshark
4. OWASP ZAP
5. Paros
6. Web Scarab
7. coSARA
8. Network Stumbler 9.Aircrack suite
10. Nikto
11. Cain and Abel
12. MBSA
13. L0phtcrack: Password Cracker ver. 6.0
14. BackTrack
15. OpenVas
16. W3af
17. Directory Buster
18. SQL Map
19. SSL Strip
20. Tamper Data
21. FOCA
III. Proprietary Tools
1. Web Cracker Ver. 4.0
2. Network Mapper Ver. 4.8
3. Filter It - Ver. 3.0
4. SQL Checker Ver. 2.0
5. Inject Script Ver. 3.0

11. Whether organization has any Foreign Tie-Ups? : No
13. Locations of Overseas Headquarters/Offices, if any : NI
*Information as provided by Digital Age Strategies Pvt. Ltd., on 20-12-2019
Bac
+
+
+
0+
PT
on firewall
ck
ox.
ss the Country from August 2011 to 2013.
n Testing for RBI Network & Web application.

acs.
on Data Migration Audit during 2015- 2016.
ntation – Third Party Auditor (TPA) for L&T

OPTCL), Govt. of Odisha, Bhubaneswar.
entation for OPTCL/GRIDCO/SLDC Audit for
BS Project & other Applications 2016 – 2017.
udit of Data Center, IT Department and

Order Rs
nt of The Gambia 2015 - 16

ite, Audit of Epicore Core Application, IS Audit
netration Testing of the entire network covering
ols used ( commercial/ freeware/proprietary):
ent against ISO 27001:2013 Standard, detailed
Initiatives for IT etc. Value of the order Rs. 48
ng 2016 – 17 etc. Value of the Order Rs. 46
2015-16. Value of the Order Rs. 15.60 Lacs.
ATM Internet Banking, Mobile Banking

, Capacity Planning, Risk Assessment, Policies
16-
r Bank’s Network, Servers, Applications,

. 15 Lakhs.
ications, IT Network, and Independent

or 2015- 16. Value of order Rs. 17 Lakhs
RBS of UCO Bank across India. Value of order
Allahabad Bank for the year 2011-12 & 2012-
or 2011-12 on behalf of CCSL. Value of order
e/proprietary):
Experts : No
: No
on? : No
: NIL
2-2019
Back
Annexure
Details of technical manpower deployed for information security audits in Government and Critical sector organ
S. Name of the Working with the Total experience in

No. Employee orgization since information security
(month & year) related activities
(years
)
1 Mr. Dinesh S. Shastri 23 Years
March, 2004
2 Mr. Subhash Rao P June, 2017 19 Years
3 Mr. Ravi Saxena February, 2019 16 Years
4 Mr. Narendra Rao T. J. February, 2015 08 Years
5 Mr. M. L. August, 2015 16 Years

Venkataraman
6 Mrs. Aparna Patil July, 2017 10 Years
7 Mr. Chandrasekharaiah March, 2005 13 Years

T. G.
8 Mr. Natesh Rao B February, 2009 12 Years
9 Mr. Vishwas B. Utekar April, 2014 19 Years
10 Mr. L. R. Kumar September, 2015 16 Years
11 Mr. Suresh Sundaram August, 2016 21 Years
12 Mr. Soundarajan S. G. December, 2015 18 Years
13 Mr. K. S. August, 2017 18 Years

Bhandarkar
14 Mr. Manjunath Babu April, 2016 18 Years
15 Mr. Jaiprakash J. L. April, 2014 18 Years
16 Mr. Anil Thomas December, 2015 08 Years
17 Mr. Jayaprakasha Gopal September, 2019 08 Years

Reddy
18 Mr. V. Gourishankar December, 2017 22 Years
19 Mr. Rajgopal Tholpadi S. November, 2013 18 Years
20 Mr. H. P. March, 2004 18 Years

Ramakrishna
ecurity audits in Government and Critical sector organizations
Information Security related qualifications

(CISSP/ISMS LA / CISM/ CISA/ ISA etc., state as
applicable)
ISO 27001 ISMS L. A & ISO 22301 BCMS L. A, ISO

20001 ITSM L.A, CISA, CEH, CHFI, CISM, CSQA, COBIT
Ver. 5.0 Certified, FCMA, FCS.
BE, MBA, Chief Software Architect, CEI, CEH, CHFI,

ISO 27001 LA
CISA, CISSP, PMP, CISM, ISO 27001 LA
M.Tech, CEH, CHFI
CISA, CISM, CRISC, CGEIT, ISO 22301 BCMS

L. A
BE, CISA, CEH, CHFI, CCNA, CCNP, CCDP,
Cisco ASA, ITIL, Green Belt, ISO
27001:20103 LA.
CISA, FCA ISO 27001 Lead Auditor, Oracle Data Base
trained SAP Consultant.
DISA, ACA.
CISA, CEH, ISO 27001 L. A, ISO 22301 BCMS

L. A.
CISA, MCA, CEH, CQA, PMP, ISO27001 LA.
DCS, CISA.
CISA, CISSP.
CISA, ISO 27001 LA.
CISA, ISO 27001 LA.
ISO 27001 LA, CQA, PMP, 6 Sigma Green Belt, ISO

22301 BCMS L. A.
CISA, CEH, ISO 27001:2013 ISMS LA, ITIL V3, SSAE,
HIPAA, COSO, COBIT 5, NIST SP 800- 53.
MBA, CEH, ISO 27001 LA, ITIL V3.
BSC, MSC, CISA.
CISA, ISO 27001 LA, ISO 9001 LA, ISO 22301

BCMS L. A, 6 Sigma Green Belt, PMP.
ISO 27001 Lead Auditor.
21 Mrs. Padmashree S. August, 2014 16 Years
22 Mr. Subramanya Tantri November, 2018 11 Years
23 Mr. Patrick Oswald Pinto December, 2016 16 Years
24 Mr. Sridhar Pulivarthy December, 2016 17 Years
25 Mr. Pranab Jyoti Roy August, 2017 7 Years
26 Mr. Dhanraj December, 2018 05 Years

Khandar
27 Mr. Sagar Vilas Gedam July, 2019 05 Year
28 Mr. T. Ranjith Kumar February, 2016 05 Years
29 Mrs. Chitra Srinivasan November, 2017 14 Years
30 Mr. Mohammed Sohail June, 2018 02 Years

Zende
31 Mr. Tousif N. Khazi Oct, 2018 03 Years
32 Mr. Mohammed Sohail M Dec, 2018 03 Years
33 Ms. Rajeshwari Salmani Dec, 2018 02 Years
34 Ms. Rajeshwari K. N. Dec, 2018 02 Year
35 Mr. Mohammed Jishan Dec, 2018 02 Years
36 Mr. Imthiyaz Basri Dec, 2018 08 Year
37 Mr. Saleem Choudary March, 2019 08 Years
38 Mr. Javeed Sarkazi March, 2019 08 Years
39 Mr. Akshay Bandari March, 2019 02 Years
40 Mr. Abhinand Shekar March, 2019 02 Years
41 Mr. Praveen Kumar May, 2019 02 Years

Reddy
42 Mr. R. Arvinth April, 2019 01 Year
43 Mr. Sreenivas Kalyan April, 2019 02 Years
44 Mr. Alisab Havaragi April, 2019 03 Years
45 Mr. Kalluri Ameed April, 2019 01 Year
46 Mr. M. April, 2019 02 Years

Chandramouli
47 Mr. M Shekar May, 2019 02 Years
48 Mr. Sai Krishna Reddy May, 2019 02 Years
49 Ms. Vidyashree June, 2019 03 Years

50 Mr. Saurabhkumar June, 2019 01 Year
Maurya
51 Mr. Tousif Sayyed June, 2019 06 Years
52 Mr. Venkata Ramana June, 2019 05 Years

Mani
53 Mr. Musadique Ahmed August, 2019 2 Years
Tukri
54 Ms. Summaiyya Bagaban August, 2019 1 Year
55 Mr. Sachin R Warad August, 2019 2 Years
56 Mr. Vijay Angadi September, 2019 2 Years
57 Mr. Mohammed Yunus A. December, 2019 12 Years

H
Ba
CISA, CCNA.
CHFI, CAIIB, ISO 27001 Lead Auditor.
PGDCA, CISA, CIA.
BE, CISA, CISSP, ITIL Expert, ISO 27001 LA.
MSc(CS), CEH, CHFI, CCSP, ECSA, CCNA, OSCP,

OSCE, OSWP.
MCA, CEH, ISO 27001 LA
B.Tech, CEH, ISO 27001 LA
M. Tech, CEH
MA, PGDB – HR, ISO 27001 LA, ISO 9001 LA, ISO
14001 LA.
BE, CEH, ISO 27001 LA
BE, CEH, ISO 27001LA.
BE, CEH
BE, CEH
BE, CEH
BE, CEH
BE, CEH
BE, CEH, ISO 27001 L.A.
BE, CEH, ISO 27001 L.A.
BE, CEH
M. Tech, CEH
BE, CEH
M.Tech, CEH
M.Tech, CEH
M.Tech, CEH
B.Tech, CEH
BE , CEH
B.Tech, CEH
B. Tech, CEH
M. Tech, CEH, ISO 27001 LA

B. Tech, CEH, ISO 27001 LA
BE, CEH, ISO 27001 LA
BE, CEH
BE, CEH
BE, CEH
BE, CEH
BE, CEH
BE, Dipl. Network Eng.
Back
M/s MAVERICK QUALITY ADVISORY SERVICES PRIVATE LIMITED
1. Name & location of the Empanelled Information Security Auditing Organization:
Maverick Quality Advisory Services Private Limited 123, Radhey Shyam Park, Sahibab
 Network security audit (Y) : Yes
 Web-application security audit (Y) : Yes
 Wireless security audit (Y) : Yes
 Compliance audits (ISO 27001, PCI, etc.) (Y) : Yes
 Information security policy review and assessment against
best security practices (Y) : Yes
 Information Security Testing (Y) : Yes
 Process Security Testing (Y) : Yes
 Internet Technology Security Testing (Y) : Yes
 Communications Security Testing (Y) : Yes
 Physical Access Controls & Security Testing (Y) : Yes
 Software Vulnerability Assessment (Y) : Yes
 Penetration Testing (Y) : Yes
 Business Continuity Planning/Disaster Recovery Audit (Y) : Yes
Govt. : 39
PSU : 11
Private : 55
handled by them)
Software Vulnerability Assessment : 1
Mobile apps security audit : 4
Compliance audits (ISO 27001) : 23
CISSPs : 1
BS7799 / ISO27001 Las : 8
CISAs : 2
DISAs / ISAs : NA
CEH : 2
CISM : 1
No. MQAS Security Information security
CERT-In empanelled Information Security
g Organization:
ey Shyam Park, Sahibabad – 201005, UP
: 2005
: Yes
: Yes
: Yes
: Yes
Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
39
11
55
105
on can add categories based on project
3
97
1
4
23
1
8
2
NA
2
1
13
1 Ashok Vardhan Aug 2005 13 years ISMS LA
2 Vinit Maheshwari Aug 2005 15 years ISMS LA
3 Anand Sarup Jan 2012 21 years CISA, CISM
Bhatnagar
4 Raj Maheshwari Aug 2005 08 years ISMS LA
5 Sanjeev Gupta Oct 2015 06 years ISMS LA
6 G. Meenakshi Apr 2013 09 years ISMS LA
7 Alok Kumar Pandey Sep 2015 02 years CEH
8 Chandra Kishor Dec 2018 01 year CEH

Sharma
9 Harish Gupta Freelancer, April 18 years CISSP, MCSE, SYMANT
2011 AC Certified, RSA Certified
10 Pushkal Verma Empanelled, 02 10 years ISMS LA

Years
11 Col Sunil Yadav Empanelled, 04 15 years ISMS LA
Years
12 Padmanabhan Empanelled, 02 10 years ISMS LA
Srinivasan years
13 Manish Gupta Empanelled, Jan 08 years CISA, ISO 31000
2014
project value.
TALISMA Corporation Private Limited Rs 6,10000 (Rupees Six Lakhs Ten Thousand)
Freeware Tools Description
Nmap Port Scanner, Fingerprinting

Dontools interrogation tools
Nikto Vulnerability Scanner
Dsniff Facilitate the interception of network traffic normally unavailable to an
attacker
SqlTool Administration tools for SQL Database

Metasploit Exploit Framework
Netcat Network Utility
Ethereal GUI for packet sniffing
SSLProxy, STunnel Tools that allow to run non-SSL-aware tools/programs over SSL
Webinspect CGI scanning,web crawling, etc.

Wireshark Packet Analyzer
Acuentix Free Web Web Vulnerability Scanner and Exploit Tool
Vulnerability Scanner
Commercial Tools
Nessus Pro A free, powerful, up-to-date and easy to use remote security scanner.
Burp Suite HTTP/S Interception Proxy

If yes, gives details
*Information as provided by Maverick Quality Advisory Services Private Limited on 24
Bac
hs Ten Thousand)
are/proprietary):
Experts : No
ract etc.))
tails : No
ation? : No
: No
es Private Limited on 24th December 2019
Back
M/s SecurEyes Techno Services Pvt. Ltd
Organization Name:SecurEyes Techno Services Pvt Ltd., Registered Address:
3rd Floor, 3s, Swamy Towers, 51/27, outer Ring Road, Chinapanahalli, Marathahalli,
Urban, PIN 560037
Corporate Office:
4th Floor, Delta Block, Sigma Soft Tech Park , Whitefield Main Road, Varathur , Banga

 Network security audit - Yes
 Web-application security audit - Yes
 Wireless security audit - Yes
 Comprehensive Risk Management - Yes
 Application Security - Yes
 Vulnerability Assessment - Yes
 Code Security Review - Yes
 Enterprise Architecture Review - Yes
 Development & Review of Policy & Procedures - Yes
 Policy Implementation Review - Yes
 Regulatory Consultancy - Yes
 Custom ISMS Consultancy - Yes
 Training Services - Yes
 User & Identity Management - Yes
 Single Sign On - Yes
 Application Architecture Review - Yes
 Operational Security Guidelines - Yes
 Social Engineering Assessment - Yes
 Setting secure SDLC practice and Code security review - Yes
 Process Security Testing - Yes
 Red Teaming Assessments - Yes
 Physical Access and Environment Security Controls Review - Yes
 Advanced Penetration Resilience Testing - Yes
 Enterprise Security Architecture Review - Yes
Govt. :
PSU :
Private :
handled by them)
, Registered Address:
Chinapanahalli, Marathahalli, Bengaluru (Bangalore)
d Main Road, Varathur , Bangalore - 560066
: 2006
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
w - Yes
- Yes
- Yes
:
457
561
531
1549
 Network security audit :
 Application security audit :
 Wireless security audit :
 Governance, Risk & Compliance (ISO 27001, PCI, etc.) :
 Business Continuity Review :
 Incident Management Review :
 Applications Control Reviews :
 ATM Security audit :
Note: Some of the above audits may have been conducted for the same c
times/duration during the year.
6. Technical manpower deployed for information security audits : 30

CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
CEH :
SANS: CCNA :
CCNP :
SCSA :
ECSA :
S. Name of Duration with SecurEyes Experience in Qualifications related to Information
N Employee Information security
o. Security
1 KK 13 Y 3 M 18.50 CISA, CEH, ISO 27001, GCIH,
2 SKP 13y 3M 17.50 CISA , CEH, SANS, ISO 27001
3 UP 10Y7M 15.00 CISA, ISO 27001
4 ITIL, CCNA , RHCE, Symantec NET

VG 4M 14.50 Backup for Unix, eG certification
5 GMB 4M 13.00 ISO 27001, CEH V8,
6 IMHB 11M 12.00 ISO 27001
7 SND 11Y 3 M 11.00 ISO 27001, CISA, SANS
8 SG 9M 10.00 ISO 27001, CEHV9, CISSP, ECSA,

CRISC
9 MS 7Y8M 7.00 ISO 27001
10 SS 4M 6.10 CCNA
: 152
: 1487
: 2
ISO 27001, PCI, etc.) : 83
: 5
: 5
: 180
: 5
ve been conducted for the same client through different
dits : 30
01
26
06
52
10
02
01
07
101
s related to Information
O 27001, GCIH,
ANS, ISO 27001
001
RHCE, Symantec NET

ix, eG certification
EH V8,
ISA, SANS
EHV9, CISSP, ECSA,

S. Name of Duration with SecurEyes Experience in
N Employee Information
o. Security
11 PKV 2Y3M 6.00
12 KPT 3Y 8M 5.70
13 SKK 5M 5.00
14 SD 3M 4.80
15 AAN 7M 4.60
16 AS 4Y 3M 4.40
17 NM 4Y 3M 4.40
18 ARVV 1Y7M 4.10
19 TM 8M 4.10
20 SK 4M 4.00
21 SJ 2M 4.00
22 MAL 1Y7M 3.90
23 KKO 8M 3.80
24 APS 3Y 10 M 3.10
25 VS 7M 2.80
26 PSK 2 Y 10 M 2.10
27 VS 11 M 2.10
28 AP 2 Y 10 M 2.10
29 VK 1Y8M 1.90
30 DP 9M 1.70
project value.
The largest project handled in last year, was an end-to-end Information security and
management review for one of our large financial sectorcustomer. The details of the p
below:
Project Scope:
1. Assessment of Information Security & Business continuity Implementation from peo
perspective
2. Conduct a detailed review on effectiveness of the business continuity processes
3. Application security assessment for 25 large applications along with infrastructure review f
(including financial, & non-financial applications)
4. External/Internal vulnerability assessment
5. Social Engineering test to determine the IS awareness level among the employees.
6. Advanced Persistent Treat (APT) resilience test to determine the adequacy of the APT solu
7. Network Penetration testing of Internal and External Internet facing infrastructure
8. Vulnerability assessment covering production infrastructure including multiple Operating S
Databases, Mail Servers
9. Conducting user access control review for all platforms for critical production infrastructure
10. Assessment of Security Operation Centre (SOC) including review of coverage scope for SO
of rules defined for monitoring, implementation review of the SIEM solution and review
and standards pertaining to the SOC operation.
11. Assessment of Incident Management (IM) including review of policies, procedures a
to the IM operation; determining the adequacy of incident detection controls by conduct
controlled environment; evaluating the incident response under various scenarios; evaluating
incident response team.
12. Assessment of the network architecture, topology, network communication with third parti
13. Assessment of remote connectivity including VPN access.
14. Assessment of security appliances & solutions
15. Secure configuration review of firewalls, routers, switches, operating systems and databas
Organization.
16. Assessment of the Data Center and Disaster Recovery Sites.
17. Review of the process and monitoring adequacy of the Organization to comply with all loca
requirements.
Project Complexity:
This was a project for a financial sector client having large IT setup. The projec
assessment of technology, processes and people components for this critical sector orga
applications, infrastructure systems and networks were in the scope of the security ass
assessment included review of third-party interfaces which were implemented to en
multiple interested parties. The project required the assessment team to perform
and international best practices, compliance requirements and regulatory standards. T
33- man month project with the team carrying out assessments across locations.
Locations:
Middle-East
Project Value:
Rs. ~1.75 Crores

i. Commercial Tools
1. Nessus (Commercial Professional Version)
2. Burp Suite Professional
3. Checkmarx
4. Accunetix
5. Nexpose
6. And many more licensed or subscription based commercial tools
ii. Freeware Tools
1. Google Search
2. SamSpade
3. Tcp traceroute
4. Nmap
5. Sparta
6. hping2
7. Protos
8. XProbe
9. P0f
10. Nmap-cronos
11. Httprint
12. Smtpscan
13. SinFP
14. Metasploit Framework
15. Nikto
16. Cain & Cable
17. SQL Map
…. And many other open source tools
iii. Proprietary Tools
1. SecurEyes Centralized Vulnerability Management System
2. SecurEyes Advance Social Engineering Test System
3. SecurEyes Advanced Penetration Testing Toolkit
4. SeInfo_Grabber
(Tool used for application security reconnaissance)
5. SEWindowsXP_VA
(Tool for VA of windows XP)
6. SEWindows2003_VA
(Tool for VA of windows 2003)
7. SEWindows2008_VA
8. SEWindows7_VA
9. SERedHat_VA
(Tool for VA of RedHat Linux)
10. SEAIX_VA
(Tool for VA of AIX)
11. SESolaris_VA
(Tool for VA of Solaris)
12. SEDB_VA
(Tool for VA of MS-SQL, MySQL, Oracle, PostGRE SQL)
13. SENW_VA
(Tool used for VA of network devices including switches, routers, Firewalls)

SAIF Plus, R5-05/C, P.O Box: 122708,
Sharjah, United Arab Emirates
SecurEyes LLC
Desk No. 023, Business Centre, Abu Dhabi Airports Free Zone, PO Box: 2313, Abu Dhabi, Unit
SecurEyes KSA
6379, Al Ulaya, Al OlayaDist, Riyadh, 12221-2713, KSA
SecurEyes INC
310, Alder Road, P.O.Box: 841, Dover, DE – 19904, USA
*Information as provided by M/s. SecurEyes Techno Services Pvt.Ltd.on30.12.2019

Ba
M/s Deloitte Touche Tohmatsu India Limited Liability Partnership
M/s Deloitte Touche Tohmatsu India Limited Liability Partnership Address:
Opposite Shiv Sagar Estate, Worli, Mumbai - 400018
2. Carrying out Information Security Audits since : Prior to 200

 IOT security testing : Yes
 Mobile application security : Yes
 Cloud security : Yes

Govt. : Approximately 10 engag
PSU : Approximately15 engag
Private : Approximately250 enga
Total Nos. of Information Security Audits done : Approximately275 enga
them)
Network security audit : Approximately 35
Web-application security audit : Approximately 40
Wireless security audit : Approximately 5 Compliance audits (IS
: Approximately 20

CISSPs : Approximately 15
BS7799 / ISO27001 LAs : Approximately 25
CISAs : Approximately 70
DISAs / ISAs : Approximately 10 Any other information security qualification :
Total Nos. of Technical Personnel:We have approximately 140 technical pe

listed in Annexure A is illustrative list of professionals involved in critical in
Public Sector.
Please refer to Annexure A : for details.
security
CEH V.10,CISC,CPH,CPFA
CEH,CISA, CAST 613-EC Council
CEH V10
CEH V10
CEH
ISO 27001
ISO 27001
CEH V10
CEH
ECSA
ECSA
CEH V.10
CEH V.9, CCNA
IS027001, CEH,CCC-NIELIT
NO CERTIFICATIONS
IS027001, CEH
CEH V.10
IS027001, CEH, ECSA
CEH
CEH V.10, ECSA
in terms of scope (in terms of volume, complexity, locations etc.) along with
d in last year, was an end-to-end Information security and business continuity

e of our large financial sectorcustomer. The details of the project are mentioned
ecurity & Business continuity Implementation from people, process & technology
fectiveness of the business continuity processes

for 25 large applications along with infrastructure review for such applications
applications)
ssessment
mine the IS awareness level among the employees.
) resilience test to determine the adequacy of the APT solution.
Internal and External Internet facing infrastructure
ng production infrastructure including multiple Operating Systems, Web Servers,
review for all platforms for critical production infrastructure

on Centre (SOC) including review of coverage scope for SOC monitoring, adequacy
mplementation review of the SIEM solution and review of policies, procedures
C operation.
gement (IM) including review of policies, procedures and standards pertaining
the adequacy of incident detection controls by conducting mock incidents under
the incident response under various scenarios; evaluating the maturity of the
hitecture, topology, network communication with third parties and regulators.

vity including VPN access.
es & solutions
irewalls, routers, switches, operating systems and databases being used within the
and Disaster Recovery Sites.

toring adequacy of the Organization to comply with all local and global regulatory
nancial sector client having large IT setup. The project covers a detailed
ocesses and people components for this critical sector organization. Large number of
stems and networks were in the scope of the security assessment. The
of third-party interfaces which were implemented to enable business across
The project required the assessment team to perform its review against local
ices, compliance requirements and regulatory standards. This was an approximately
he team carrying out assessments across locations.
dit Tools used (commercial/ freeware/proprietary):
Professional Version)
nal
nsed or subscription based commercial tools

ource tools
Vulnerability Management System

cial Engineering Test System
enetration Testing Toolkit
ecurity reconnaissance)
03)
08)
ux)
QL, MySQL, Oracle, PostGRE SQL)
network devices including switches, routers, Firewalls)
nal Information Security Auditors / Experts : No

rsight arrangement (MoU, contract etc.))
y Foreign Tie-Ups? If yes, give details : No
ary of any foreign based organization? : No
rters/Offices, if any : Yes SecurEyes FZC
08,
u Dhabi Airports Free Zone, PO Box: 2313, Abu Dhabi, United Arab Emirates
h, 12221-2713, KSA
ver, DE – 19904, USA
SecurEyes Techno Services Pvt.Ltd.on30.12.2019

Back
t of skills and competence of CERT-In empanelled Information Security
Organisation
Limited Liability Partnership
neled Information Security Auditing Organization :
uche Tohmatsu India Limited Liability Partnership Address: 12, Annie Besant Road,
Sagar Estate, Worli, Mumbai - 400018
ty Audits since : Prior to 2000

se (add more if required)
: Yes
Y/N) : Yes
: Yes
PCI, etc.) (Y/N) : Yes
: Yes
: Yes
: Yes
ried out in last 12 Months :

: Approximately 10 engagements
: Approximately15 engagements
: Approximately250 engagements
formation Security Audits done : Approximately275 engagements
nths , category-wise (Organization can add categories based on project handled by
: Approximately 35
: Approximately 40
: Approximately 5 Compliance audits (ISO 27001, PCI, etc.)
or informationsecurity audits:
: Approximately 15
: Approximately 25
: Approximately 70
mately 10 Any other information security qualification : Approximately 70
echnical Personnel:We have approximately 140 technical personnel. The names

ure A is illustrative list of professionals involved in critical infrastructure support for
deployed for information security audits in Government and Critical sector

equired)
details.
project value.
No. of Computer Systems :
No. of Servers :
No. of Switches :
No. of Routers :
No. of Firewalls :
No. of IDS :
Commercial Tools:
1. Nessus
2. Acunetix
3. Nipper
4. Burp-Suite
5. Netsparker
The above list of tools is indicative.
Freeware Tools:
a. Xprobe
b. Dnssecwalker
c. Tcpdump/tcpshow
d. Dsniff
e. Ettercap
f. Ethereal
g. Fping/ Hping
h. Queso
i. Nmap
j. SuperScan
k. Netwag
l. Firewalk
m. Q-Tip
n. SQLMap
o. Jack the Ripper
p. Crack 5.0a
q. NGS SQLCrack
r. HydraCain and Abel
s. Metasploit
The above list of tools is indicative.
Not Applicable
*Information as provided by Deloitte Touche Tohmatsu India Limited Liability Partnership on
Ba
ed in terms of scope (in terms of volume, complexity, locations etc.) Along with
> 70000
500
100
50
25
10
udit Tools used ( commercial/ freeware/proprietary):
is indicative.
how
Abel
tools is indicative.
ernal Information Security Auditors / Experts: Yes/No (If yes, kindly indicate mode of
))
eloitte Touche Tohmatsu India Limited Liability Partnership on 27- march-2017
Back
Annexure
Details of technical manpower deployed for information security audits in Government and C
organizations:
S. Duration with Experience in
No. Name of Employee Deloitte Information
(Years) Security (Years)
1 Achal Gangwani 5.9 13.86
2 Anand Venkatraman 5.8 16.78
3 Abhijeet Jayaraj 2.6 3.63
4 Ashish Arora 0.7 10.72

5 Ashutosh Jain 1.2 5.22
6 Chinkle Umrania 2.3 6.00
7 Anand Kishore Pandey 3.2 6.10
8 Divin Proothi 2.0 10.96

9 Gautam Kapoor 6.7 16.70
10 Kapil Dev Sharma 1.3 10.83
11 Kartikeya Raman 4.0 7.48

12 Maninder Pal Singh 1.1 12.78
13 Navaneethan M 1.2 6.22
14 Pawan Kumar 4.9 10.68
15 Preetam Hazarika 2.0 11.23
16 Reena Ulhas Pradhan 2.1 7.02
17 Rohit Rane 1.8 12.10
18 Santosh Kumar Jinugu 4.0 12.46
19 Shashank Gupta 0.8 4.26

Annexure A:
ployed for information security audits in Government and Critical sector
CEH, ISO 27001 LA_LI, ITIL

Foundation, CCNA
CISM, CISSP, ISSAP, ISO 22301 LI,
COBIT5
OSCP, Certified Ethical Hacker (CEH v8)
CISSP, ITILV3, CNAP, RHCE, CWSE

CISA, CEH
CCNA, ISMS Internal Auditor, CISA
Certified Ethical Hacker (CEH V7), ISO/IEC
27001:2005 Lead Auditor from ISC,
ISO/IEC 27001:2005
Lead Implementer from BSI, BS
25999:2007 Lead Auditor from ISC
CISA, SAP GRC 5.2
CISA, CISSP, ISO 27001 LA_LI
ITIL v3, ISO 27001, CEH V7,
PRINCE2 (Foundation), PRINCE2
(Practitioner)
ITIL v3, CISA
Lead Auditor, CISSP, CISA, CEH
CCSK, CISM, CPISI, COBIT 5
FOUNDATION, ISMS, BCMS , QMS
,DSCI, CEH, ITIL Version 3, RHCE, CCSA,
CCSE, CCNA, SCSA PART-1 & SCSA PART-
II, SCNA
Certified Information Systems Auditor
(CISA).
ISO 27001:2005 ISMS Lead
Implementer
EC - Council Certified Ethical Hacker (CEH
v6)
ITIL v3 Foundation certified. Cisco
Certified Network Associate (640-802)
Deploying ASA Firewall -CCNP Security
(642-617
CEH, ISO 27001 LI, BCM - 400,

ArcSight ESM
CISA, ECSA LPT, CISSP, ITIL v3,
CEH, Cyber Crime investigator certificate
CISA, ITIL V3 Foundation, ISO 27001 LI,

ISO 27001 LA, ISO 2000 LA, BS25999 LA,
A+, N+, CCNA,
ISO 27001 LI, ISO 25999 LI, BCM
Implementation, ISO 31000 Internal
Auditor, CEH, SAP Security
CEH, Qualys Guard Vulnerability

Management Certified, Nexpose Certified
Administrator, Java
20 Vikas Garg 6.7 13.34
21 Vivek Patil 0.8 5.81

22 Arshdeep Singh 5.5 5.5
23 Mahesh Kumar Heda 5.6 8.6
24 Praveen Sasidharan 6.3 15.3
Bac
Professional
ISO 9001:2000 ; BS7799 LI ; ISO 27001
LA ; CISA ; CISM ; CISSP, PMP, CEH,
BS7799 LA, Info.
Security/ BS7799 LA, Info. Security/
BS7799 LI, BS7799 to ISO27001
Transition Certified, BCP/ DR Certified, BS
15000 RCB Auditor Examination (itSMF
Certified), ITSM/ BS15000 Certified LA,
ITSM/ BS15000 Certified LI, QMS/ ISO
9001:2000 Certified Lead Auditor, DSCI -
lead
assessor for privacy
CEH v8, PCISI, CISO, ITIL

ISO 27001 LI, CCNA
Program in Information security
management
CISM, CRISC, COBIT, ITIL
Foundation, BCCS, ISO 27001 LI,
BS25999 LI & CSPFA, CBCP
Back
M/s TAC InfoSec Private Limited
TAC InfoSec Private Limited
3. Capability to audit , category wise
 Source Code Review : Yes
 Red Teaming : Yes
 Mobile application security audit : Yes
 Social Engineering : Yes
Govt.
PSU
Private
them)
Mobile Application Security Audit : 1000+

CISSPs
BS7799 / ISO27001 LAs
CISAs
DISAs / ISAs
CSSP
CEH
10+Total Nos. of Technical Personnel
: 50+
1 TA 7+ 9+ -
2 AJ 3+ 4+ MSC Cyber Security,
CEH
3 AS 6+ 6+ B-Tech (Information
rganization :
: 2013
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
: 5+>
: 5+
: 200+
udits done : 200+
50+
1000+
20+
10+
1000+
: 0
: 0
: 0
: 0
: 2+
: 25+
cation :
l

Technology)
4 SK 3+ 3+ CEH
5 SS 3+ 3+ CEH
6 RK 3+ 3+ CEH
project value.
One of the largest BFSI: 200+ Mobile Applications, 100+ Web Applications, 200+ Network Dev
Review, Configuration Review, and Risk Advisory.
Value of the Project was approx90Lacs.
1.) Acunetix Consultant Edition (Commercial) 2.) Burp Suite Pro (Commercial)
3.) Dirbuster (Open Source) 4.) Nikto (Open Source)
5.) OWASP ZAP Proxy
Network VAPT:
1.) Nessus Vulnerability Scanner 2.) Wireshark
3.) Cain &Abel
4.) Metasploit
5.) smbclient
6.) snmpenum
7.) enum4linux
8.) netcat
9.) nslookup
10.) Exploit codes from exploit.db
11.) Other Kali OS tools as per the vulnerability
Configuration Review (OS & Devices):

1.) Nessus
2.) Nipper freeware
3.) Manual review
Wireless Penetration Testing:

1.) Atheros wifi card 2.) Aircrack-ng
3.) Wapiti
4.) Wifi - Pineapple
Red-Team:
1.) Malicious USB
2.) TAC PhishInfielder (TAC’s tool) 3.) Payloads (Self-Created)
4.) Other tools in kali OS.


*Information as provided by TAC InfoSec Private Limited on 23/12/2019
Ba
ons, 200+ Network Devices,Source Code
e/proprietary):
o (Commercial)
Experts : No ( If yes, kindly provide
ls : No
: No
12/2019
Back
M/s TATA Communications Ltd
TATA Communications Ltd,
C-21 and C-36, G Block, Bandra Kurla Complex Mumbai 400

 Compliance audits (ISO 27001, PCI, etc.) : Y

Govt. :
PSU :
Private :

handled by them)
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security qualification:CEH,GCIA, GCIH,CISM,CHFI
1 Mohan Dass 9 years 14 years CHFI,CEH,CISSP
2 Rajaguru GS 8 years 11 years ITIL,QCS
project value.
Network security Audit for of one of the largest Airline logistics company covering dat
and UK. The total deal value is INR 1,65,00,000 for Network and Security audit.

 Nessus
 Qualys Guard
 Burp Suite
 NMAP
 Kali Linux – Armitage
 Metasploit Framework
 SQL MAP
 FireEye Ax
*Information as provided by TATA Communications on 27-Mar-2017
Bac
,
andra Kurla Complex Mumbai 400098
: 2008
: Y
: Y
: Y
: Y
:
: 3
: 8
: 175
done : 186
ganization can add categories based on project
186
7
0
0
dits :
: 6
: 9
: 4
on:CEH,GCIA, GCIH,CISM,CHFI
: 150+
ations related to
ation security
EH,CISSP
CS
ne logistics company covering data center locations in US

Network and Security audit.
on 27-Mar-2017
Back
M/s CyberRoot Risk Advisory Private Limited
CyberRootRisk Advisory Pvt. Ltd.
023, 5th Floor, Tower A, Emaar Digital Greens, Sector 61, G
Haryana
3. Capability to audit , category wise
 Physical Access Control & Security Testing : Yes
 Web Application Source Code Review : Yes
 Mobile Application Audit : Yes
 Configuration Audit : Yes
 Cyber Forensics Investigation : Yes
 Penetration Testing : Yes
Govt. :
PSU :
Private :

Network Security Audit :
Web Application Security Audit :
Configuration Audit :
Software Audit :
Database Audit :
Cyber Forensics Investigation :

CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
organizations
No. CyberRoot Risk Information Security Information security
Advisory Pvt. Ltd.
1 Vibhor Sharma 5 years 9 years ISMS LA
2 Chiranshu Ahuja 5 years 9 years ISMS LA, CCCSP,
CCNA, CCNA Security
g Organization :
td.
igital Greens, Sector 61, Gurugram - 122102,
: 2013
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: 5
: 2
: 47
: 54
: 3
: 57
: 2
: 1
: 1
: 50+
: 0
: 2
: 0
: 0
: 17
: 31

3 Vikash Pandey 4 years 5.5 years ACSE
4 AbhinavRawat 3.5 years 3.5 years CISE
5 Anirudh Gupta 2.2 years 2.2 years CEH
6 Mukesh Bhatia 2 years 2 years CEH
7 MeghaSaroeval 1.5 years 1.5 years CEH
8 SiddharthSaxena 1.5 years 1.5 years CEH
9 AnkurVerma 1.5 years 1.5 years MCSA
10 Bhaskar Dev Mayank 7 months 7 months CEH
project value.
Web Applications, Network Audit and Software Audit including Configuration & Database
clothing and retail chain in Asia-Pacific Region with scope of 50 servers, 15 switches, 1 F
Routers, 180 Laptops, 406 Workstations, 419 POS Devices, 460 iPhone/iPad and 6 Web A
CMS and Intranet
Commercial:
 Burp Suite
 Acunetix
Freeware:
 Wireshak
 RIPS
 NexPose
 Nmap
 Metasploit scanner
 Sparta
 OWASP ZAP
 Cookie Manager
 W3AF
 Netstumbler
 Kismet
 Hydra
 Cain & Abel
 Tamper Data
 Net Sparker
 Nikto
 DirSearch
 Hamster
 Sqlmap
 SET
 Ettercap
 .Net Reflector
 NetStumbler
 Brutus
 BackTrack OS
 Kali Linux OS
Proprietary:
 Script to test for Administrative privileges granted to web application
 Script to test for CSRF
 Other scripts for verification of vulnerabilities
10. Outsourcing of Project to External Information Security Auditors / Experts : N
*Information as provided by CyberRoot Risk Advisory Pvt. Ltd. on 21-Dec-2019
Bac
Configuration & Database Audit for one of the

servers, 15 switches, 1 Firewall, 1 IDS, 124
0 iPhone/iPad and 6 Web Applications including
ware/proprietary):
to web application
rs / Experts : No
etails : No
anization? : No
: No
. on 21-Dec-2019
Back
M/s Robert Bosch Engineering and Business Solutions Private Limited
Robert Bosch Engineering and Business Solutions Priv
Industrial Layout, Hosur Road
Koramangala, Bangalore-560095
 Network security audit (Y)
 Web-application security audit (Y)
 Wireless security audit (Y)
 Compliance audits (ISO 27001, PCI, etc.) (Y)
 Internet of Things- IoT (Y)
 Embedded System (Y)
 Mobile Security Assessment (Y)
 Security Risk Assessment (Y)
Govt. : None
PSU : None
Private : 65

handled by them)
Mobile Applications : 12
Embedded System : 4
Internet of Things- IoT : 4
Security Risk Assessment : 10
CISSPs
DISAs / ISAs
( CISM : 1 and CEH : 8)
: 0
: 1
: 0
: 0
:
: 50
S. Name of Duration with Experience in Qualifications related
d
rganization :
usiness Solutions Private Limited No: 123,
: 2014
(Y)
(Y)
(Y)
(Y)
(Y)
(Y)
(Y)
(Y)
: None
: None
: 65
: 0
3
40
12
3
0
4
4
10
0
1
0
0
50

No. Employee <organization> Information Security to Information security
project value
Largest Project Volume Complexity Project Value
Global Customer  External and High Confidential
Enterprise network and Internal Network
application security  Wireless NAC
assessment (Grey Box  15+ web application
model)
Trac 360 Project  Security Risk High Confidential

Assessment
 2 Web application
 4 Mobile
applications
 100+ REST Api’s
 COTS device with
customer build app
 Cloud Network
IEP Product  Security Risk High Confidential

Assessment
 Device with
Customized firmware
and physical interfaces
 Web Applications
 REST APi’s and
MQTT
 Azure Cloud
environment

Commercial tools Burp suite , Acunetix , Nessus, Netsparker
Freeware Mobile testing Framework , KaliLinux, NMAP,Browser Addons ,

Wireshark , Offensive Security Framework, Reverse Engineering tool
kit

Robert Bosch Engineering and Business Solutions (RBEI) is a 100% owned subsidiary of Ro

Robert Bosch GmbH, is headquartered in Gerlingen, near Stuttgart, Germany
*Information as provided by Robert Bosch Engineering and Business Solution on 30th Dec
Bac
e/proprietary):
perts : No
ct etc.))
ls : No
zation? : Yes
owned subsidiary of Robert Bosch GmbH.
: Yes
Solution on 30th December 2019
Back
M/s Qseap InfoTech Pv.t Ltd.
1. Name & location of the empanelled Information Security Auditing Organisation :
Snapshot of skills and competence of CERT-In empanelled Information Security Auditin

QSEAP INFOTECH PVT. LTD,
Unit No.105, Building No.3, Sector-3, Millennium Busi
Navi-Mumbai-400710.
2. Carrying out Information Security Audits since : NOV 2011

 Network security audit (Y/N) : YES
 Web-application security audit (Y/N) : YES
 Wireless security audit (Y/N) : YES
 Mobile appsec audit : YES
 Vulnerability Assessment and configuration audit : YES

Govt. : 32+
PSU : 0
Private : 22+

handled by them)
Mobile appsec audits :
Vacaaudits :
CISSPs :
BS7799 / ISO27001 Las :
CISAs :
OSCP :
CEH :
(CSA/CISC/CISE) :
Others :
organizations (attach Annexure if required).
ecurity Auditing Organisation :

anelled Information Security Auditing Organisation

PVT. LTD,
ding No.3, Sector-3, Millennium Business Park, Mahape,
0710.
: NOV 2011
uired)
: YES
: YES
: YES
: YES
: YES
: YES
out in last 12 Months:

: 32+
: 0
: 22+
: 54+
10+
50+
1
2
10+
40+
urity audits :
1
6
1
1
40
17
46
112
S. Duration Experience in Qualifications related to
No with Qseap Information Information security
Name of Employees
Security
1 Praveen Singh 8 11 B. Tech IT

2 Sunil Kapri 8 11 EMBA,
BE in IT
OSCP CSIC
3 Abhijit Ashok Doke 7 9 MBA in IT
4 Mohsin Mahmood Khan 3+ 3

BE. Computer Engineer
5 Kalyani Vishwas Mali 3 4 CEH BE. In IT
Awdhesh Chintamani Yadav BSs. In IT CEH CCNA

6 2+ 3
7 Varun JeewansinghKarayat 2+ 2 BSc in Computer Science
ISO 27001 LA
PCIDSS Implementer MSc in
8 Ajita Haridas Gawai 2+ 6
Network Systems Engineering
9 Siddhant Suresh Ughade 2+ 2 CCNA

B.E (EXTC)
10 2+ 2.5 CEH CND CCNA
B.E in Electronics and
NinadRajeshbhai Gandhi Communications
Ethical Hacking Traning

11 Khushboo Uday Saw 2+ 2 Diploma in .Net
B.E in Computer Science
CEH CND v1
12 Darshan Sagwekar 2+ 2 B.E (ELECTRONIC)
13 Vandana Yadav 2+ 2 BTech. In IT

CEH CND CCNA
B.E (EXTC)
14 Brijesh Suresh Yadav 2+ 2+
15 Priya Ratndeo Jha 2+ 2 MSc in IT

16 Hitesh DinkarChandansire 2 2+ CEPTN BE in
EXTC
17 Mandar Lingayat 2 2 CEH BE EXTC
- Certified Network Associate

Security
-Certified Associate Routing
18 Vivek Yadav 2 2
and Switching
-BE in EXTC
19 GibinReji 2 2 BE EXTC
ISO 27001 LA
Professional Software Testing
20 Onkar Ghadge 2 2+
Specialist
BE in IT
21 Vishnu s. Chandran 2 2 CISEH
BE in IT
CCNA ECSA.v10 BE in EXTC
22 Tanveer Shaikh 2 2+
23 Sandeep Pandey 2 2+ BSc. IT

JAVA SQL
24 Zeeshan Khan 2 2 BE in Electrical
25 Ashish Jogi 2 2.5 CEH BCA
ISO 27001 LA
CISEH CPTE
26 Karan Sawant 2 2+
BE in EXTC
27 Faizan Ansari 2 2+ ESCA BE EXTC
28 Aditya Nagarkar 2 2 CEH

BE in EXTC
CISEH CPTE
29 Vaibhav koli 2 2+ BSc. Computer Science
ISO 27001 LA CPTE

CISEH BEEXTC
30 Varun Thorat 2 2
CCNA CCNP
31 Shahnawaz Shaikh 2 2 BE EXTC
32 AkshayChavare 1 1+ CEH BE EXTC
CISEH CPTE CCNA

BE Computer Engineering
33 AshleshaJadahv 1 2+
34 Neha Raut 2 2 CEH

BE in IT
35 PrathmeshVaze 1 1.5 CEH
BE in IT
36 Aditya Deepak Vyawahare 1.9 2 BE in Electrical
CDAC-PG DITISS (IT

infrastructure System and
37 Chaitali Shivaji Bande 1.9 2
Security)
BE in Electronics
38 Shital Vijay Patil 1.9 2 BE in IT
CEH CDAC
39 Rahul Subhash Ahire 1.9 2 BE in Computers
40 Ramsingh Verma 1.8 3+ MSc in Computer Application-IT

MS. NET
ECSA
41 Lalita Dhuri 1.8 2 Advance Diploma in JAVA

Technology course - Profound
Edutech
Network Security Training - NADC
India.
Training Program on Internet
Fundamental under MITCON
BE in EXTC
42 Rohan Ravindra Chaudhari 1.5 2 ISO 27001 LA BSC

in IT
43 Pratik Milind Rane 1.5 2 ECSA BE in EXTC
CEH
Certified Professional Jaya
44 Ajay Jayram Doke 1.5 2
Specialist
BE (computer)
45 Aniket Ashok Doke 1.5 1.5 CEH
BE in EXTC
CISEH CPTE
PHP with MySQL BSc in IT
46 Jayshree PappuAhirrao 1.5 1.5
Suraj Jatinchandra Biswas MBA in IT ASP .Net

BE in Computer Science
47 1.5 1.5
Sandeep Ramdas Yadav CCNA

48 1.5 1.5 CCP – Routing and S/w BE EXTC
49 Subodh vishe 1.5 1.5 MSc in I.T BSC-IT
50 Mandar Joshi 1.3 1.2 B.E in Computer

51 Tusahar Singh 1.3 1.2 CEH
B.E in EXTC
52 Priyanka Malusare 1.3 1.2 CEH
BE in IT
53 Shweta Songaonkar 1.3 1.2 CEH CCNP
Certified Network Associate Router
and S/w
BE in EXTC
54 Rubina Shaikh 1.3 1.2 CEH BSC in IT
CEH
MSc. in IT BSc. In IT
55 Apoorva Satish Phatak 1.3 1.2
56 Amurta Anna Gangurde 1.3 1.2 CCNA BE in EXTC
Purushottam Jaywant Rane ESCA CEH CCNA

B.E in EXTC
57 1.3 1.2
MCA – Information Technology

and Applications Development
58 Kishor HiramanThorat 1.3 1.2
BCA in IT
59 MohdUvais Shaikh 1.3 1.2 CCNA

B.E (EXTC)
60 Roshan Uke 1.3 1.2 B.E in IT
BTech in Electronics and
61 Rana Pratap Dudipalla 1.3 1.2 Communications Engineering
62 Kishore Kumar Kaluva 1.3 1.2 BTech in Electrical and
Electronics
63 Suraj Bade 1.2 1+ BSc in Computer Science
64 Aniket Pachchhapur 10 1+ CEH
Months BE in EXTC
65 Siddheshwar mane 10 3 BTech. in EXTC
Months
66 Vishvesh Bhatt 10 2 CEH
Months BE in EXTC
67 Rahul Fernandes 10 1+ CEH
Months B.E in EXTC
10 CCNA CEH
68 Tanvi Sawant Months 3 BE in EXTC
10 Redhat certified system

Months Adminstrator
69 Mansih Karda 1+
CPTE BE in EXTC
70 Himanshu kulkarni 10 3 CEH

Months B.E in Electronics
71 Kishore Hariram 10 2 B.E in Computer Science
Months
72 Rahul Nikam 9 Months 5+ CEH BSc. IT
73 Shalini Saini 1.5 Master of Business

AdministrationInternational
10
Management
Months
BE in EXTC
74 Vinit Yashwantrao 10 1.5 BSc inComputer Science

Months
75 ShyamDhuriya 3+ MCA -Master of Computer
Application, ProgrammingBCA -
10
Bachelor of Computer Application,
Months
Programming
76 Rashmi Bhatt 10 1+ MCA in computer science

Months
10 CISC CPFA
77 Zain Ahmed Months 1+ BE EXTC
78 Darshana pund 10 2 BE in Computer Science &

Months Engineering
79 Rahul Singh 10 1+ B.E in Computer
Months Engineering
10 CEH
Months Cyber Protection and Security
80 Prem Singhot 1.5
Course
BCA
CISSP CISA CISM
ISO 27001 LS CEH
CAIIB
MCA – Computer
81 Jaya Bharathi Mala 7 Months 25+
Application
82 Nitesh Janardhan Chaturvedi 7 Months 3+ CEH
BE in EXTC
83 Apurva Badave 6 Months 2 BE in IT
84 Rohan Unde 6 Months 2 CEH
BE in EXTC
85 SajanDhakate 6 Months 1.5 BE in Computers
CSA – Cyber Security Analyst
86 Ajay Kori 6 Months 3 BE in Mechanical
87 Prachi Jadhav 6 Months 1 Cloud Computing BE in

Computers
88 Alisha Koli 6 Months 3+ BE in IT
89 Sanjana Mahadeshwar 6 Months 6 Months BE in Computer Science and
Technology
PG Diploma in IT Infrastructure,
Systems and
Security
90 Vaibhav Mohite 6 Months 1.8 CCNA
BE in Electronics
91 Ankita Desai 6 Months 2.5 BE in EXTC
BE in IT
PG Diploma in IT Infrastructure,
92 Aakash Shukla 6 Months 3
Systems and Security.
93 Viraj Kishor Mota 5 Months 1.5 CEH BSc. IT
94 Bala Jagath 4 Months 2 CCNA

BTech in Computer Science
ISO 27001 LA
95 Chetna Omeya Shinde 4 Months 1+ Software Testing BE in IT
CISEH CPTE
96 Suraj Kalamkar 4 Months 1.5 BSc in IT
97 Shubhangi Vijay Dawkhar 4 Months 2+ CEH

BSc in Computer Science
98 Krutika Santosh Haldankar 4 Months 2 CEH
BSc in IT
99 Sanket Yadav 4 Months 1.8 BSc in IT
Vijaya BashkarAithepalli MTech. In Instrumentations and
100 4 Months 2 control system Engineering
101 Shashikumar Reddy 4 Months 1 BE in Mechanical

CISEH CCNA
102 Ankita Mohan Lavande 4 Months 2 BE in Electronics
103 Tejaswi Sagi 4 Months 4 Months BE in Computer Science

104 Muthu Krishnan 4 Months 4 Months BE in Computer Science
105 SaishabareeshRegisetti 4 Months 4 Months BTech in Electronics and
Communications
106 Thimmaiah Mangiri 4 Months 4 Months BTech in Electronics and
Communications
107 Mohan Thakur 4 Months 1 CEH
BE in EXTC
108 TejakumarAnanthapur 4 Months 4 Months BTech in Electronics and
Communication Engineering
109 Ravi Pennampalli 4 Months 4 Months BTech in Computer Science
Engineering
CEH ECSA
110 Harsh Savla 4 Months 1.8 BTech in Computer Science
Engineering
CISC CEH
111 Ryan Nisar Pathan 4 Months 2+ BE in EXTC
CEH CISC
112 UzaifKotmire 3 Months 2+ BE in EXTC
value.
S.No Activity Scope Complexity Location
Goa 17 web Applications

Website related to different
1 government departments Web Application PT Goa
VAPT and Web Routers, Firewalls and Proxies,

2 DHFL Application PT Web application using Black box & Mumbai
Grey Box
3 Fullerton VAPT and Configuration Windows and Linux servers, Mumbai
Audit Network devices
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Burbsuit, Nessu
10. Outsourcing of Project to External Information Security Auditors / Experts : NO

11. Whether organization has any Foreign Tie-Ups? If yes, give details : YES
i. Versos (UAE)
ii. Paramount LLC (UAE)
For VAPT, Appsec service lines

13. Locations of Overseas Headquarters/Offices, if any : NO
*Information as provided by Qseap Infotech Pvt. Ltd on 23rd December 2019
Ba
of volume, complexity, locations etc.) along with project
eeware/proprietary): Burbsuit, Nessus, Nmap,
itors / Experts : NO
c.))
details : YES
rganization? : No
: NO
d on 23rd December 2019
Back
M/s Yoganandh & Ram LLP
1. Name & location of the empanelled Information Security Auditing Organization
Yoganandh & Ram LLP
G-1, SHREE VISHNU APARTMENTS, #12, 12TH CROSS STREET, DHANDEESWARAM N
CHENNAI – 600 042
2. Carrying out Information Security Audits since : September-2009

(10 Years – 2 Months)
3. Capability to audit,category wise (add more if required)
• Network security audit :
• Web-application security audit :
• Wireless security audit :
• IT Security Audit :
• Data Centre Physical and Environment Security Audit :
• Internet & Mobile Security Audit :
• CBS/ERP Application Security Assessment :
• Information Security Policy Formulation & Assessment :
• Data Migration Audit :
• Cyber Forensics & Mail Forensics Analysis :
• Compliance audits (ISO 27001, PCI, CCA, IRDA, CRA, etc.) :
• BCP Policy Formation & Assessment :
• BCP DR Testing & Implementation :
4. Information Security Audits carried out in last 12 Months

Govt. :
PSU :
Private :
5. Number of audits in last 12 months ,category-wise (Organization can add categories ba
on project handled by them)
Compliance Audits (ISO 27001, PCI,etc., ) :
Data Migration Audit :
CBS/ERP Application Security Assessments :
Internet Banking & Mobile Security Audit :
Information Security Policy Formulation & assessment :
Cyber Forensics Analysis :
NPA Configuration Review :
Swift Infrastructure Audit :
AUA/KUA Audit :
ity Auditing Organization
S STREET, DHANDEESWARAM NAGAR, VELACHERY,
: September-2009
d)
: YES
: YES
: YES
: YES
ment Security Audit : YES
: YES
sessment : YES
ulation & Assessment : YES
: YES
Analysis : YES
CI, CCA, IRDA, CRA, etc.) : YES
ent : YES
n : YES
ths
31
17
47
95
rganization can add categories based
25
56
0
27
3
1
13
3
2
2
4
4
BCP Policy Formation & Assessment :
BCP DR Testing & Implementation :
6 Technical manpower deployed for information security audits
CISSPs :
BS7799 / ISO27001 LAs :

BS 10012 :
BS25999 :
LA-QMS-ISO 9001:2015 :
LA-BCMS-ISO 22301:2012 :
LA-ITSM-ISO/IEC 20000-1:2011 :
CISAs :
DISAs / ISAs :

1. 2. Certified Ethical Hacker :
2. M.Sc/M.Tech- Cyber Forensics and Information Security :

3. PG Diploma in Cyber Law :
4. System Security Certified Practitioner :
5. CloudU :
6. CRisc :
7. CDCP :
7. Details of technical manpower deployed for information security audits in Government and Critical
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, loca
project value.
IT Security Audit for one of the leading Banks in India
1. Scope inclusive of
a. Vulnerability Assessment for over 200 Servers,
b. Web Application Penetration Testing of Internet & Mobile Banking Applications,
c. CBS Application Review,
d. Policy Assessment,
e. Application security Assessments,
f. ATM Switch Review,
g. Physical and Environmental Audit.
2. Value: Over 12 Lakhs

3. No. of Applications: 20+
4. No. of Server: 200+
5. Locations: Chennai, Bangalore

1. Nessus(Commercial)
2. Burpsuite(Commercial)
3. Nmap
4. Nikto
5. Sqlmap
6. John the Ripper
7. Wireshark
8. Hping3
9. SNMP Walk
10. Metasploit
11. W3af
12. Netcat
13. Pdump
14. THC Hydra
15. Acunetix Free Web Application Scanner
16. Dirbuster
17. ZAP
18. PW Dump
19. OWASP Xenotix
20. SEToolikit
21. Aircrack-ng
10. Outsourcing of Project to External Information Security Auditors / Experts(If yes, kindly
arrangement (MoU, contract etc.) : No
11. Whether organisation has foreign Tie – Ups? If yes, given details : N
12. Whether organization is a subsidiary of any foreign based organization?: N
*Information as provided by Yoganandh & Ram LLP on 23 rd December 2019
Ba
1
1
6
9
1
1
1
1
14
2
3
1
1
1
1
1
19
ity audits in Government and Critical sector organizations (attach Annexure if required) : As per Annexure-1
terms of volume, complexity, locations etc.) along with
,
& Mobile Banking Applications,
rcial/ freeware/proprietary):
y Auditors / Experts(If yes, kindly indicate mode of
No
en details : No
ed organization?: No
: No
n 23 rd December 2019
Back
Annexure
Sl.No Name of Employee Duration with Experience in
organization Information
Security
1 T Manoj Kumar Jain 13 Years 9 Years 2 Months
2 R Chandrasekhar 9 Years 8 Months 16 Years
3 T Mariappan 10 Years 6 Months 9 Years 2 Months
4 Sangeetha N 3 Years 6 months 3 Years 6 Months
5 Mohammed Mubariz S 5 Years 5 Months 5 Years 5 Months
6 T Chandra Prakash 7 Years 9 Months 7 Years 9 Months

Jain
7 Pavana Kumar LKG 5 Years 9 Months 5 Years 9 Monhts
Mushti
8 Sreevatchan S 3 Years 3 Months 3 Years 3 Months
9 Kamalutheen A 3 Years 3 Months 3 Years 3 Months
10 Padmanaban K 2 Years 9 Months 20 Years
11 Krishnan J 2 Years 6 Months 2 Years 6 Months
12 Priyadarshini 2 Years 6 Months 2 Years 6 Months
13 Madhan Prasad 2 Years 7 Months 2 Years 7 Months
14 Vasanth K 2 Years 6 Months 2 Years 6 Months
15 Selin Raj 1 Years 8 Months 1 Years 8 Months
16 Imran Shariff 1 Years 8 Months 1 Years 8 Months
17 Srinivasan V V 1 Years 7 Months 1 Years 7 Months
18 Sowmya Rajan 1 Year 4 Months 1 Year 4 Months

Annexure-1
Qualifications related
to Information security
CISA
CISA, DISA, CISSP, ISO

27001:2013 Lead
Auditor, ISO 25999, PG
Diploma Cyber Law
CISA, DISA
CISA
CloudU, Certified Ethical

Hacker (C|EH)
CISA
CISA
Certified Ethical Hacker (C|EH)
CISA,LA-QMS-ISO 9001:2015
LA-BCMS-ISO 22301:2012
LA-ITSM-ISO/IEC 20000-
1:2011
LA-ISMS-ISO/IEC
27001:2013,
Investigation Basics
CISA, CISM
CISA, , ISO 27001:2013

Lead Auditor
CISA
M.Tech., M.Sc., Cyber

Forensics & Information
Security
CISA
B.Tech, CEH, M.Sc.,

Cyber Forensics & Information
Security
B.Tech, CEH, M.Sc.,

Cyber Forensics & Information
Security
CISA
CISA
Sl.No Name of Employee Duration with Experience in
organization Information
Security
Vignesh 6 Months 6 Months
19
Ba
M.Tech, Certified Ethical

Hacker (C|EH), CISA
Back
M/s Indusface Pvt. Ltd.
Indusface Pvt Ltd, Vadodara, Gujarat, India.
 Wireless security audit (Y/N) : N
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : N
Govt.
PSU
Private

handled by them)
Web-application security audit : +
1000
Mobile Application security audit : +
500+
API security Audit : 500
Thick client security Audit : 50
Wireless security audit : NA
Compliance audits (ISO 27001, PCI, etc.) : NA
CISSPs
BS7799 / ISO27001 LAs
CISAs
DISAs / ISAs
OSCP, 8 ECSA, 21 CEH, 1 OSWP, 3 CHFI, 2 CCNA
Indusface Pvt Information Security Information security
Ltd.
1 Amit Dubey 3.4 Years 3.4 Years CEH, ECSA, CHFI

2 Ayubali Beleri 1.6 Years 3.6 Years CISEH, CPTE
3 Chirag Rai 1 Years 1 Years CEH, ECSA
4 Grishma Savla 1.5 Years 3.2 Years CEH, ECSA
5 Mayur Patil 3 Years 4.2 Years OSCP, CEH
Organization :
ujarat, India.
: 2012
Y
Y
N
N
: 100+
: 300
: 500+
Audits done : 1000+
1000
+
1000
+
500+
500
50
NA
NA
: 0
: 0
: 0
: 0
ification : 2
3 CHFI, 2 CCNA
: 33

6 Prajakta Vaity 1 Years 3 Years CEH
7 Pramod Shinde 4.8 Years 4.8 Years ECSA
8 Pranav Pisal 3.6 Years 4 Years CEH, ECSA, CHFI
9 Pratik Kharat 8.2 Years 8 Years CEH
Pratik Patil 2.5 Years 2.5 Years CEH
10
Vaishali Rane 1 Years 2.6 Years CEH

11
12
Rahul Kshirsagar 5 Years 5 Years CEH
13
Rahul PK 4.6 Years 6 Years ECSA
Rajdeep Murde 1.6 Years 3.9 Years CEH, OSCP
14
Raviraj Rao 3.2 Years 3.2 Years CEH, ECSA

15
Royce Fernando 1.6 Years 4.5 Years CEH, ECSA

16
Ruksar N. Pathan 1.3 Years 3 Years

17
Sagar shah 6 Years 6 Years CEH

18
Sharat 2 Years 3.6 Years CEH, ECSA

19
Kaikolamthuruthil
Tushar Malhotra 0.10 Years 6.6 Years OSWP, AS|PT
20
Wasim Shaikh 1.2 Years 3.2 Years CCNA

21
Minakshi Patil 0.8 Years 1.5 Years

22
Nikhil Raut 0.6 Years 2.7 Years

23
Saumya Kasthuri 1 Years 2.9 Years

24
Divya Mukka 0.2 Years 3.2 Years CEH

25
26
Suresh Kumar 0.2 Years 3 Years
27
Sneha Nair 0.2 Years 0.2 Years
Akansh Jathan 0.3 Years 0.9 Years CISP, CPFA
28
Raj shah 0.3 Years 0.3 Years CISH, CPTE

29
Vrushali Panzade 0.3 Years 1 Years

30
Sibani Singh 0.3 Years 3.5 Years

31
Samidha Gandhi 0.7 Years 0.7 Years CEH, CISEH, CPTE

32
Suresh Panda 0.1 Years 2.6 Years

33
project value.
1. Indusind Bank - 500 Man days PO, which contain Web App, Mo
audits. Location is Mumbai
2. NSDL – 2 full time resource PO, which contain WebApp and Mobile A
Vadodara and Mumbai
1. Burp Suite – Commercial
2. AppTrana – Proprietary
611, Gateway Blvd Suite 120,
South San Francisco,
CA- 94080
United States of America.
*Information as provided by Indusface Pvt Ltd on 23rd December 2019
Ba
h contain Web App, Mobile app and API
WebApp and Mobile Apps. Location is
re/proprietary):
xperts : No
act etc.))
ails : No
ion? : No
: Yes
r 2019
Back
M/s Haribhakti & Company LLP, Chartered Accountants
Haribhakti & Co. LLP
 IT General Controls Review : Yes
 Vulnerability Assessment/Penetration Testing : Yes
 Cyber Security Awareness Workshop for Board Member
and Senior Members of Management : Yes
 Application/ERP Post implementation Review : Yes
 SAP – configuration controls review for various modules like Finance and Costing, Material M
Distribution, Production planning and Quality Management, Human Resource,
Use access entitlement review, SAP Basis : Yes
 Cloud Security Review : Yes
 Data Privacy Review : Yes
 Data Migration Audit : Yes
 Digital Forensic Review : Yes
 Data Analytics : Yes
 Data Privacy Review : Yes

Govt. : 0
PSU : 0
Private : 16
(Work in progress for 2 private entities)

handled by them)
(part of systems audits) Web-application security audit Wireless security audit
Systems Audit
:
:
:
:
:
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
: 2000
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
Finance and Costing, Material Management, Sales and
uman Resource,
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
:
: 0
: 0
: 16
: 16
eless security audit
11
3
0
0
14
its :
0
3
5
2
Total Nos. of KeyTechnical Personnel
1 Rhucha Vartak 10 Years 10 Years CISA, ISO 27001 : 2005 LA,

CEH, GDPR
FAS Certification
2 Sandeep Shinde 8 Years 8 Years CISA, ISO 27001 : 2005 LA,
CEH, CPISI,
ITIL, MCP
3 Shyamal Devmurari 3 Years 3.5 Years M.S. in Digital Forensics &
Information Assurance
4 Ashish Kapadiya 2 Years 2 Years CEH, M.Tech In Cyber

Security
5 Parth Toliya 1 Year 1 Year CEH, M.Tech In Cyber
Security
6 Pratik Maniya 1 Year 1 Year M.Tech In Cyber Security
7 Akash Chauhan 1 Year 1 Year M.Tech In Cyber Security
8 KaransinhDodiya 4 Month 9 Month M.S. Homeland

Security &Anti Terrorism
9 Himadri Vyas 4 Month 9 Month M.S. Homeland Security

&Anti Terrorism
project value.
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary): Comme


*Information as provided by Haribhakti & Co. LLP on 20/12/2019
Bac
cation : 5
: 9
e/proprietary): Commercial &Open Source
xperts : No ( If yes, kindly provide
ls : No
: No
Back
M/s Madhya Pradesh Agency for Promotion of Information Technology (MAP_IT)
Madhya Pradesh Agency for Promotion of Informa
(MAP_IT)
47/A State IT Center, Arera Hills Bhopal, Madhya Prad
2. Carrying out Information Security Audits since : January 2

 Wireless security audit (Y/N) : N
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : N
 Information Security Testing : Y
 Software Vulnerability Assessment : Y
 Penetration Testing : Y
 Information security policy review and
assessment against best security practices : Y
Govt. :
Security Audits Completed , 38 Security Audits in Progress
PSU :
Private :
handled by them)
(43 Security Audits Completed, 38 Security Audits in progress)

CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
CEH (Certified Ethical Hacker) :
Technology (MAP_IT)
cy for Promotion of Information Technology
rera Hills Bhopal, Madhya Pradesh- 462011
: January 2013
: Y
: Y
: N
: N
: Y
: Y
: Y
: Y
:
43
0
0
81
: 0
: 81
rogress)
: 0
: 0
dits :
0
5
0
0
3
7
ons related to
No. Employee MAP_IT Information Security
1 Ambar Pande 5 years 1 years

2 Vineet Tiwari 1 year 3 Months 1 years
3 Priyank Soni 5 years 8 Months 8 years
4 Vasundhara 4 Years 7 Months 6 years

Raghuwanshi
5 Viral Tripathi 4 Years 1 Month 13 years
6 Rajesh Kushwaha 6 Years 5 Month 6 years
7 Sourabh Singh Rathore 2 Months 8 years
project value.
MP Power Transmission Company Limited
Project consists of 7 different modules which were audited in different phases Comple
Location: Jabalpur Volume:7 Modules
No. of Static Pages in the application: 745 No. of Dynamic Pages in the application:68
Available

Commercial Tools:
Micro Focus Webinspect (19.2.0 ) Burp Suite Professional (v 2.1.07)
Netsparker Professional (version 5.5.1.26518) Acunetix (10.5/11.0)
Freeware Tools:
Kali Linux Framework OWASP-ZAP
Nmap, Nikto, Metasploit,Vega ,Nessus

*Information as provided by Madhya Pradesh Agency for Promotion of Information T
22/Dec.2019
Bac
M/s ANB Solutions Pvt Ltd
ANB Solutions Pvt. Ltd.
901, Kamla Executive Park, Off Andheri-Kurla Road,
J. B. Nagar, Andheri East, Mumbai 400 059

 Software Asset Management : Yes
 Vulnerability Assessment and Penetration Testing : Yes
 Business Continuity and Disaster Recovery : Yes
 Application Security Review : Yes
 Regulatory System Audits : Yes
 Cyber Security Review : Yes

Govt.
PSU
Private

handled by them)
ISMS LA
ISMS LA
ISMS LA, CEHv10, CISA(Exam)
CIISA, CEHv10
CCIE-Security
ISMS LA, CCNA-Security IINS,
Fortinet Network Security
Expert
Nessus VM,ISMA LA, CEHv8
erms of scope (in terms of volume, complexity, locations etc.) along with
ny Limited
modules which were audited in different phases Complexity: Medium
odules
cation: 745 No. of Dynamic Pages in the application:680 Project Value: Not
ools used ( commercial/ freeware/proprietary):
0 ) Burp Suite Professional (v 2.1.07)

n 5.5.1.26518) Acunetix (10.5/11.0)
ZAP
,Nessus
ormation Security Auditors / Experts : No

sight arrangement (MoU, contract etc.))
reign Tie-Ups? If yes, give details : No
of any foreign based organization? : No
es, give details
ers/Offices, if any : No
a Pradesh Agency for Promotion of Information Technology (MAP_IT) on
Back
skills and competence of CERT-In empanelled Information Security
ganisation
Information Security Auditing Organization :

Solutions Pvt. Ltd.
Kamla Executive Park, Off Andheri-Kurla Road,
Nagar, Andheri East, Mumbai 400 059
Audits since : 2009

add more if required)
: Yes
: Yes
: Yes
CI, etc.) : Yes
: Yes
etration Testing : Yes
Recovery : Yes
: Yes
: Yes
: Yes
out in last 12 Months :

. : 7
: 0
te : 160
Nos. of Information Security Audits done : 167
, category-wise (Organization can add categories based on project
: 7
VAPT :
IT security audit :
Application Security Audit :
Regulatory audits :
Cyber Security :
Vendor Risk Assessment :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
CISM :
CRISC :
IS22301 :
CEH :
S. Name of Employee Duration with ANB Experience in Information Qualifications related to
No. Security Information security
1 NirmaVarma 18 Years and 20 years and 02 months • CISA
11 Months • BS7799LA
• ISO 22301 IA
2 Amit Mittal 01 Year and 8 22 years and 7 months • CISA

Month • ISO27001:2013 LA
3 Ashok Agarwal 01 Year and 8 39 years and 1 months • CISA
Month • CRISC
4 AbhijeetLandge 01 Year and 9 4 years and 11 months • ISO 27001:2013
Months • ISO 22301:2012
5 AmitLanjewar 00 Year and 10 0 years and 1 months • ISO 27001:2013 LA
Months
6 AditeeKarnik 01 Years and 5 06 years and 1 months • CISA
Months • ISO 27001:2013
• ISO 22301:2012
7 HarshalDeshmukh 01 Year and 06 14 years and 0 months • CEH

Months • OCSP
• ISO 22301:2012
8 HarshadMahajan 08 Year and 06 11 years and 1 months • ISO 27001:2013 LA

Months
9 JaysingMhaskar 02 Year and 01 5 years and 6 months • ISO 27001:2013
Months • ISO 22301:2012
10 Kapil Shah 01 Year and 08 3 years and 11 months • ISO 27001:2013
Months • CEH
11 Kunal Mehta 02 Year and 05 12 years and 0 months • CISA
Months
12 Mitesh Band 01 Year and 03 7 years and 10 months • CEH

Months
13 Mahesh Patil 01 Year and 07 3 years and 5 months • ISO 27001:2013
Months • ISO 22301:2012
14 NirajSoni 02 Year and 10 6 years and 7 months • DISA
Months • CISA
• ISO 27001:2013
23
4
3
27
5
74
20
12
dits :
1
22
17
1
1
1
18
8
36
fications related to
mation security
A
7799LA
22301 IA
A
27001:2013 LA
A
SC
27001:2013
22301:2012
27001:2013 LA
A
27001:2013
22301:2012
H
SP
22301:2012
27001:2013 LA
27001:2013
22301:2012
27001:2013
H
A
27001:2013
22301:2012
A
A
27001:2013
S. Name of Employee Duration with ANB Experience in Information
No. Security
15 OmeyaShinde 01 Year and 08 3 years and 1 months

Months
16 Pranay Shah 02 Year and 10 7 years and 1 months
Months
17 PreetiRaut 10 Year and 06 12 years and 6 months

Months
18 PriyankaPurecha 01 Year and 08 8 years and 2 months

Months
19 PradeepPatil 04 Year and 02 20 years and 5 months

Months
20 PreetiSangmule 05 Year and 10 8 years and 11 months
Months
21 PoojaGoshimath 01 Year and 03 9 years and 9 months
Months
22 RashmiMaydeo 14 Year and 01 17 years and 3 months
Months
23 RemellaSuman 11 Year and 03 12 years and 6 months

Months
24 Rahul More 01 Year and 01 2 years and 5 months
Months
25 SafinaShaikh 01 Year and 04 7 years and 10 months

Months
26 SampoornaNagamali 15 Year and 03 21 years and 6 months
Months
27 Swapnil Parekh 00 Year and 10 4 years and 4 months
Months
28 SwapnilSonawane 01 Year and 02 4 years and 6 months

Months
29 SudhanshuRana 02 Year and 09 10 years and 0 months
Months
30 SanketKshirsagar 02 Year and 04 9 years and 4 months
Months
31 TejasKhankoje 01 Year and 08 2 years and 0 months
Months
32 TusharKajale 01 Year and 00 2 years and 9 months

Months
33 Vaibhav Gandhi 01 Year and 10 2 years and 10 months
Months
34 Vasudha. Ghosalkar 13 Year and 00 12 years and 3 months
Months
35 Vinit S. Shah 05 Year and 06 8 years and 7 months

Months
36 YatindraMahajan 01 Year and 10 1 years and 1 months
Months
• ISO 22301:2012
• ISO 27001:2013
• ISO 22301:2012
• CISA
• ISO 27001:2013
• ISO 22301:2012
• CISA
• ISO 27001:2013
• ISO 22301:2012 IA
• CISA
• ISO 27001:2013
• ISO 22301:2012
• CISA
• ISO 27001 LA
• CISA
• ITIL
• ISO 27001:2013
• ISO 22301:2012
• CISA
• CISSP
• ISO 27001:2013 LA
• ISO 22301:2012 IA
• ISO 22301:2012 IA
• CEH
• CISA
• ISO 27001:2013 LA
• CISA
• CISM
• ISO 27001:2013
• ISO 22301:2012
• ISO 27001:2013 LA
• CEH
• ECSA
• ISO 27001:2013
• ISO 22301:2012
• CISA (Associate)
• CEH
• DISA
• CEH
• ISO 27001:2013
• ISO 22301:2012
• CISA
• ISO 27001:2013
• ISO 22301:2012
• CISA
• ISO 27001 LA
• CEH
project value.
1. For one of leading mutual fund in India conducted:
 Vulnerability assessments for more than 100 system (oper
databases, network devices)
 Application Audit of more than 10 applications
 Vendors audits at associated registrar and transfer, fund accounting
providers
 Information and Cyber Security Audit
2. For one of the leading clearing corporation in India conducted:
 IT General Control and Datacenter operations Audit
 Vulnerability assessment of more than 300 systems & penetration testing on
components
 Reviewing configuration of network components such as router, firewall
 Physical and Environmental verification.
 Operations and Management Process and Control Audit
 Application Audit of more than 20 applications
3. For an international telecom service provider performed

 Vulnerability assessment of 140 system
 Website Application testing of 15 applications

SN Type of Tool Tool Name
1 Freeware  Nmap
 Snmp Walk
 Metasploit
 Cookie Editor
 Echo Mirage
 Winhex
 Kali Linux Framework
 Wireshark
 APK Analyser
 SQLMAP
 Dirbuster
 OWASPZAP
 VAMT
2 Commercial  Nessus Professional

 Burp Suite Professional
 ARSIM
 Lansweeper - License Compliance Auditing Software
3 Proprietary  Scripts for Oracle, Linux, AIX, Solaris, Windows


*Information as provided by <ANB Solutions Private Limited> on <23 rd
December 2019>
Ba
terms of volume, complexity, locations etc.) along with
a conducted:
or more than 100 system (operating systems,
10 applications
egistrar and transfer, fund accounting and custodial service
y Audit
ation in India conducted:
rations Audit
300 systems & penetration testing on the identified external
components such as router, firewall, IDS, proxy server etc.

.
nd Control Audit
cations
rovider performed
ations
ercial/ freeware/proprietary):
ty Auditors / Experts : No (If yes, kindly provide
yes, give details : No

n based organization? : No If yes, gives details
y : No
mited> on <23 rd
December 2019>
Back
M/s BDO India LLP
Name - BDO India LLP
Location – Corporate Office - The Ruby- Level 9, NW Wing, Senapati Bapat Marg, Dadar West, Mum
BDO India has office across 10 cities – Ahmedabad, Bengaluru, Chennai, Hyderabad, Goa, Kochi, Ko
Delhi-Gurugram and Pune

 Information Technology Audits (Y/N) : Yes
 Application control audit (Y/N) : Yes
 IT Governance Audit (Y/N) : Yes
 Cyber Security Assessments(Y/N) : Yes
 Business continuity and disaster recovery : Yes
 Software Compliance Review(Y/N) : Yes
 IT General Control Review(Y/N) : Yes
 Network Architecture Design Review(Y/N) : Yes
 SSAE 18 & SOC 2 Audit (Y/N) : Yes
 WebTrust Audit(Y/N) : Yes
 Vulnerability Assessment and penetration testing : Yes
Govt. : 5 Approximately
PSU : 10 Approximately
Private : 20 Approximately
Total Nos. of Information Security Audits done : 40 Approximately
5. Number of audits in last 12 months, category-wise (Organization can add categories based o
them)
Network security audit : 5 Approximately
Web-application security audit : 15 Approximately
Wireless security audit : 5 Approximately
Compliance audits (ISO 27001, PCI, etc.) : 10 Approximately

CISSPs :
BS7799 / ISO27001 Las :
CISAs :
DISAs / ISAs :
ation
Security Auditing Organization:
NW Wing, Senapati Bapat Marg, Dadar West, Mumbai-400028, INDIA

, Bengaluru, Chennai, Hyderabad, Goa, Kochi, Kolkata, Mumbai, New
: 2013
equired)
: Yes
: Yes
: Yes
) : Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
ng : Yes
2 Months:
5 Approximately
10 Approximately
20 Approximately
40 Approximately
se (Organization can add categories based on project handled by
5 Approximately
15 Approximately
5 Approximately
10 Approximately
ecurity audits:
0
7+
5
5+
10
50+
mation security audits in Government and Critical sector organizations
S. Name of Employee Duration with BDO Experience in
No. India LLP Information Security
1 Ashish Gangrade 1.7 Years 15 Years
2 Saumil G Shah 1.2 Years 15 Years

3 Saloni Verma 2.7 Years* 16 Years
4 Saurabh Mehendale 0.3 Years 8 Years
5 Abhijeet Barve 0.3 Years 6 Years
6 Sagar Saraph 0.3 Years 6 Years

7 Sujaan Masani 2.4 Years 3 Years
8 Salman Syed 0.3 Years 2 Years
9 Rohit Ponnapalli 1.2 Years 7 Years

10 Haerd Joshi 0.5 Years 3 Years
11 Keyur 0.5 Years 2 Years
12 Vishnu Pavithran 0.3 Years 2.5 Years
13 Dhananjay Deo 0.6 Years 15 Years

14 Ankur Gupta 0.8 Years 10 Years
15 Kalpesh Mehta 0.9 Years 9 Years
value.
a) Client is the governing civic body of the capital city of a leading State in India.
ICT infrastructure and Forensic Audit of ERP Systems -
 ICT Infrastructure review
 Review of ERP modules
 IT processes and ERP Configuration standards review
 Review of all the transactions, application and DB logs in the Systems
 Review of integrated application.
 Review of IT General Controls
 Vulnerability Assessment & Penetration Testing
Project Value – 2.02 Crore (Incl of taxes)

Client is a leading Public Sector Organization - As part of the scope, BDO provided following services
 Audit of all Organization’s Assets & Applications
 Vulnerability Assessment and Penetration Testing
 Application Security Review, ITGC Audit, Application Security Infrastructure review
PMP, ITILv3, CDCP,

CCSA,CCNA
CPA, CISA
CISA, CBCP, Certified ISMS
Professional (STQC),
Certified Ethical Hacking
(CEH), DSCI Certified
Privacy Professional, ISO
22301 LA
LA ISO 27001:2013(BSI),
LA ISO 9001:2015(BSI),
CISA, CEH, CHFI, MCTS
LA ISO 27001:2013, CEH
CEH
LA ISO 27001:2013
Offensive Security Certified
Professional (OSCP), CEH,
CISEH
ISO 27001 LA
CEH, ACE
CEH
NASSCOM analyst
application security
CISA, CEH, ISO27001
ACE, CEH, CHFI
ISO 27001 LA
pe (in terms of volume, complexity, locations etc.) along with project
ty of a leading State in India.

s-
eview
B logs in the Systems
art of the scope, BDO provided following services-
g
ation Security Infrastructure review
 Configuration review of operating system & critical devices
 Information security governance & process review
 Audit of data centre & offices
Project Value – Approx. 2 Crore (consolidated)

Commercial Tools: Indicative list -

1. Nessus
2. Burp-Suite
Details of Audit Tools-Freeware

S. No. Tool Name
1 Achilles
2 Brutus
3 CrypTool
4 cURL
5 Exploits
6 Fscan
7 Elza
8 Fragrouter
9 HPing
10 ISNprober
11 ICMPush
12 John The Ripper

13 L0phtcrack
onfiguration review of operating system & critical devices
nformation security governance & process review
udit of data centre & offices
ue – Approx. 2 Crore (consolidated)

Information Security Audit Tools used (commercial/ freeware/proprietary):
al Tools: Indicative list -
ite
Audit Tools-Freeware
Description
A tool designed for testing the security of Web Applications.
A Windows GUI brute-force tool for FTP, Telnet, POP3, SMB,
HTTP, etc.
A Cryptanalysis Utility
Curl is a tool for transferring files with URL syntax, supporting FTP, FTPS,
HTTP, HTTPS, GOPHER, TELNET,
DICT, FILE and LDAP
Publicly available and homemade exploit code for the

different vulnerabilities around
A command-line port scanner, supporting TCP and UDP

A family of tools for arbitrary HTTP communication with picky web sites for
the purpose of penetration testing and
information gathering
Utility that allows to fragment packets in funny ways

A command-line oriented TCP/IP packet assembler/analyzer. It supports
TCP, UDP, ICMP and RAW-IP protocols, has a trace route mode, the ability
to send files between a covered channel, and many other features.
Check an IP address for load-balancing.

A tool that sends ICMP packets fully customized from
command line
A password cracker
NTLM/Lanman password auditing and recovery application
14 Tenable Nessus
15 Netcat
16 NMAP
17 p0f
18 Pwdump
19 SamSpade and Dnsstuff
20 HELIX3
21 FTK
22 SANS Investigative Forensics

Toolkit - SIFT
23 Wireshark
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No

(If yes, kindly provide oversight arrangement (MoU, contract etc.)) – Not Applicable
11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes/No
BDO India LLP, a limited liability partnership, is a member of BDO International Limited, a U
guarantee, and forms part of the International BDO Network of independent member firms
firms across 167 Countries and, each member entity in
respective country is a separate legal entity.
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No : No If yes,
13. Locations of Overseas Headquarters/Offices, if any : Yes/No

BDO’s global office is at The Corporate Village Brussels Airport
E-mail: globaloffice@bdo.globalOffice phone number +32 2 778 01 30*Information as provided by - BDO India L
Ba
A free, powerful, up-to-date and easy to use remote security scanner. This
tool could be used when scanning a large range of IP addresses, or to verify
the results of manual work.
The swiss army knife of network tools. A simple utility which reads and
writes data across network connections, using
TCP or UDP protocol
The best-known port scanner around

Passive OS Fingerprinting: A tool that listens on the network and tries to
identify the OS versions from the information in
the packets.
Tools that grab the hashes out of the SAM database, to use
with a brute-forcer like L0phtcrack or John
Graphical tool that allows to perform different network queries: ping,

nslookup, whois, IP block whois, dig, traceroute,
finger, SMTP VRFY, web browser keep-alive, DNS zone transfer, SMTP relay
check, etc.
collect data from physical memory, network connections, user accounts,

executing processes and services, scheduled jobs, Windows Fegistry, chat
logs, screen captures, SAM files, applications, drivers, environment
variables and Internet history
Multi-purpose tool, FTK is a court-cited digital investigations platform built

for speed, stability and ease of use.
Multi-purpose forensic operating system
Open-source packet capture/analyzer, backend library used is [win]pcap.
urcing of Project to External Information Security Auditors / Experts: Yes/No

dly provide oversight arrangement (MoU, contract etc.)) – Not Applicable
er organization has any Foreign Tie-Ups? If yes, give details: Yes/No
DO India LLP, a limited liability partnership, is a member of BDO International Limited, a UK company limited by
arantee, and forms part of the International BDO Network of independent member firms. BDO has member
ms across 167 Countries and, each member entity in
spective country is a separate legal entity.
er organization is a subsidiary of any foreign based organization? : Yes/ No : No If yes, give details
ons of Overseas Headquarters/Offices, if any : Yes/No

DO’s global office is at The Corporate Village Brussels Airport
aloffice@bdo.globalOffice phone number +32 2 778 01 30*Information as provided by - BDO India LLP on 23rd December 2019
Back
M/s CMS IT Services Pvt Ltd
CMS IT Services Pvt. Ltd. (236,92/1A, Konappa Agrahara, Benkataadri Tech Park, E
Bengaluru, Karnataka 560100)
2. Carrying out Information Security Audits since :
<2015>
 Network security audit : (YES)
 Web-application security audit : (YES)
 Wireless security audit : (YES)
 Compliance audits (ISO 27001, PCI, etc.) : (YES)
 Security Operation Audit : (YES)
 IT Services (ITIL) Processes Audit : (YES)
 Asset Management processes Audit : (YES)
 Infrastructure Security Audit : (YES)
Govt.
PSU
Private

handled by them)
Compliance audit (ISO 27001, PCI, etc.) : 8
CISSPs : 0
BS7799 / ISO27001 LAs : 3
CISAs : 2
DISAs / ISAs : <0>
Any other information security qualification : 15+
No. CMS IT Information Security Information security
Pvt.Ltd
1 DR.Manjeet Singh August 2016 10 Yrs CISA , ISO/IEC 20000 ITSM,ISO

27001:2013
ISMS,ISO/IEC 27001-
27002 Lead Auditor
Organization :
Benkataadri Tech Park, Electronic City, Phase I,
: (YES)
: (YES)
: (YES)
: (YES)
: (YES)
: (YES)
: (YES)
: (YES)
: 1
: 3
: 8
udits done : 12
2
2
0
8
0
3
2
<0>
15+
20+
CompTIA Security+ , CEH- V11
2 R. A Prasad August 2018 10 years ITSM/ISMS/ITG/ITAM

consultant
CISA/ITIL
Manager/CGEIT/CRISC?Iso
9001/ISO 27001
3 Sachin Kumar October 2016 5 years CEH

4 Sanjay Singh April 2007 7 years CEH
5 Pranav Jadhav 1.8 Years 1.8 years ISO 27001 LA
6 Tariq Syed Aug 2004 5 years ISO 27001 LA
7 Xavier Naidu Aug 2000 5 years ISO 27001 LA
project value.
ONGC is our Managed services contracts where CMS IT is providing the AMC and FMS
India (35+) Locations. Assets covered under the contract are more than 40,000 Nos.
devices, servers, PC, peripherals etc.. More than 400 Nos. of FMS engineers have bee
onsite service operations. In this, managed services contact we are doing VA/PT for a
servers and applications. Security audit, being a part of contract, there is no additiona
associated or mentioned in
purchase order.
Application VAPT Network VAPT Wireless VAPT
Burp Suite Nmap Cowpatty

Directory Buster Nessus Burp Suite
SQL Map Metasploit Wireshark
WP Scan Python Wireless VAPT
Nikto Ncat Aircrack-ng Suite
Nessus Wireshark
10. Outsourcing of Project to External Information Security Auditors / Experts: Y

*Information as provided by CMS IT Services Pvt. Ltd.on<31-12-19>
Bac
viding the AMC and FMS Support services PAN

more than 40,000 Nos. which includes network
FMS engineers have been deployed to deliver
we are doing VA/PT for all network devices,
act, there is no additional commercial value
re/proprietary): Commercial & Freeware
Auditors / Experts: Yes (If yes, kindly provide
: No
: No
Back
M/s Esec Forte Technologies Pvt Ltd
M/S ESEC FORTE® TECHNOLOGIES PRIVATE LIMITED
Registered Address:
DELHI: A-2/10, A-2 Block, Rohini Sector- 5, New Delhi – 110085
Corporate Office (Mailing Address):

GURUGRAM:Plot No. 311, Ground floor, Udyog Vihar Phase- IV, Gurugram – 122015
Branch Office:
BANGALORE:143, 3rd Floor, 10th Cross, Indira Nagar 1st Stage, Bangalore – 560038
MUMBAI:Plot C-59, Bandra Kurla Complex, Bandra East, Mumbai- 400051
2. Carrying out Information Security Audits since
 Firewall Audits
 Digital Forensic Investigations
 Red Team Assessment
 Source Code Review
 Penetration Testing
 Vulnerability Assessment
:
:
:
:
:
:
:
:
:
Govt. : 5+
PSU : 5+
Private : 50

handled by them)
Red Team Assessment :
Forensic Analysis and Incident Response :
CISSPs : <1
BS7799 / ISO27001 LAs : <3
CISAs : <1
OSCP : <2
DISAs / ISAs : <>
curity Auditing Organization :

GIES PRIVATE LIMITED
Sector- 5, New Delhi – 110085
har Phase- IV, Gurugram – 122015
agar 1st Stage, Bangalore – 560038

ra East, Mumbai- 400051
quired)
Months :
<2011>
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
: 5+
: 5+
: 50+
Audits done : 50 +
<20+>
<20+>
<5+>
<5+>
<5+>
<10+>
rity audits :
: <1>
: <3>
: <1>
: <2>
: <>
alification:
CEH : <20+>
PCI QSA : <1>
CHFI : <1>
CDFE : <1>
CTIA : <1>
ECIH : <1>
Others : <20+>
S. Name of Duration with Experience in Qualifications related to Information security
No. Employee <eSec Forte Information
Technologies> Security
1 Sachin Kumar 2011 14 Years CISSP, PCI QSA, CEH, CDFE, ISO
27001,Nexpose Certified Administrator,
Metasploit Certified Administrator,B.Tech
2 Saurabh S 2017 13 Years CEH, MCSE: Security, ITIL V3,ECSA,

CyberarK Vault Administrator, CPISI
– PCI DSS v3.2, Sourcefire Certified
Professional, Qualys Guard Security Expert.
MS Cyber Law
3 Kunal Bajaj 2013 11 Years ISO 27001, B.Tech, MBA
4 Mohit Mittal 2015 13 Years CSM, CISA, AWS CSA, PMP
5 VR 2017 3 Years CEH, RHCE , RHCSA
6 S.C 2019 4 years CEH
7 PB 2017 3 Years OSCP
8 AS 2019 2 years OSCP
9 DSY 2019 9 Years Certified Incident Handler (ECIH)OPSec for
ICS (DHS,
US)Certified Threat Intelligence Analyst
(CTIA), CHFI
10 SS 2018 2 years CEH
11 AK 2019 4 Years CEH
12 JK 2016 5 Years CEH, M.Tech
13 AC 2014 6 years TCSE, CMO
14 HK 2018 4 years TCSE, CEH, Tenable Certified Associate
15 VK 2019 6 years ISO/IEC 27001 LA, Certified Cyber Security

Expert
project value.
o Have conducted VAPT of multiple proprietary made hardware
o Have performed VAPT of 400+ assets in a complex IT Infrastr
large and complicated applications.
o Have conducted Source code analysis and Dynamic application
financial applications

• Metasploit
• Nexpose
• Nessus
• Nipper
• Netsparker
• Checkmarx
• Burp Suite
• Nmap
• Wireshark
• Immunity Canvas
• Immunity Silica
• Hak5 (Pineapple Wifi)
• Social Engineering Toolkit
• Kali Linux
• Aircrack-ng
• Cisco Global Exploiter
• Ettercap
• John the Ripper
• Kismet
• Maltego
• Cuckoo
• Volatility
• sslstrip
• hping3
• dnswalk

Yes, eSecForte Technologies is partner with multiple OEM Companies such as Tenable, Acce
Tufin, BeyondTrust etc. for Information Security and Forensic Products.
eSec Forte acts as Value Added Partner for these companies and is involved in Pre-Sales, Im
Sales activities.

Singapore: eSec Forte® Technologies Singapore PTE Ltd.
1 North Bridge Road, #11-10, High Street Centre, Singapore 179094 P: +65 31650903
Sri Lanka: eSec Forte Technologies Sri Lanka Pvt. Ltd.
Level 26 & 34, East Tower, World Trade Center, Echelon Square, Colombo, 00100, Sri Lank
*Information as provided by <eSec Forte® Technologies Private Limited> on <23 Dec
Bac
20+>
1>
1>
1>
1>
1>
20+>
0+
prietary made hardware and software’s devices.

in a complex IT Infrastructure and WAPT of very
and Dynamic application testing of Digital
are/proprietary):
Experts : No (If yes, kindly provide
ails : Yes
es such as Tenable, AccessData, Cato Networks,
ucts.
involved in Pre-Sales, Implementation and Post-
ion? : No
: Yes
94 P: +65 31650903
olombo, 00100, Sri Lanka
e Limited> on <23 December 2019>
Back
M/s Finest Minds Infotech Private Ltd
Finest Minds Infotech Private Ltd. #90, 2nd Floor, 17th c
Layout, Bangalore-560102

 Network security audit (Y/N) : Y
 Web-application security audit (Y/N) : Y
 Wireless security audit (Y/N) : N
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y

Govt. :
PSU :
Private :

handled by them)
CISSPs : 00
BS7799 / ISO27001 LAs : 02
CISAs : 00
DISAs / ISAs : 00
Any other information security qualification -CEH : 05
1 Akshat Jain 1+ Years 15+ Years MBA IIM-Lucknow
2 Utkarsh Garg 1+ years 2+ years M.Tech
3 Mukul Kantiwal 1+ Years 2+ Years B.TECH, CEH

g Organization :
Ltd. #90, 2nd Floor, 17th cross, 14th Main, HSR
: 2016
: Y
: Y
: N
: Y
: 01
: 01
: 13
: 15
ion can add categories based on project
06
20
00
05
00
02
00
00
05
15
4 Mridul Mundhra 1 Years 2 Years M.TECH
5 Nikhil Ajmera 1+ Years 2+ Years B.TECH
6 Rahul Singh 1+ Years 2+ Years B.TECH
7 Sandeep C S 1+ years 1 + years B.TECH

8 Abhishek Singh 3+ Months 1 Year B.TECH
project value.
 Application Security audit
 IT Security Audit, ISMS Consultancy /Audit
 Industrial Control Systems security audit
 Performance audit

Commercial
 Nessus
 WebInspect
 Acunetix
 Burp
Freeware
 Paros
 W3af
 nmap
 SQLMap
 Kismet
 Kali Linux
 Fiddler
 Wireshark
 BeEF
 Nikto
 Metasploit framework
 John the ripper
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No ( If yes
oversight arrangement (MoU, contract etc.))No
*Information as provided by Finest Minds Infotech Pvt Ltd on 03rd December 2017
Bac
ware/proprietary):
/ Experts : Yes/No ( If yes, kindly provide
03rd December 2017

Back
M/s Imperium Solutions
M/s Imperium Solutions
2. Carrying out Information Security Audits since : November 2019
 Network security audit (Y/N) - Y
 Web-application security audit (Y/N) - Y
 Wireless security audit (Y/N) - Y
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) - Y
 Govt.:<number of> - 7
 PSU:<number of> - 8
 Private:<number of> - 23
 Total Nos. of Information Security Audits done : 38
5. Number of audits in last 12 months, category-wise (Organization can add categ

project handled by them)
 Network security audit: <number of> -
 Web-application security audit: <number of> -
 Wireless security audit:<number of> -
 Compliance audits (ISO 27001, PCI, etc.): <number of> -
 Cyber Security Assessment as per IRDAI, RBI Guidelines: <number of> - 2
 CISSPs:<number of> -
 BS7799 / ISO27001 LAs:<number of> -
 CISAs:<number of> -
 DISAs / ISAs:<number of> -
 Any other information security qualification:<number of> -
(Masters in InfoSec, BSc (IT) & Diploma InfoSec)
 Total Nos. of Technical Personnel : 5
7. Details of technical manpower deployed for information security audits in Governme
No. Employee <organization> Information Information security
Security
1 Ms. Tasneam P 11+yrs. 15+yrs. CISA, ISO27001 LA, Dip in
Cyber Law
2 Mr. Kirankumar Patel 2.5yrs. 2.5yrs. Masters in Information Security
3 Ms. Soundarya K >1yr >1yr Bachelors of Science

(Information Technology),
Certified InformationSecurity
Consultant
4 Mr. Jude Dcosta 2.5yrs. 2.5yrs Masters in Information Security
5 Ms. Swedha 5+yrs. 15+yrs. CISA
on Security Auditing Organization:

tions
: November 2019
quired)
- Y
- Y
- Y
- Y
Months:
- 7
- 8
- 23
Audits done : 38
y-wise (Organization can add categories based on
11
22
4
6
delines: <number of> - 2
urity audits:
0
3
2
0
2
ploma InfoSec)
: 5
tions related to
ion security
SO27001 LA, Dip in

w
in Information Security
s of Science
tion Technology),
InformationSecurity
nt
in Information Security
No. Employee <organization> Information
Security
Fernandes
6 Mr. Prakash D’Silva 7+yrs. 7+yrs.
7 Ms. Chandni Joshi 6 months 6 months
project value.
 Universal Sompo General Insurance–
o Vulnerability Assessment and Penetration Testing of
 Security devices – 9
 Network Devices – 13
 Wireless Network Devices – 11
 Databases – 19
 Servers – 39
 Internal Web Applications – 8
 External Web Applications – 18
 Penetration Testing of External IP addresses – 10
o Assess the IT Infrastructure from information security perspective
o Document the hardening guidelines as per IRDAI requirements.
9. List of Information Security Audit Tools used(commercial/freeware/proprietary): N

Netsparker, Imperva Scuba, Kali Linux for Penetration Testing
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No
11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes/No
12. Whether organization is a subsidiary of any foreign based organization? Yes/ No
13. Locations of Overseas Headquarters/Offices, if any: Yes/No
*Information as provided by <Imperium Solutions> on <30th Dec 2019>
Ba
ISO27001 LA, ISO9001 LA,
ISO27001 LA
ed in terms of scope (in terms of volume, complexity, locations etc.) along with
po General Insurance–
ssessment and Penetration Testing of
es – 9
es – 13
ork Devices – 11
9
pplications – 8
Applications – 18
sting of External IP addresses – 10
nfrastructure from information security perspective
hardening guidelines as per IRDAI requirements.
y Audit Tools used(commercial/freeware/proprietary): Nessus, NMAP, ZED Proxy,

Linux for Penetration Testing
ernal Information Security Auditors / Experts: Yes/No
versight arrangement (MoU, contract etc.))
any Foreign Tie-Ups? If yes, give details: Yes/No
bsidiary of any foreign based organization? Yes/ No
dquarters/Offices, if any: Yes/No
<Imperium Solutions> on <30th Dec 2019>
Back
M/s Kochar Consultants Private Limited
Kochar Consultants Private Limited - Mumbai
 IT General Controls Review : Yes
 Vulnerability Assessment/Penetration Testing : Yes

Govt.
PSU
Private

handled by them)
IT General Controls Review : 40+
Process Reviews : 1
Regulatory Compliance Audits - Exchange Members : 25+
(Annual Compliance System Audit, etc. )
Audit of Wallet Companies as per RBI guidelines : 2
EKYC Audits as per UIDAI Guidelines : 4
CISSPs
BS7799 / ISO27001 LAs
CISAs
DISAs / ISAs
No. Kochar Consultants Information Information security
Security
1 Pranay Kochar Jul-06 10 CISA, DISA

2 Sona Shah Jul-06 8 DISA
rganization :
ed - Mumbai
: 2005
Yes
Yes
Yes
Yes
Yes
Yes
: Nil
: Nil
: 30+
udits done : 30+
1
2
5
40+
1
25+
2
4
: Nil
: 5
: 9
: 2
cation : Nil
: 12

3 Mithun Lomate Mar-10 6 CISA, COBIT Assessor
4 Vidya Kamath Feb-16 12 CISA, ISO 27001 LA
5 Pankaj Dhiman May-16 4 CISA
6 Kamlesh Kale Jul-16 6 CISA, CISM, ISO
27001 LA
7 Arvind Vira Dec-17 6 CISA, CISM, ITIL V3F, ISO
27001 LA, CCNA
8 Juvairia Shaikh Feb-18 2 ISO 27001 LA
9 Sumil Bavad Feb-19 1 CISA
10 Latika Shetty Mar-19 2 CISA
11 Kishore Gaikwad Nov-19 1 ISO 27001 LA
12 Fernando de Navarro Nov-19 8 CISA, ISO 27001 LA
Menezes
project value.
Client: Leading Commodity Exchange
Scope of Work:
Sr. Activities
1 Reviewing and carry out necessary changes of Standard Operating Procedure (SOP) for all the departments of
the organization as per latest ISO 27001:2013 standards for its improvement.
2 Review and carry out necessary changes of Information Security Policies / procedures / Plans / Risk Management
report / Guidelines etc. and its implementation.
3 Carry out Internal audit for each department and effectiveness of controls implemented based on scope defined
on ISO 27001:2013 standards
4 Review implementation of Cyber security policy and implementation of SEBI guidelines
5 Vulnerability Assessment and Penetration Testing (VA & PT).
6 Reviewing and updating BCP, DRP for new changes, if any and Provide BCM training to all employees.
7 Meeting each department for review of BIA and carry out changes in BIA as per the requirement.
Carry out Internal audit for each department and effectiveness of controls implemented as per TOR of SEBI
8 circular CIR/CDMRD/DEICE/01/2015 dated November 16, 2015, excluding VA & PT.
9 Review of observations reported during audit reports (ISO 27001:2013 and Annual System Audit), and actions
taken for the recommendation, if any and submit closure report.
10 Presentation of audit findings with recommendations to the Management along with its compliance status.
Locations: Mumbai, Project Value: 15 lakhs.

 Freeware Tools
o Nmap, Superscan and Fport - Port Scanners
o Metasploit framework, Netcat, BeEF , Cain & able, Hydra, John the ripper - Penetratio
cracking
o Process explorer, Sigcheck - Windows Kernel & malware detection
o Netstumbler , Aircrack-ng suite & Kismet – WLAN Auditing
o OpenVas, W3af, Nikto - Vulnerability scanner
o Wireshark – Packet Analyser
o SQL Map
o Kali Linux and all tools inbuilt into it.
 Commercial Tools
o Nessus – Vulnerability Scanner
o Burp Suite, Acunetix - Web application auditing

o Passware: Password Cracking

*Information as provided by < Kochar Consultants Private Limited - Mumbai> on
<23/12/2019>
Bac
departments of
/ Risk Management
on scope defined
loyees.
nt.
TOR of SEBI
dit), and actions
ance status.
e/proprietary):
n the ripper - Penetration Testing & Password
ction
xperts : No ( If yes, kindly provide
ls : No
: No
Limited - Mumbai> on
Back
M/s Larsen & Toubro Infotech Ltd
LTI (A Larsen & Toubro Group Company)
L&T House,
Ballard Estate, Mumbai 400 001, India

 Network Penetration Testing : Yes
 Mobile Application Security testing : Yes
Govt.
PSU
Private

handled by them)
Web-application security audit Network Penetration Testing Mobile Application Security testing
6. Technical manpower deployed for information security audits : CISSPs
DISAs / ISAs OSCP
CEH CHFI
CCNP and CCNA
PCI DSS v3.2 Implementation CRISC
OEM vendor certified professionals Total Nos. of Technical Personnel
: 6
: 50+
: 10+
: 4
: 0
: 2
: 2
: 7
: 2
: 0
: 1
: 24
: 2
: 11
: 1
: 1
: 13+
: 170+
S. Name of Employee Duration Experience in Qualifications related to Information security
No. with LTI
Organization :
Company)
ndia
: 2012
Yes
Yes
Yes
Yes
Yes
Yes
: 10+
: 0
: 62+
Audits done : 72+
on can add categories based on project
pplication Security testing Wireless security audit
ISSPs
6
50+
10+
4
0
2
2
7
2
0
1
24
2
11
1
1
13+
170+
Information
Security
Pavankumar 3 years CISA, ISO 27001 LA, CEH, Certified
1 Shukla 12 years Qualys Guard Specialist, IBM QRadar SIEM
Certified
Nath Dibya Ranjan 3 years COBIT5, ISO 27001 LA, CEH v8, ECIH,
ITIL, Prince2, Privacy and Data Protection
(PDPF), PCI DSS v3.2 Implementation,
2 8 years
Certified Sarbanes
Oxley Expert (CSOE), IBM QRadar, Qualys
Guard Certified Specialist
3 Pradeep 3 years 11+ years OSCP, ISO 27001 LA, CEH, CCNA
Mahangare
4 Hartley John Dow 1 year 25 years MCSE, CCNP, CISSP
5 Rajesh Sharma 11 months 8 years ISO 27001 LA, CEH, CHFI, MCP
6 Vijaykumar Reddy 2+ years 13 years CEH, ISO 27001, CISRA, ITIL V3 F, UK

Government GCHQ-Certified CIPR
Sudarsanan 1+ years CEH , ISO Lead Auditor 27001:2013 , McAfee
7 Sudheesh 6 years SIEM Admin
Nambekkat
Prasanna Lalgudi 3+ months CISA, CRISC, PMP,
8 9 years CSX(Fundamentals), ISO 27001 LA, DCPP
9 Mayur Somwanshi 1+ years 8 years CEH, MCP
10 Rahul Mehta 2+ months 14 years CEH

11 Vinayak Sakhare 11 Months 6+ years CEH, CCNA
12 Aakanksha Deo 1 Month 2+ years CEH, ISO 27001 LA
13 Nikhil Kasar 2.11 years 3+ years CEH

14 Chetansingh 2.11 years 3+ years CEH, QualysGuard– Vulnerability Management
Rathod
15 Ravi Teja 2.10 years 3+ years CCNA, CEH
16 Navin Mhatre 9 months 6 years CEH, ArcSight AESA, IBM Qradar
17 Chattopadhyay 1+ years 2 years CEH
Tishya
18 Fernandez Dominic 1+ years 6 years CEH
19 Madhavan N 1+ years 6 years CCNA, CEH

1+ years Arcsight ESM Security Analyst, CEH, Certified
20 Vijay Lalwani 3.9 years Network Defender, ITILv3 Foundation, CCNA
21 Ameer Prakash 1+ years 5 years CEH
22 Ankur Joshi 1+ years 8.3 years CEH

Mangesh Salunkhe 1 year CEH v9, ITIL v3, IBM QRadar Security Analyst,
23 14 years Symantec SEP Administration, CCNA
24 Deshpande Amar 11 months 4 years CEH, Splunk Power User, Cyber Law
Shishir
25 Bhandari Shahbaz 7 months 2.2 years CEH
A
26 Avugadda 1+ years 3.5 years CCNA R&S
Venkatesh
27 Chanda Chiradip 1 year 4.5 years MCSA
28 Rahul Rane 4 months 9.10 years Palo Alto CNSE, CCSA, CCSE, CCNA
Sec
29 1 month 13+ years ArcSight Certified Security Analyst (ACSA),
Check Point Certified Security Expert (CCSE),
Jitendra Chaudhari Qualys Vulnerability
Management, Cisco Certified Security
Professional (CCSP)
30 Mahaldar Salman 1+ years 9+ years CCIE Security, PALO ALTO ACE
Qasim
31 Rakesh Shirsat 1+ years 11 years CCNA, CCNP, Cisco ASA, Palo Alto ACE, ITIL V3
32 Karthik P ~0.5 month 7 years CISSP,CEH,CHFI,ISO27001,CPISI,ITIL- F

project value.
Client Volume Complexity Location Project Value
Leading Insurance Web and Mobile Apps Business critical Remotely (Mumbai) USD 65K
company in Europe Insurance
applications used by
end users
One of the leading Banking application Test in-line with PCI Onsite from client USD 16k
bank in middle east standard location (Middle East)
Leading Financial Web applications and Business critical Remotely (Mumbai) USD 35K
Services Technologies Infrastructure Security products, Internal
in Canada and External assets
Multi-industry company Web applications and Penetration testing Remotely (Mumbai) USD 15K
supporting as per OWASP and
infrastructure pen test PCI
Standards
Leading Insurance Dynamic application Focus on protecting Remotely (Client USD 84K
company in US security test in SDLC the insurance ODC)
information for
Business critical
application
Government body of Application security Business critical Remotely (Client INR 2.7 MN
India assessment application for Govt. ODC)
of India
Leading Insurance Application Security Business critical Remotely (Client USD 18 K

company in Canada assessment and Insurance product ODC)
configuration review

Commercial: IBM Appscan, IBM Source, Acunetix, Nessus, Burp Suite Pro, Checkmarx
Freeware: WireShark, Nmap, Kali Linux, Metasloit, OpenVas, THC Hydra, John The Rippe
Nikto, Fiddler, Dirbuster, SQLMap, CSRFtester, SSLscan, Fiddler, Eco Mirage etc.
Proprietary: iDiscover, SmartBoard for vulnerability tracking

*Information as provided by Larsen & Toubro Infotech Limited on 4th Dec 2017
Ba
e/proprietary):
p Suite Pro, Checkmarx, QualyGuard, HP Fortify
Hydra, John The Ripper, SamSpade, Netcat,

Eco Mirage etc.
Experts : No
n 4th Dec 2017
Back
M/s Mirox Cyber Security & Technology Pvt Ltd.
Mirox Cyber Security & Technology Pvt Ltd4th Floor Nila Technopark Trivandrum
2. Carrying out Information Security Audits since : Since 201

 Application VAPT - (Vulnerability Assessment & Penetration Testing) : YES
 Network VAPT - (Vulnerability Assessment & Penetration Testing) : YES
 Mobile Application VAPT - (Vulnerability Assessment & Penetration Testing) : YES
 IOT Security Testing : YES
 Social Engineering Test : YES
 Secure Code Review : YES
 Host Security Assessments : YES
 Database Security Audit & Assessment : YES
 Device Security Audit & Assessment : YES
 Telecom Security Audit & Assessment : YES
 SCADA VAPT : YES
 Electronic Security Audit : YES
 Risk Assessments : YES
 ERP Security Audit & Assessment : YES
 Infrastructure Security Audit : YES
 Big Data Security Audit & Assessment : YES
 Cyber forensic Analysis : Yes
 Security Architecture Review : Yes
 Data Center Security Audit & Assessment : Yes
 Cloud Applications VAPT : Yes
 Threat Assessment : Yes
 SOC - Security Operation Center Audit & Assessment : Yes
 Managed Security Service : Yes

Govt. :
PSU :
Private :
handled by them)
 Network security audit : 10
th Floor Nila Technopark Trivandrum 695581 Kerala India Phone +91 471 4016888 , 4000545 Mobile 9995199499Email - rb@miroxindia.com Email-
: Since 2010
: Yes
: Yes
: Yes
: YES
on Testing) : YES
Testing) : YES
enetration Testing) : YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
:
18
3
60
81
: 10
 Application security audit & assessment :
 Penetration Testing :
 Compliance audits (ISO 27001, PCI, etc.) :
 Mobile Applications :
 IOT & Device Audit :
 ERP Audit :
 Database Security Audit :
 Security Architecture Review :
 Threat Assessment :
 Social Engineering Test :
 Cyber forensic Analysis :
 Risk Assessment :
 Infrastructure Security Audit :
 Electronic Security Audit :

CISSPs : 1
BS7799 / ISO27001 LAs : 1
CISAs : 1
Core Security Certifications : 10
1 Rajesh Babu 10 14+ CEH/Security Expert
Certified/CISO/Risk
Assessment
2 Lalit 1 16+ Lead Auditor ISO
27001:2005 , - ISO
22301:2012 , - ISO
9001:2015
(Information Security
Management System)
3 Harish V 4.5 4.5 + CEH, Security Certified

4 Amal TK 2 2+ Security Certified
5 Ananthulal 1 1+ CEH, Security Certified
6 Anas SA 2 2+ M.SC Cyber Security
7 Pradeep KK 1 15 + Lead Auditor for ISO 27001,
Lead Auditor for ISO
9001,Qualified Auditor for
ISO 14001, CSQP
8 Manoj VN 1 15 + Lead auditor for

QualityManagement System
(ISO 9001)Lead auditor for
EMSQualified auditor for
OHSAS ( Safety &
Security)
9 Nandu 1 2+ Electronic Security Certified

: 40
: 40
: 5
: 2
: 20
: 1
: 1
: 3
: 1
: 2
: 3
: 2
: 2
: 5
: 1
1
1
1
10
6
15
10 Vishnu 1 1 CEH, Security Certified
project value.
 Done the largest Infrastructure Security Audit and Assessment more than 50
Enterprise UTM/IDS/IPS/SIEM/ Routers and other related IP based devices etc.
company and Kerala State Government SECWAN
 Done The Security Testing for World's 3rd largest image and video content p
Enterprise. Its owned and stock more than 100 millions video and image conten

S.No. Tools Opensource/Licensed
1 Acunetix Licensed
2 Nessus Licensed
3 SE-SMSer Opensource
4 acccheck opensource
5 ace-voip opensource
6 Amap opensource
7 arp-scan opensource
8 Automater opensource
9 bing-ip2hosts opensource
10 braa opensource
11 CaseFile opensource
12 CDPSnarf opensource
13 cisco-torch opensource
14 Cookie Cadger opensource
15 copy-router-config opensource
16 DMitry opensource
17 dnmap opensource
18 dnsenum opensource
19 dnsmap opensource
20 DNSRecon opensource
21 dnstracer opensource
22 dnswalk opensource
23 DotDotPwn opensource
24 enum4linux opensource
25 enumIAX opensource
26 EyeWitness opensource
27 Faraday opensource
28 Fierce opensource
sessment more than 5000 machines plus

d IP based devices etc...for an US Based
age and video content portal for an UK based

ideo and image contents.
e/proprietary):
ensed
29 Firewalk
30 fragroute
31 fragrouter
32 Ghost Phisher
33 GoLismero
34 goofile
35 hping3
36 ident-user-enum
37 InSpy
38 InTrace
39 iSMTP
40 lbd
41 Maltego Teeth
42 masscan
43 Metagoofil
44 Miranda
45 nbtscan-unixwiz
46 Nmap
47 ntop
48 OSRFramework
49 p0f
50 Parsero
51 Recon-ng
52 SET
53 SMBMap
54 smtp-user-enum
55 snmp-check
56 SPARTA
57 sslcaudit
58 SSLsplit
59 sslstrip
60 SSLyze
61 Sublist3r
62 THC-IPV6
63 theHarvester
64 TLSSLed
65 twofi
66 URLCrazy
67 Wireshark
68 WOL-E
69 Xplico
70 BBQSQL
71 BED
72 cisco-auditing-tool
73 cisco-global-exploiter
74 cisco-ocs
75 cisco-torch
76 copy-router-config
77 DBPwAudit
78 Doona
79 DotDotPwn
80 HexorBase
81 Inguma
82 jSQL
83 Lynis
84 Nmap
85 ohrwurm
86 openvas
87 Oscanner
88 Powerfuzzer
89 sfuzz
90 SidGuesser
91 SIPArmyKnife
92 sqlmap
93 Sqlninja
94 sqlsus
95 tnscmd10g
96 unix-privesc-check
97 Yersinia
98 Armitage
99 Backdoor Factory
100 BeEF
101 Commix
102 crackle
103 exploitdb
104 jboss-autopwn
105 Linux Exploit Suggester
106 Maltego Teeth
107 Metasploit Framework
108 MSFPC
109 RouterSploit
110 Airbase-ng
111 Aircrack-ng
112 Airdecap-ng and Airdecloak-ng
113 Aireplay-ng
114 Airmon-ng
115 Airodump-ng
116 airodump-ng-oui-update
117 Airolib-ng
118 Airserv-ng
119 Airtun-ng
120 Asleap
121 Besside-ng
122 Bluelog
123 BlueMaho
124 Bluepot
125 BlueRanger
126 Bluesnarfer
127 Bully
128 coWPAtty
129 crackle
130 eapmd5pass
131 Easside-ng
132 Fern Wifi Cracker
133 FreeRADIUS-WPE
134 Ghost Phisher
135 GISKismet
136 Gqrx
137 gr-scan
138 hostapd-wpe
139 ivstools
140 kalibrate-rtl
141 KillerBee
142 Kismet
143 makeivs-ng
144 mdk3
145 mfcuk
146 mfoc
147 mfterm
148 Multimon-NG
149 Packetforge-ng
150 PixieWPS
151 Pyrit
152 Reaver
153 redfang
154 RTLSDR Scanner
155 Spooftooph
156 Tkiptun-ng
157 Wesside-ng
158 Wifi Honey
159 wifiphisher
160 Wifitap
161 Wifite
162 wpaclean
163 apache-users
164 Arachni
165 BBQSQL
166 BlindElephant
167 CutyCapt
168 DAVTest
169 deblaze
170 DIRB
171 DirBuster
172 fimap
173 FunkLoad
174 Gobuster
175 Grabber
176 hURL
177 jboss-autopwn
178 joomscan
179 jSQL
180 Maltego Teeth
181 PadBuster
182 Paros
183 Parsero
184 plecost
185 Powerfuzzer
186 ProxyStrike
187 Recon-ng
188 Skipfish
189 sqlmap
190 Sqlninja
191 sqlsus
192 ua-tester
193 Uniscan
194 Vega
195 w3af
196 WebScarab
197 Webshag
198 WebSlayer
199 WebSploit
200 Wfuzz
201 WPScan
202 XSSer
203 zaproxy

*Information as provided by Mirox Cyber Security & Technology on 22-12-2019
Ba
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
opensource
nal Information Security Auditors / Experts : No ( If yes, kindly provide
act etc.))
oreign Tie-Ups? If yes, give details : No
diary of any foreign based organization? : No If yes, give details No
rters/Offices, if any : No
ox Cyber Security & Technology on 22-12-2019
Back
M/s Panacea Infosec Pvt Ltd
Panacea InfoSec Pvt. Ltd.,
226, Pocket A2, Pocket B, Sector 17 Dwarka, Delhi, 110075

Network security audit : YES
Web-application security audit : YES
Wireless security audit : YES
Compliance audits (ISO 27001, PCI, etc.) : YES
Mobile Application Security Audit : YES
Secure Code Review : YES
Information Security Policy Formulation & Assessment : YES
Cyber Forensics : YES
AEPS security audit : YES
RBIPSS audit : YES
API Security audit : YES
Govt. : 5
PSU : 5
Private : 250+

handled by them)
Mobile Application Security Audit : 50+
Secure Code Review : 50+
Information Security Policy Formulation & Assessment : 120+
Cyber Forensics : 2+
CISSPs : 1
BS7799 / ISO27001 Las : 8
CISAs : 3
DISAs / ISAs : 0
ce of CERT-In empanelled Information Security
Auditing Organization:
075
: 2012
: 5
: 5
: 250+
: 260+
nization can add categories based on project
dits:
1
8
3
0
CEH/OSCP/ECSA/CCNA :
SL. Duration Experience in
NO. LIST OF EMPLOYEES with Information
Panacea Security
1 A Kaushik 7 years 13+ years
2 Y Shivde 4 years 15+ years
3 V Arya 1 year 8+ years
4 J Khanna 5.2 years months 12 + years
5 Sammy N 2+ years 10+ years
6 M SWARUP 2.7 year 7+ years
7 JS RAJPUT 2.6 Years 2+ years

8 C Mishra 2.5 Years 9 years
9 J Kumar 1.3 years 5+ years
10 V Shah 3 months 4+ years
11 SF HUSSAIN 2 years 14+ years
project value.
1. One of overseas Leading Public/Private-Sector Banks - PCIDSS Comp
Services (Quarterly, Annual), Secure Code Review, Application Security Assessm
2. One of Largest BPO (Global) - PCIDSS Compliance, Managed Services (Q
3. One of India’s Leading Aviation Companies – PCIDSS Compliance, Appl
Assessment, Infrastructure Security Assessment
4. One of India’s Leading FMCG Companies – PCIDSS Compliance, Applica
Assessment, Infrastructure Security Assessment, Consulting for ISO 27001 Imp
5. One of Leading Telecom Service Provider – PCIDSS Compliance, Applica
Assessment, Infrastructure Security Assessment, Consulting for ISO 27001 Imp
6. One of India’s Leading Payment-Switch Companies – PCIDSS Complia
Application Security Assessment, Infrastructure Security Assessment
7. One of India’s Leading Public/Private-Sector Banks - PCIDSS Complia
Managed Services (Quarterly, Annual), SIEM Service, Secure Code Review, App
Assessment, Consulting for ISO 27001 Implementation
: 8
rity qualification : 15
sonnel : 35+
information security audits in Government and Critical sector
B.Tech., PCI QSA, CISSP, ASV

CISA, CISM, PCI QSA, ITIL
LA-ISO27001
LA-ISO27001, PCI QSA
CISM, CISA, CCNA, CCNA(S), PCI

QSA
B.Tech., MSCLIS, Certified In defend
(DLP), Juniper Network Security
SPIRING
MSCLIS
B.Tech., MSCLIS, CEH, OSCP, ASV
B.Tech, CEH, PGDA in

Wireless
CEH, ECSA, CND
PCI QSA, LA 27K:2013, LA 25999,
MCSE+I, MCA, M.Sc.
in computer science
scope (in terms of volume, complexity, locations etc.) along with
Public/Private-Sector Banks - PCIDSS Compliance, Managed

cure Code Review, Application Security Assessment
al) - PCIDSS Compliance, Managed Services (Quarterly, Annual)
iation Companies – PCIDSS Compliance, Application Security
rity Assessment
CG Companies – PCIDSS Compliance, Application Security
rity Assessment, Consulting for ISO 27001 Implementation
ervice Provider – PCIDSS Compliance, Application Security
rity Assessment, Consulting for ISO 27001 Implementation
yment-Switch Companies – PCIDSS Compliance, RBIPSS Audit,
Infrastructure Security Assessment
blic/Private-Sector Banks - PCIDSS Compliance, RBIPSS Audit,
nual), SIEM Service, Secure Code Review, Application Security
27001 Implementation
8. One of India’s Leading e-commerce platform - PCIDSS Compliance, Ma
(Quarterly, Annual), SIEM Service, Secure Code Review, Application Security As
Project Value: Confidential

Maximum Count handled under Single project:
No. of Systems (Server, Desktops, Network Devices) Scanned: 97,000 No

Tool License Type
Burp Suite Pro Licensed

Nessus 5 Pro Licensed
Qualys Guard Licensed
AppUse 4.3 Open source
MobSF Open source
Echo Mirage Open source
Kali Linux Rolling Edition Open Source
Nipper Open Source
SonarQube Open source
Nmap Freeware
SoapUI Freeware
Helix3 Freeware
Oxygen Forensic Suit Commercial
ProDiscover Forensic Commercial
Rapid 7 Metasploit Community
Multiple Partners in multiple countries. We can only share information if Cert-IN
would not be published publicly.

Panacea InfoSec Kenya Limited PO.BOX 10608 00400 NBI,
Nation Center Kimathi ST,
Nairobi, Kenya
*Information as provided by < organization> on <date>

Ba
8. One of India’s Leading e-commerce platform - PCIDSS Compliance, Managed Services
(Quarterly, Annual), SIEM Service, Secure Code Review, Application Security Assessment
Project Value: Confidential

Maximum Count handled under Single project:
No. of Systems (Server, Desktops, Network Devices) Scanned: 97,000 No. of Applications: 70
ormation Security Audit Tools used (commercial/ freeware/proprietary):

Purpose
Application Security Testing

Network and Application VA
Mobile Application Pen Test
Mobile Application Pen Test
Network Proxy
VAPT
Network Configuration File
Static Code Analysis
Port Scanner
Web Services
Computer Forensics
Mobile forensic
Computer Forensics
N/W and Application Pen Test
ng of Project to External Information Security Auditors / Experts : No
y provide oversight arrangement (MoU, contract etc.))
organization has any Foreign Tie-Ups? If yes, give details : Yes
e Partners in multiple countries. We can only share information if Cert-IN assures that this
not be published publicly.
er organization is a subsidiary of any foreign based organization? : No If yes, give details
ons of Overseas Headquarters/Offices, if any : Yes

acea InfoSec Kenya Limited PO.BOX 10608 00400 NBI,
on Center Kimathi ST,
obi, Kenya
on as provided by < organization> on <date>

Back
M/s Protiviti India Member Pvt Limited
Protiviti India Member Pvt. Ltd.
 Configuration Review audits
 Domain & Email exchange audit
 Cloud security audits
 Mobile device management solution review
 Source code review audits
 Mobile application security audit
 Network and Web application architecture review audit
 Endpoint security Audits
 Digital and Cyber forensic assessments and investigations
Govt. :
PSU / Semi-government : ~3
Private : ~ 126

handled by them)
Indicative details are as under:
 Network security audit : ~10
 Web-application security audit : ~17
 Compliance audits (ISO 27001, PCI, etc.) : ~85
 Configuration Review audits : ~10
 Domain & Email exchange audit : ~5
 Mobile device management solution review : ~1
 Source code review audits : ~2
 Mobile application security audit : ~ 16
 Network and Web architecture review : ~7

Certifications Counts
ISO 9K LA 3
ISO 27K LA/LI 23
ISO 22301 LA/LI or BSI LA 25999 4

apshot of skills and competence of CERT-In empanelled Information Security
diting Organisation
Limited
mpaneled Information Security Auditing Organization :
Protiviti India Member Pvt. Ltd.
Security Audits since : 2009
ory wise (add more if required)
udit
001, PCI, etc.)

s
audit
t solution review
audit
on architecture review audit
assessments and investigations

ts carried out in last 12 Months :
:
: ~3
: ~ 126
urity Audits done : 129
12 months , category-wise (Organization can add categories based on project
r:
: ~10
audit : ~17
7001, PCI, etc.) : ~85
its : ~10
e audit : ~5
nt solution review : ~1
s : ~2
y audit : ~ 16
cture review : ~7
oyed for informationsecurity audits :

Certifications Counts
ISO 20K LA / Practitioner 4
Oracle License Management 1

Oracle certified implementation specialist
3
Oracle Inventory, Purchasing, Order

Management, cloud Procurement & order
Management
1
E-Business suite R12 and 11i version of Oracle
applications 1
CEH 12
OSCP 4
CISA 8
ITIL 9
Prince2 Practitioner 1
CCNA 5
Blockchain Essential 1
Blockchain Developer 1
Strategic Management 1
PCI DSS 1
DCPP 1
AWS Solutions Architet– Associate 1
OPSEC 2
COBIT 5 Implementer 1
CISM 2
CCNP 1
BS7799 1
CRISC 1
CPISI 1
CVA 2
JD Edwards technical certification - One

Technical Foundation-Oracle Implementation
Certification
1
Six Sigma Green Belt 2
SANS GCFA 1
EnCE 1
CHFI 2
EC-Council Certified Incident Handler 1
CB Defence Associate Analyst Exam 1
ECSA 3
Python 1
InsightVM(Rapid7) 2
Carbon Black CB-Defence Associate Analyst

2
PG Diploma in Big Data Analytics CDAC

1
Splunk Enterprise Certified Architect v7.

1
Splunk Architecture Certified 1
Splunk Admin Certified 1
Splunk Power User Certified 1
Palo alto ACE networks OS V8 1
Red Hat Automation 1
Qualys Vulnerability Management. 1
CCSA 2
CIA 1
Certified Security Specialist 1
SAP -FI certified 1
Total 125
7. Any other information security qualification:The details of all the qualifications are provide
embedded for point 8 and the summary provided in point 6
Technology
The certification details are attached: Consulting Team_30
project value.
Client The client is one of the largest multinational conglomerate corporation headqu
diversified business includes consumer and professional electronics, gaming, entertain
services.
Work performed: Have been assisting the client in performing IT audits covering va
last 5 years. The work has been performed in India, US and multiple other countries/c
testing covering test of design and effectiveness have been performed for client’s vari

An illustrative list of tools used is as under :
1. Acunetix
2. Nessus
3. Nmap
4. Wireshark
5. OpenVAS
6. Nikto
7. Metasploit
8. Burpsuite
9. Beef
10. W3AF
11. SQLMap
12. Kali Linux
13. Dradis
framework
14. VoundIntella Pro
15. X-ways
forensics
16. Magnet
Axiom
17. MobSF
18. Fiddler
19. Custom
Scripts
20. Genny
Motion
21. Echo Mirage
22. Checkmarx
23. EnCase
24. FTK
We have alliance partners for tools and technologies that help us deliver the information / cybe
and projects. Some of our alliance partners are :Flexera, Kaspersky etc. Further, we have a ne
our global offices assist in providing support from a global technology alliance perspective
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No If yes, g
The parent company of Protiviti India Member Pvt. Ltd (headquartered in Gurugram) is Indepe
Consultants FZE (Sharjah). Protiviti India Member Pvt. Ltd. is member firm of the Protiviti Inc.
wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a membe
500 index.
The parent company of Protiviti India Member Pvt. Ltd (headquartered in Gurugram) is Indepe
Consultants FZE (Sharjah). Protiviti India Member Pvt. Ltd. is member firm of the Protiviti Inc.
a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a mem
500 index. Offices of Protiviti Inc and the member firms are spread across 75+ offices across 2
*Information as provided by Protiviti India Member Pvt. Ltd. on 31 December 2019

Ba
curity qualification:The details of all the qualifications are provided in the annexure
summary provided in point 6
nnel : 120
ower deployed for information security audits in Government and Critical sector
re if required)
andled in terms of scope (in terms of volume, complexity, locations etc.) along with
ne of the largest multinational conglomerate corporation headquartered in Tokyo. Its

ncludes consumer and professional electronics, gaming, entertainment and financial
Have been assisting the client in performing IT audits covering various domains over the
k has been performed in India, US and multiple other countries/cities. Detailed IT control
of design and effectiveness have been performed for client’s various functions.
ty Audit Tools used ( commercial/ freeware/proprietary):

tools used is as under :
nal Information Security Auditors / Experts : No
rangement (MoU, contract etc.))
Foreign Tie-Ups? If yes, give details : Yes
tools and technologies that help us deliver the information / cyber security audits
ance partners are :Flexera, Kaspersky etc. Further, we have a network where in
viding support from a global technology alliance perspective
diary of any foreign based organization? : Yes/ No If yes, give details
iti India Member Pvt. Ltd (headquartered in Gurugram) is Independent

rotiviti India Member Pvt. Ltd. is member firm of the Protiviti Inc. Protiviti Inc. is a
obert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P
rters/Offices, if any : Yes

iti India Member Pvt. Ltd (headquartered in Gurugram) is Independent
rotiviti India Member Pvt. Ltd. is member firm of the Protiviti Inc. Protiviti Inc. is
Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P
Inc and the member firms are spread across 75+ offices across 27 countries.
ti India Member Pvt. Ltd. on 31 December 2019

Back
Snapshot of skills and competence of CERT-In empanelled Informa
M/s SecureLayer7 Technologies Pvt Ltd.
SecureLayer7 Technologies Private Limited registered offic
28, Vyankatesh Nagar, Beside Totala Hospital, Jalna Road,
MH 431005,
Communication Pune Office:TeerthTechnospace, 1st floor, Mum
Highway Baner, Pune
Govt :
PSU :
Private :
5. Number of audits in last 12months, category-wise (Organization can add categories based o
handled by them)
CISSPs: Appeared for the Certification process
BS7799 / ISO27001 Las:
CISAs: Appeared for the Certification process
DISAs / ISAs: <number of>
Any other information security qualification:OSCP- 4, CEH -8,
No. SecureLayer7 Security Information security
Technologies
Private Limited
1 Sandeep Kamble 5 Years 9 Years OSCP Certified
2 Rajsekara A 2 Years 5 Years OSCP Certified
3 Hriydesh 2 Years 4 Years ISO 27001
3 Tohuid Shaikh 3 Years 4 Years OSCP Certified
4 Akshay Darekar 4 Years 6 Years CEH, MCA Computer
5 Nakul Rathi 2 years 4 Years OSCP
6 Sagar Sharma 2 Years 3 Years OSCP
7 Akaash katare 1.5 Years 2 Years Computer Engineering
project value.
IT Security Audiof Application Penetration Testing, Network devices and Source Code Analysis. Value
is
 Burp Suite
 Nmap
10. Outsourcing ofProject to External Information Security Auditors / Experts : No ( If ye
12. Whether organization is a subsidiary of any foreign based organization? : No If yes,

*Information as provided by SecureLayer7 Technologies Private Limited on 19- December 2019
Bac
empanelled Information Security
ation:
mited registered office At Plot No.
Hospital, Jalna Road, Aurangabad
nospace, 1st floor, Mumbai Bangalore
: 2016
Yes
Yes
Yes
Yes
: 15
:
: 12
one : 27
dd categories based on project
4
22
3
1
process
rocess
n:OSCP- 4, CEH -8,

: 40
Government and Critical sector
mplexity, locations etc.) along with
ce Code Analysis. Value of the project

rietary):
: No ( If yes, kindly
: No
: No If yes, give details
: No
9- December 2019
Back
M/s TUV SUD South
TÜV SÜD South Asia Pvt. Ltd.

Govt. :
PSU :
Private :
handled by them)

CISSPs : Nil
BS7799 / ISO27001 Las : 3
CISAs : 1
DISAs / ISAs : Nil
1 (CSSP), OSCP (1), CEH (2)
No. Employee <organization> Information Security Information security
1 Amit Kadam 12 months 22 years CISA / ISMS LA/CCSSP

MCSA, CCNA, IVTL v3, COBIT
5, ISO27001
2 Atul Srivastava 25 months 12 years Lead Auditor, ISO27001
Lead Implementer, PCI QSA
Certified Information Security

Analyst (CISC)
,Certified Professional
3 Anshuman Kak 10 months 6 years ForensicsAnalyst (CPFA),
Certified Professional Hacker
(CPH)
4 Sanket Solanki 14 months 3.5 years CEH,ECSA, OSCP, red

team professional
expert
5 Kaushal Meher 15 months 3 years CEH, ISO 27001:2013 LA
Certified Professional
Penetration Tester (eCPPTv2),
6 Abhijeet Karve 9 months 1.5 years Certified Information Security
Expert (CISE)
7 Varun Navghare 3 months 2 years NA
project value.
TATA AIA – Security Audit – INR 8,00,000.
 Nessus
 ISO 27001 control checklist
 CSA control Checklist

We have 1 (one) external Information Security Auditor, with who we have a signed Maste
Agreement in place covering all Business terms & conditions, accountability, confidentialit
important clauses.
TÜV SÜD Group is a Global organizations and it has multiple tie-ups across the globe at a G
India Cybersecurity team only has foreign tie-ups with TÜV SÜD global entities where Ind
supports on delivery.
TÜV SÜD South Asia is a wholly owned subsidiary of TÜV SÜD Group.
TÜV SÜD AG
Westendstr. 199
80686 Munich Germany
*Information as provided by TÜV SÜD South Asia Pvt. Ltd on 23 Dec 2019
Ba
zation:
: 2017
es
es
es
es
: Nil
: 1 (one)
: 5 (Five)
done : 6 (six)
dd categories based on project
: Nil
: 1
: Nil
: 5

omplexity, locations etc.) along with
rietary):
s : Yes
have a signed Master Service

tability, confidentiality and other
: Yes
cross the globe at a Group level.
al entities where India team
: Yes
: Yes
Back
M/s Code Decode Labs Pvt. Ltd.
Code Decode Labs Pvt. Ltd. LOCATION - PUNE
 Web-Application Security Audit : Yes
 Compliance Audits (ISO 27001, PCI, etc.) : Yes
 Secure Coding & Secure Development : Yes
 Secure Data Transfer & Release : Yes
 SDADA Security : Yes
 Telecom Security : Yes
 Cyber & Mobile forensics : Yes
 Secure Cloud Server Security : Yes
Govt. : 30
PSU : -
Private : 14
2. Number of audits in last 12 months , category-wise (Organization can add categories based on proj
them)
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
4. Details of technical manpower deployed for information security audits in Government and Critical sector
Sr. Name of Employee Duration with Experience in Qualifications
No. <CDL> Information related to
Security Information
security
1 Amlesh Mendhekar 6 21 YES
2 Raghavendra Kulkarni 8 18 YES
3 Sachin Singhai 9 13 YES
4 Sandeep Walvekar, 6 16 YES
Shilpa Shreevijay Nayak
5 6 5 YES
6 Vidhyadhar Gaikwad 7 6 YES

7 Ajitkumar Hatti 3 15 YES
8 Ayyaj Sayyad Sikander 6 12 YES
9 Jatinder Paul 7 4 YES
10 Vishakha Singhai 8 3 YES
11 Rohitkumar Ojha 4 6 YES
12 Neha R Bagmar 5 4 YES
13 Devendra Sharma 4 15 YES
14 Vivek Kamat 5 10 YES
15 Sapna Shah 3 6 YES
16 Snehal Chaudhari 2 4 YES
17 Rahul Kasabi 1 3 YES
18 Ashwini Katkade 1 2 YES
19 Asif Baig 2 5 YES
20 Sachin Gaikwad 3 2 YES
on :
: 2010
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: 30
: -
: 14
: 44
d categories based on project handled by
12
30
NA
2
02
03
02
03
10
20
overnment and Critical sector organizations
5. Below are details of specified Largest Project handled in terms of scope (in terms of volume, complexity,
along with project value.
6. List of Information Security Audit Tools used ( commercial/ freeware/proprietary) :
Sr.
No. Tool Name License
BURP PROFESSIONAL
1 2.1.4 Commercial
Open Source
2 Kali Linux
Open Source
3 THC-IPV6
Open Source
4 Cisco - Torch
Open Source
5 Power Sploit
Open Source
6 CryptCat
7 OpenVas Freeware
Open Source
8 Fierce
Open Source
9 Shodan
Open Source
10 Scapy
11 Nmap Freeware
12 OpenVas Freeware
Open Source
13 Fierce
7. Outsourcing of Project to External Information Security Auditors / Experts : NO

(If yes, give details)
*Information as provided by - Code Decode Labs Pvt. Ltd. on 19/12/2019.
Ba
ecified Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
curity Audit Tools used ( commercial/ freeware/proprietary) :
Details
VAPT & Scanning
An advanced Penetration Testing Linux distribution used for

Penetration Testing, EthicalHacking and network security
assessments.
THC-IPV6 is a penetration testing tool which will exploit the

protocol weaknesses of IPV6 andICMP6 and includes an easy to
use packet factory library.
Cisco Torch is a mass scanning, fingerprinting and exploitation

tool to find the flaws in ciscodevices and exploit vulnerabilities.
PowerSploit is a group of Microsoft PowerShell scripts that can

be used in post- exploitationscenarios during authorized
penetration tests.
CryptCat is a Unix utility which reads and writes data across

network connections, using TCPor UDP
protocol while encrypting the data being transmitted.
OpenVAS is a framework of several services and tools offering

a comprehensive and
powerfulvulnerability scanning and vulnerability management
solution.
Fierce is a reconnaissance tool (PERL script) that quickly scans
domains using several tactics.
Shodan is a search engine that lets the user find specific types
of computers connected to theinternet using a variety of filters.
Shodan collects data mostly on web servers (HTTP/HTTPS-
port 80, 8080, 443, 8443), as well as FTP (port 21), SSH
(port 22), Telnet (port 23) etc.
Scapy is a powerful interactive network packet manipulation

program.
Nmap is a free security scanner which will provides a number

of features for probingcomputer networks, including host
discovery and service and operating system direction.These
features are extensible by
scripts that provide more advanced service
detection,vulnerability detection, and other features.
OpenVas is a framework of several services and tools offering

a comprehensive and powerfulvulnerability scanning and
vulnerability management solution.
Fierce is a reconnaissance tool (PERL script) that quickly scans

domains using several tactics.
to External Information Security Auditors / Experts : NO

sight arrangement (MoU, contract etc.))
as any Foreign Tie-Ups? If yes, give details : NO
s a subsidiary of any foreign based organization? : NO
Headquarters/Offices, if any : NO
y - Code Decode Labs Pvt. Ltd. on 19/12/2019.
Back
M/s TCG Digital Solutions Private Limited
TCG Digital Solutions Private Limited,
BIPPL Building, 16th Floor, Omega, Block EP & GP, Sector V, Salt Lake Electronic Complex, Kolkata 700091


Govt. : 34
PSU : 9
Private : 13
5. Number of audits in last 12 months , category-wise (Organization can add categories based on project han

MobileApplicationAudits : 3
CISSPs : 1
BS7799 / ISO27001 LAs : 7
CISAs : 2
DISAs / ISAs : 0
7. Details of technical manpower deployed for information security audits in Government and Critical sector o
S. Name of Employee Duration withTCG Experiencein Qualifications relatedto
No. DigitalSolutions Pvt. Information Informationsecurit
Ltd. Security
1 Subrata Bagchi 1.5yrs 30yrs CISA

2 SudiptoJena 6yrs 20yrs ISO27001 LA, CEH
CHFI,ECSA, GDPR
3 Col.PankajVerma 2.5yrs 24yrs CISA, CISSP, CEH
4 Abir RanjanAtarthy 3yrs 12yrs ISO27001 LA, CEH CHFI,
OSCP,PCI-DSS
Implementation
5 ArijitRoy 1.5yrs 1yr ISO27001 LA

6 TarakMitra 0.5yrs 7yrs ISO27001 LA
7 Narayan Basak 4.5yrs 7yrs ISO27001 LA,
Advanced Cloud
SecurityAuditing
8 AbhirupGuha 1.5yrs 7yrs ISO27001 LA, CEH CHFI,
GDPR
certification
9 Anindita Maitra 0.5yrs 5yrs ISO27001 LA, CSCU

10 Rohit Ghosh 1.5yrs 1.5yrs CEH, CHFI, CSCU
11 Indranil Banerjee 4.5yrs 22yrs GDPRcertification
12 Somnath Dutta 4.5yrs 14yrs CCNA, TCSE, FCNSP,
FCNSA, CCNSP
In empanelled Information Security
omplex, Kolkata 700091

: 2016
: Yes
: Yes
: Yes
: Yes
34
9
13
56
ories based on project handled by them)
21
32
1
4
3
1
7
2
0
3
12
nment and Critical sector organizations
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.) along w
ClientName ProjectValue
UnitedBank ofIndia INR 62,00,000/-
CapitalSmallFinanceBank INR 7,45,000/-
NHPCLtd. INR 5,23,920/-
DGQA(9Departments) INR- 3,36,000/-
ERLDC INR 17,35,000/-
SREI INR 24,80,000/-
Labvantage SolutionsPvt.Ltd. INR 2,25,000/-
BBMB INR 2,30,100/-
BSESRajdhaniPowerLtd. INR 2,76,080/-
BSESYamunaPowerLtd. INR 1,88,800/-
IBPS INR 3,72,880/-
Chhattisgarh State INR 62,540/-
BangiyaGraminVikashBank INR 60,000/-
EDCON INR 2,50,000/-
Globsyn3 LifePvt.Ltd.
rd
INR 2,36,000/-
IndiaPower INR 4,54,300/-
CoresonantSystemsPvt.Ltd. INR 3,54,000/-
Recon-NG
###
Metasploit
###
Exploit-Pack
### Commercial
Nessus
###
InsightVM
###
Sparta
###
Namp###
Nikto###
BurpSuit
###
Zap Proxy
###
Acunetix
###
Netsparker
###
Mobsf###
(If yes, kindly provide oversight arrangement (MoU, contract etc.)
11. Whether organization has anyForeignTie-Ups?If yes,givedetails : No

TCG Digital SolutionsLLC– (Holding Company)
265DavidsonAve, Suite # 220
Somerset, New Jersey 08873
13. Locations ofOverseasHeadquarters/Offices, if any : No
*Information as provided byTCG Digital Solutions Pvt. Ltd.on 23/12/2019.
Ba
y, locations etc.) along with project value.
):
: No
: No
: Yes
: No
Back
M/s ALLIED BOSTON CONSULTANTS INDIA PVT. LTD.
ALLIED BOSTON CONSULTANTS INDIA PVT. LTD.
 Network security audit (Y/N) :
 Web-application security audit (Y/N) :
 Wireless security audit (Y/N) :
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) :
 System Security audit : Y

 Govt. :
 PSU :
 Private :
 Total Nos. of Information Security Audits done : 6
5. Number of audits in last 12 months , category-wise (Organization can add categories based on proje
them)
 Network security audit : 3
 Web-application security audit : 2
 Wireless security audit : 0
 Compliance audits (ISO 27001, PCI, etc.) : 6
 System Security audit : 1

CISSPs
DISAs / ISAs
1. CRISK
2. Master’s Degree in Computer Management Total Nos. of Technical Personnel
:
:
:
:
:
:
:
7. Details of technical manpower deployed for information security audits in Government and Critical sector o
Employee <organization Information Information security
> Security
1 T. Ganguly 14 years 12 years ISMS LA

2 Premanand P.P. 6.5 years 21 years ISMS LA, CISP,
CISA,ISACA/COBIT
3 Sudhanwa Joglekar 10 years 31 years ISMS LA, master’s Degree in
Computer Management
4 Satish Meda 2 years 12+ years ISMS LA, CISA, CRISK
5 Ajay Mathur 6 years 16 years ISMS LA
value.
At Energy InfoTech Centre (a division of Chattisgarh State Power Distribution Company Ltd.), a state g
enterprise
 Contract for 4-year period
 Project value of Rs. 19,66,300/- + applicable taxes
 EITC is the IT arm of the Chattisgarh State Power group companies – there are 6 companies to who
IT support
 Scope of Work involved:
1st Year tasks included:
o Assessment of information security controls w.r.t. physical and logical access, operatio
communications, technical assessment of security, penetration testing, IPR & other legal / regulatory co
identification & management of information processing assets / facilities, contractual arrangements on
with service providers responsible for IT services delivery in organization, and software security
o Perform risk assessment of the organizational processes for information security
o Assisting in implementing identified gaps/ weaknesses from assessment study of security con
assessment
1st year and subsequent 3 years on yearly basis tasks included:

o Review implementation of information security – including verification of
hacking protection mechanisms deployed
o Training of EITC personnel on Information Security aspects
o Carry out periodical IT Audit verification checks and suggest areas for improvem

Commercial Tools: Burp Suite, Nessus, Qualis ( On demand), Acunetix ( Cloud version)
Freeware tools: Kali Linux and applications, OWASP-ZAP, Open Vas, SQLMAP, Zenmap, Vega, Nikto, W
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No ( If y

provide oversight arrangement (MoU, contract etc.)) ---
please find attached the Confidentiality Agreement signed by Satish Meda, Ajay Mathur and Sudhanwa
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No
*Information as provided by Allied Boston Consultants India Pvt. Ltd. on 20-07-18
Bac
on:
: 2006
: YES
: YES
: YES
) : YES
: YES
: 0
: 1
: 5
: 6
categories based on project handled by
3
2
0
6
1
el
0
5
2
0
1
1
2
vernment and Critical sector organizations
ations related to
tion security
CISP,
A/COBIT
master’s Degree in
Management
CISA, CRISK
lexity, locations etc.) along with project
tion Company Ltd.), a state government
there are 6 companies to whom EITC provide
nd logical access, operations and

R & other legal / regulatory compliances,
contractual arrangements on security aspects
ation, and software security aspects.
on security
ssment study of security controls and risk
s tasks included:
– including verification of intrusion /
y aspects
nd suggest areas for improvement
ary):
Cloud version)
MAP, Zenmap, Vega, Nikto, Wire shark
erts : Yes/No ( If yes, kindly
, Ajay Mathur and Sudhanwa Joglekar
: Yes/No
: Yes/ No
: Yes/No
0-07-18
Back
M/s e.com Infotech I Ltd
e.com Infotech I Ltd
Level 3, Neo Vikram New Link Road Andheri West
Mumbai 400058

Govt. :
PSU :
Private :
5. Number of audits in last 12 months, category-wise (Organization can add categories based on proje
them)
Network security audit : Part of our Comprehensive Audit Web-application secu
: Part of our Comprehensive Audit Wireless security audit : Part o
Comprehensive Audit Compliance audits (SSAE 18, SOC& Cloud) : 11
SCADA/ICS : 2
GDPR & Privacy : 2

CISSPs : 4
BS7799 / ISO27001 LAs : 4
CISAs : 4
DISAs / ISAs : NIL
Any other information security qualification : CEH, CISM
Employee <e.com Infotech > Information Information security
Security
1 Ashwin Chaudhary 1 year 15 years CISSP, CCSK, CISA, CISM,
CRISC, CGEIT, ISO27001LA,
ITIL, PMP
2 Shaji Kurian 1 year 10+Years CISSP, CISM, CEH, CCSK
3, Ashish Kunte 1 year 10+Years CISSP, CRISC, GIAC

4 Naushad Rajani 7 months 10+Years CISSP, CISA
5 Mohan Bapat 5 months 10+Years CISA, ISO27001LA

6 GCS Sharma 4 months 10+Years CISA, CFE, ISO27001LA
value.
Reliance Jio Data Centers covering Mumbai, Jamnagar and Nagpur for SSAE 18 SOC Audit
Best in class as required.
10. Outsourcing of Project to External Information Security Auditors / Experts Yes/No : No
Currently No but in case we need to we will have proper due diligence, NDA, MOU and project will be supervi
managed by one of our team members.
11. Whether organization has any Foreign Tie-Ups? If yes, give details Yes/No : Yes
Association with Accedere Inc USA for SSAE 18, SOC Attest Reports
12. Whether organization is a subsidiary of any foreign based organization? Yes/ No : No
13. Locations of Overseas Headquarters/Offices, if any Yes/No : No
*Information as provided by e.com Infotech I Ltd on July 14, 2018
Ba
n empanelled Information Security
eri West
: 2017
: NIL
: NIL
: 15
done : 15
egories based on project handled by
dit Web-application security audit

: Part of our
: 4
: 4
: 4
: NIL
n : CEH, CISM etc. 4
: 6
ment and Critical sector organizations
y, locations etc.) along with project
r SSAE 18 SOC Audit

:
o : No
d project will be supervised and
: Yes
: No
: No
Back
M/s Grant Thornton India LLP
Grant Thornton India LLP,
L 41, Connaught Circus,
Outer Circle, New Delhi. PIN - 110 001

 IOT security testing : Yes
 Mobile application security : Yes
 Configuration reviews : Yes
 Source code reviews : Yes
 API security assessments : Yes
 Cloud security : Yes

Govt. :
PSU :
Private : 4
5. Number of audits in last 12 months, category-wise (Organization can add categories based on proje
them)
CISSPs : 0
BS7799 / ISO27001 LAs : 13
CISAs : 9
DISAs / ISAs : 0
Any other information security qualification : 2 CCNA,
1 CHFI,
1 CCSA,
2 ISO 22301,
1 CISM,
2 SAP,
2 OSCP,
1 RHCE,
3 ITI
ion :
01
: 2008
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
: 0
: 0
: 48
: 48
12
7
4
3
0
13
9
0
2 CCNA,
52
overnment and Critical sector organizations (attach Annexure if required) Please refer to Annexure - 1
value.
Leading IT / ITES GT have examined client’s Facility Level
Service Provider Controls and Client services controls
related system as of date and throughout the
period and the suitability of the design and
operating effectiveness of client’s controls to
achieve the related control objectives. Control
areas covered are-
 Physical Security - Entity;
 Physical Security - Restricted Area;
 Human Resource;
 Master Service Agreement Monitoring;
 Data Security and Confidentiality;
 Environmental Controls, Capacity & Continuity;
 Logical Access;
 Anti-virus;
 Global Telecom Operations;
 Back-up;
 Security Incident Management; and
 Other client specific control areas

Commercial Tools:
 Nessus
 Nipper
 Burpsuite
Freeware Tools:
 Metasploit
 Wireshark
 NMAP
 SQLMap
 Nikto
 MobiSF
 Metasploit
 Hydra
 Cain and Abel
 John The Ripper
The list of tools mentioned above are indicative

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes Yes, Gran
is part of the GT Member Firm network which is spread across the globe in 130+ countries.
Grant Thornton in India is a member firm within Grant Thornton International (GTIL), global organiz
member firms in over 130 countries.
Grant Thornton India LLP (formerly Grant Thornton India) is registered with limited liability with ide
AAA-7677 and has its registered office at L-41 Connaught Circus, New Delhi, 110001. References to
Thornton are to Grant Thornton International Ltd (Grant Thornton International) or its member firms. G
International and the member firms are not a worldwide partnership. Services are delivered independently by
firms.
Member firms carry the Grant Thornton name, either exclusively or as part of their national practice names a
assurance, tax and advisory services to their clients. All member firms share both a common global strategy
global culture focusing on improvement in quality of
service delivery, procedures to monitor quality, and the risk management methodology.

*Information as provided by Grant Thornton India LLP on 19th July 2018.
Ba
s of volume, complexity, locations etc.) along with project
Regions: 18
Facilities
covered: 56
etc.))
e details : Yes Yes, Grant Thornton India
the globe in 130+ countries.
organization? : No
Thornton International (GTIL), global organization with
) is registered with limited liability with identity number

ht Circus, New Delhi, 110001. References to Grant
Thornton International) or its member firms. Grant Thornton
ership. Services are delivered independently by the member
ely or as part of their national practice names and provide

ber firms share both a common global strategy and a common
management methodology.
No
19th July 2018.
Back
Annexure – I
S. Name of Employee Duration with Grant Qualifications related to Information
No. Thornton India LLP security
1 Prashant Gupta August 2017  NA
2 Akshay Garkel September 2017  NA
3 Lalit Vazirani January 2018  ISO 27001 LA, ISO 22301,

Symantec DLP certified, Qualys Guard
certified
4 Venkatkrishnan G February 2017  CISA

 ISO 27001 certified
5 Rohit Das September 2017  ISO-27001 LI

 CISA
6 Abhijeet Jayaraj November 2017  CEH

 OSCP
7 Shweta Pawar November 2015  ISO 27001: 2013 Lead Auditor (ISMS)
 ITIL V3 Foundation
8 Raghavendra S November 2015  CISA(Certified Information System

Auditor) – Qualified
 COBIT 5
 ITIL Foundation Certified
9 S.Kishore Kumar July 2015  CISA (Certified Information System

Auditor)
 CISM (Certified Information Security
Manager)
 ISO 27001 LA
 ITIL Foundation certified
 COBIT Foundation certified
10 Krishna Jere October 2017 CCNA, CCSA, ISO 27001 LA
11 Dhananjay Deo April 2017 CISA, ISO 27001, COBIT
12 Harshit Mehra September 2017 ISO-27001 LA
13 Sandeep Sharma April 2013  Microsoft SAM 673, and 74-678

 SCJP
14 Syed Faisal Ali January 2016 SAP FI
15 Radhika Nambiar September 2015 NA
16 Umesh Jain February 2016  ISO 27001:2013 Lead Auditor

 CEH (Certified Ethical Hacker)
17 Bhavna Nakra August 2017 ISO 27001:2013 Lead Auditor

18 Manpreet Singh Kheberi September 2017 OSCP(Offensive Security Certified
Professional)
19 Aditya Tiwari May 2017 ISO 27001:2013 Lead Auditor
20 Akshaya Rane January 2016 NA
21 Ankit Gupta March 2015 NA
22 Ankitha Chinnapolu May 2017  Cisco Certified Network

Associate(CCNA),
 Red Hat Certified Engineer(RHCE)
 ITIL
23 Ashish Sharma April 2017 ITIL Foundation
24 Charu Lata April 2017 Sap (SD,FI) Trained
25 Harsha kakkar March 2015 CISA(Certified Information System

Auditor)
26 Lalit Sharma July 2012  DCPP (DSCI Certified Privacy Protection

Certificate)
 Certificate Program in Cyber Law
(SYMBIOSIS)
27 Makarand Ramesh June 2017  Lead Audit ISO 27001:2013 -

Kadave Information Security Management
System
 Diploma in Information Security &
Ethical Hacking
28 Muralikrishna Joshi February 2016 ITIL Foundation Certified
29 Sahas Arora July 2017 ISO 27001:2013 LI

compTIA Security+ (IT Security)
30 Santanu Paramanick May 2015 ISO 27001:2005 LA
31 Srishti Gosain April 2017 Diploma/certificate in SAP (FICO)
32 Steadin Fernandes December 2015 ISO 27001:2013
33 Allwyn Suares March 2016 CCNA, MCSA,
34 Saloni Sikdar July 2017 NA
35 Ankita Sinha December 2017  CISA, ISO 22301 LI
36 Sagar Gajara November 2017  CEH, CCI, Diploma in Cyber forensics
37 Amit Bedwa December 2017  ISO 27001 LA, ISO 22301 LA, ITSM
38 Praveen Sharma March 2018  NA
39 Sagar Garg April 2018  NA
40 Akshay Sharma June 2018  NA
41 Rahul Kakkar June 2018  NA
42 Aditya Tiwari May 2017  ISO 27001 LA
43 Arvind Kumar April 2018  ISO 27001 LA, ISO 27001 LI, ERM
44 Debarchan Das June 2018  CEH, ECSA
45 Afzal Imam July 2018  CCNA
Ba
Experience in Information Security
17+years
17+ years
15+ years
20 years
10+ years
4.5
9 years
11+ Years
12+ Years
13+ Years
20+ Years
5 years
5+ years
11+ years
10+ years
6+ years
3+ years
2+ years
6+ months
6+ Years
2.7 years
3 years
7 Months
1.5 Years
6+ years
4+ years
8 years
1.8 years
4 months
7+ years
3 years
4 Years
6+ Years
3+ Years
6+ Years
4+ Years
2 years
12+ Years
5+ Years
3 Years
2 Years
1.5 Years
4+ years
3Years
2 years
Back
M/s Sonata Software Limited
Sonata Software Limited ,
Bangalore

Govt. :
PSU :
Private :
5. Number of audits in last 12 months , category-wise (Organization can add categories based on p
by them)

CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
<organization> Security
1 NarasimhaRao Akundi 20 10 years
2 Sharad Kumar Patani 6 3
3 Vinit Bharadwaj 10 5
4 Chandra Sekhar P 4 4
5 Guru prasad 10 6
project value.
IT management project (renewed annually) for a client based in India.Project includes secure
Web application testing, network security management, continuous vulnerability and patch m
data center security and Disaster recovery management. The annual revenue is over INR

Network Penetration Testing:
KALI Linux, Nslookup, Dnsmap, Nmap, Firewalk, Hping, Nessus, Nikto, John the ripper, Sqldict
Analysers
Vulnerability Scanning:
Qualys Guard , GFI Langaurd, Nessus Professional, Retina scan
Application Security Assessment
Burp suite, Paros, Wireshark, Accunetix, Netsparker, Metasploit framework, SQL Map, customi
scripts
Social Engineering
Social Engineering Toolkit, Email campaigns
12. Whether organization is a subsidiary of any foreign based organization? : No If yes

UK, US, Dubai,Qatar,Germany
*Information as provided by Sonata Software Limitedon20 July 2018
Bac
competence of CERT-In empanelled Information Security
n Security Auditing Organization:
: 2011
required)
: Y
: Y
: Y
: Y
12 Months:
: None
: None
: 20
ormation Security Audits done : 20
wise (Organization can add categories based on project handled
: 3
: 10
: 2
: 5
ecurity audits:
: None
001 LAs : 4
: 2
: 5
mation security qualification : CEH- 5
chnical Personnel : 12
ormation security audits in Government and Critical sector
 CEH
 ISO 27001 lead auditor
 PMP
 GDPR lead Implementer
 CEH
 CEH, ISO 27001

LA,PMP, Cloud Computing
Foundation
 CEH
 CEH
pe (in terms of volume, complexity, locations etc.) along with
or a client based in India.Project includes secure IT operations,

nagement, continuous vulnerability and patch management,
y management. The annual revenue is over INR 1.1Cr
alk, Hping, Nessus, Nikto, John the ripper, Sqldict, Firewall
ional, Retina scan
parker, Metasploit framework, SQL Map, customized python
Security Auditors / Experts : No

t (MoU, contract etc.))
eign based organization? : No If yes, give details
any : Yes
mitedon20 July 2018

Back
M/s Tech Mahindra Ltd.
Tech Mahindra Ltd.
Sharda Centre, Off Karve Road
Pune - 411004 (Maharashtra) India Phone:+91 20 66018100

 Third Party Security Maturity Audit : Y
Govt. :
PSU :
Private :
them)
Third Party Security Maturity Audit :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
CEH :
CISM :
S Name of Duration Experience in Qualifications
. Employee with Tech Information related to
N Mahindra Security Information
o. security
1 Peeyush 13 Years Security Audit CISSP, CCSP,
Srivastava and assessment. CBCP
Cybersecurity
and Cloud
security
Program and
Project
management
2 Rahul Vaidya 14 Years Enterprise CCNA, CEH, ISO-
Security 27001 LA, ITIL
Consulting, V3.0
Security
Operations,
Delivery
Management,
Pre-sales Tech
Support, IS
audits Program
management
3 Sumit 2 years Security Audit CEH,CCNA

Bhattacharya and assessment.
Cloud security,
Application
Security,
Wireless
Security
4 Venkat Reddy 1 year Application CEH, OSCP,

Challa Security, Qualys Guard
Wireless Certified
Security,
Vulnerability
assessment and
Penetration
testing
5 Mayuri 2 years Application CEH

Cherku Security,
Wireless
Security,
Vulnerability
assessment and
Penetration
testing
6 Amit Kumar 5 years Mobile Security, CEH, ISO-27001

IOT Security
7 Vishal 4 years Application CEH, SPLUNK

Chhabria Security,
Vulnerability
assessment and
Penetration
testing, Mobile
application
Security
value.
1. Australian Retail company
a) Scope & Volume : 250+ Third party security Audits
b) Locations : Australia & Mumbai
c) Project value : 2.59 mn $(Total contract value)
2. Leading US telecom company
a) Scope & Volume : 198+ web application security testing
b) Locations : USA , Mumbai
c) Project value : 7mn $(Total contract value)
3. Large Oil sector company
a) Scope & Volume : 2000 + Web application security testing
b) Locations : USA , Mumbai
c) Project value : 1 mn $(Total contract value)

Commercial:
Qualys Guard, IBM App Scan, Burp Suite Pro, Web Inspect, Checkmarx, HP Fortify, ISF Sec
Check, ISF Benchmarking, Algosec.
Freeware:
NMap, Metasploit, SSL Digger, SSL Scan, SQL Map, MOB-SF, Quark, Drozer, SOAP UI,Owas
tion :
Phone:+91 20 66018100
: 2001
Y
Y
Y
Y
Y
: 20
: 1
: 2407
udits done : 2428
50
2320
0
2
250
11
20
10
0
85
02
128
Qualifications
related to
Information
security
CISSP, CCSP,
CBCP
CCNA, CEH, ISO-
27001 LA, ITIL
V3.0
CEH,CCNA
CEH, OSCP,
Qualys Guard
Certified
CEH
CEH, ISO-27001
CEH, SPLUNK
plexity, locations etc.) along with project

s
testing
y testing
etary):
ckmarx, HP Fortify, ISF Security Health
ark, Drozer, SOAP UI,Owasp Zap.

Third party ISAE 3402 audit has been outsourced to E&Y since 2015. This was a client req
(Attached here for ready reference). As TechM has implemented, hence the
auditing was provided to third Party (E&Y)
11. Whether organization has any Foreign Tie-Ups? : NO
Jakarta
Tech Mahindra Ltd.
PT. Tech Mahindra Indonesia, AriobimoSentral 4th Fl. Suite # 403 Jl. HR. Rasuna Said Kav X-2, No. 5
12950
Jakarta
Phone:+62 212525760
China
Nanjing
Tech Mahindra Ltd.
Floor 4, Animation Building, No.11 Xinghuo Road Pukou Hi-Tech Zone Nanjing city
Peoples Republic of China Phone:+86 25 83506016
Shanghai
Tech Mahindra Ltd.
Room No. 23102, No. 498, Guoshoujing Road, Zhangjiang Hitech Park, Shanghai
Peoples Republic of China Phone:+86 21 50807600
Shenzhen
Tech Mahindra Ltd.
TianAn Yun Gu, Romm Nos.2201-2203, Phase I-3C No.133, Xugang North road, Bantian, Sub District
Longgang dist. Shenzen, China PRC
Hong Kong
Tech Mahindra Ltd.
Level 7, Nan Fung Tower, 88 Connaught Road Central, Central, Hong Kong.
Phone:+852 3796 7230
Fax:+852- 3796 7000
Japan
Kanagawa
: Yes
15. This was a client requirement.

hence the
: NO
: NO
: Yes
av X-2, No. 5
, Sub District
Tech Mahindra Ltd.
Fujitsu Atsugi Technical Center, 3065, 3rd floor Okada, Kanagawa, Tokyo, Japan
Phone:+ 81 5038040928
Tokyo
Tech Mahindra Ltd.
Tokyo Office, Toranomon 40 MT Bldg 6th Floor 5 - 13 - 1 Toranomon Mitato-ku, Tokyo, 105-0001
Japan
Phone:+81 036402 5921
Malaysia
Cyberjaya
Tech Mahindra ICT Services ( Malaysia ) SDN. BHD. Global Solution Center, Lot 12122,
PersiaranApec, 63000 Cyberjaya, Selangor, Malaysia.
Phone:+60 3 88828001
Philippines
Cebu
Tech Mahindra Limited Tech Mahindra Limited
7/F Ebloc 3, Geonzon Road, Phase 2, 2 and 4/F JESA ITC Building, 90 General Cebu IT Park,
LahugApas, Maxilom Avenue,
Cebu City, Philippines 6000. Cebu City, Philippines 6000.
Phone:+63 32 4106491 Phone:+63 32 5126275
Manila
Tech Mahindra Limited Tech Mahindra Limited
5/F Felina Corporate Plaza, Eastwood 3/F eCommerce Plaza Building, Garden Avenue,
Eastwood City, Bagumbayan, Road, Eastwood City, Bagumbayan, Quezon City, Metro Manila,
Philippines Quezon City, Metro Manila, Philippines 1110.
1110.
Phone:+632 7360893 Phone:+632 6662821
Phone:+632 6619623 Phone:+632 7091673
Singapore
Tech Mahindra Ltd.
#06-01, Honeywell Building,
17 Changi Business Park Central 1,
Singapore - 486073
Phone:+65 6417 7201
South Korea
Seoul
Tech Mahindra Ltd.
16th Floor, Posco P&S Tower,
Teheran-ro 134, Gangnam-gu, Seoul, 135-923, South Korea.
Phone:0082-2-20157652
Taiwan
Taipei
Tech Mahindra Ltd.
Room No. 8, Level 37, Taipei 101 Tower, No.7 Section 5, Xinyi Road
Taipei City 11049, Taiwan Republic Of China
105-0001
122,
l Cebu IT Park,
Avenue,
y, Metro Manila,
Phone:+886 2 87582984
Thailand
Bangkok
Tech Mahindra Ltd. Tech Mahindra Ltd.
Suvarnabhumi Airport, AOT Building, 4th floor, 54 BB Building, 13th floor, Unit No 1304
Room no. Z4-008, 999 Moo1 TambonNongprue, SukhumvitSoi 21 (Asoke Road) KlongtoeyNua
Amphoe Bang Plee Samutprakarn 10540 Bangkok Wattana, Bangkok 10110 , Thailand Phone:+66
Phone:+66 2 1346253 2 640 8170
Vietnam
Hanoi
Tech Mahindra Ltd. Suite 2136, 21st Floor Capital Towers
109 Tran Hung Dao HoanKiem District Hanoi, Vietnam
Americas
Argentina
Buenos Aires
Tech Mahindra Argentina SA
Esteban ECHEVERRIA 1960
Código Postal B1604ABV
Florida Oeste -Pcia de Buenos Aires Argentina
Phone:+54 11 52909252
Fax:+54 11 52909249
Bolivia Santa Cruz
Tech Mahindra Bolivia S.R.L.
3er AnilloInterno – Barrio MarabolCalle Ricardo Chávez #570 Santa Cruz – Bolivia
Phone:+591-3-3450078 Fax:+591-3-3450079
Brazil Alphaville
Tech Mahindra Brazil
Alameda Araguaia, 2044 - Tamboré Barueri – SP, Brazil
Tour 1 – 8º. Floor - Rooms 808/809 06455-000
Rio de Janeiro
Tech Mahindra Brazil
PraçaPio X
98 - 11º andar - Centro - RJ - CEP. 20.091-040 Phone:(21) 3550-3100
Sao Paulo
Tech Mahindra Ltd.
Av. Maria Coelho Aguiar
215, Bloco C, Floor 5 - Jardim São Luís São Paulo, SP 05804900
No 1304
KlongtoeyNua
and Phone:+66
Phone:+55 11 2123-8100
Canada
New Brunswick
Tech Mahindra Ltd.
720 Coverdale Road, Unit A010. Riverview Place, Riverview,
Moncton, New Brunswick, Canada. E1B3L8
Ontario
1960 Eglinton Avenue East, 2nd Floor, 100 Consilium Place, Suite 200.
Scarborough Toronto Ontario M1L2M5 Scarborough, Ontario
Phone:+1 647 494 3374 M1H 3E3.
Phone:+1 877 725 8579
Vancouver
Tech Mahindra Ltd.
999 Canada Place,
Suite 404, Vancouver, British Columbia V6C 3E2
Phone:604-641-1363 Fax:604-641-1214
Colombia
Bogotá
Tech Mahindra Colombia S.A.S.
Cra.45 #97-50, Of.1102-03
Bogota, Colombia 110221
Phone:+571 6910056/ 6185594
Costa Rica
San Jose
Tech Mahindra Costa Rica S.A
Sabana Sur,
CalleMorenos 150 mt Sur del Supermecado AMPM, Edificio color papaya, San Jose, Co
+506-403-025-87
Ecuador
Guayaquil
Techmahindra Del EcuadorKenedy Norte Manzana 1010 Solares 7,8 y 9 Guayaquil , Ecuador Pho
Quito
Techmahindra Del EcuadorJose Herboso OE3-256entre Benitez y Av. La Prensa Phone:+593-2- 6
Guatemala
Tech Mahindra Ltd. AvenidaReforma, 7-63 Zona 9, Edificio Aristos Reforma, 4to Niv
Office# 401, Guatemala

w,
color papaya, San Jose, Costa Rica Phone:
,8 y 9 Guayaquil , Ecuador Phone:+59342684315E_mail:infoecuador@techmahindra.com
Av. La Prensa Phone:+593-2- 601-8789E_mail:infoecuador@techmahindra.com
io Aristos Reforma, 4to Nivel,

Phone:+502-2334-3421 Fax:+502-2334-2648
Mexico
Mexico City
Tech Mahindra de Mexico S .de TecnoParqueEje 5 Norte990, Azcapotzalco,
Tech Mahindra
Santa Barbara,
de Mexico02230Ciudad
S .deTechnoparque,
de México,
Ground
D.F.E-mail:
Floor FCS.M
Block
Tech Mahindra de Mexico S .de PROL Bernardo Quitana sur No.302 Col Centro sur, Queretaro QueretaroE-mail: CS.Mexico@techmahi
Panama
Tech Mahindra Panamá, S.A
Via Simon Bolivar,
(Transistmica) Edif H. Herburgeroficina 5 y 10, Panama Phone:+507 26 14 764
Peru
Lima
Tech Mahindra De Peru S.A.C Amador Tech Mahindra De Peru S.A.C
Merino Reyna #465, Edificio Trillium, Av. Jose Guillermo Salvador Lara 489- 493
5th Floor, San Isidro, Lima - 15046 Primero PisoUrbanización Las Quintanas
Trujillo
United States of America
California
Tech Mahindra (Americas) Inc. Tech Mahindra (Americas) Inc.
1735 Technology Drive, Suite No. 575, San 100 Pacifica, Suite 310, Irvine,
Jose, California 95110 California
Phone:+1 408 707 1831
Tech Mahindra (Americas) Inc. Fremont

10 (sba 02001) 6092 Stewart. Av Fremont
CA 94538-3152
Connecticut
Tech Mahindra (Americas) Inc.
334 Ella Grasso, Air Exchange Building, Windsor Locks, Connecticut, 06096.
Florida
Phone:+507 26 14 764
Connecticut, 06096.
Tech Mahindra
501 Brickell Key Drive, Suite 200, Miami,
Florida, 33131
Georgia
Tech Mahindra Americas Inc.
3655 North Point Parkway, Suite 675,
Alpharetta, Georgia 30005.
Illinois
10 N Martingale Road,
Suite No. 400, Schaumburg, Illinois, 60173.
Kansas
Tech Mahindra
12980 Foster South Creek Building 1, Suite 190, Overland Park,
Kansas 66213
Kentucky
9401 Williamsburg Plaza,
Suite 102, Louisville,
Kentucky 40222
Michigan
Tech Mahindra Americas Inc.
20700 Civic Center Drive Suite 115 Southfield, 48076
Nebraska
Central Park Plaza, 222, South 15th street, 8th floor, Omaha, Nebraska 68102.
Nevada
Office 1 - 808,
College Parkway - Suite 102, 103 & 104, Carson City,
Nevada 89703
New Jersey
1001 Durham Avenue, Suite 101, South Secaucus vXchnge 200B Meadowlands
Plainfield, New Jersey, 07080. Pkwy,
Secaucus New Jersey 07094
New York
Tech Mahindra
Equinix NY9, 111 8th Avenue, New York 10011
North Dakota
No.3320 WestracDr, Fargo
and Park,
Omaha, Nebraska 68102.

(North Dakota) United States of America
Tech Mahindra Ltd.
200 North Warner Road, Suite 420, King Of Prussia, Pennsylvania 19406
Ohio
6000 Freedom Square, 200 West Prospect Avenue, Suite 701,
Suite 250, Independence, Ohio 44131. Cleveland, Ohio 44113.

4445 Lake Forest Place Suite 163, Blue Ash,
Ohio 45242.
Pennsylvania
Texas
Tech Mahindra (Americas) Inc. 4965 Tech Mahindra (Americas) Inc.
Preston Park Boulevard, Suite 500, Plano, 2500 City West Blvd. Suite 300,
Texas, 75093 Houston, Texas, 77042.
Phone:+1 214-974-9907
Washington
Tech Mahindra (Americas) Inc Tech Mahindra (Americas) Inc
6801 185th Avenue NE, Suite 100. Redmond, 15809 Bear Creek Parkway, Suite
Washington 98052 310 & 400, Redmond,
Washington 98052
Tech Mahindra (Americas) Inc

2001 6th Avenue, Suite 300,
Seattle, Washington 98121
Australia and New Zealand
Tech Mahindra Ltd.

Level 16, Office Suite No.1605, 200, Mary Street,
Brisbane – 4000, Queensland, Australia Phone:+61 7 30313612
Tech Mahindra Ltd.

Office Suite No.551,
Regus Canberra City West – Tower-A, Level 5, 7 - London Circuit,
Canberra - 2600, Australian Capital Territory. Phone:+61 2 6169 4150
Tech Mahindra Ltd.

Level 7, 465 - Victoria Avenue,
Chatswood - 2067,
New South Wales, Australia. Phone:+61 2 84848469
Tech Mahindra Ltd. Level 8, South Tower, 459 - Collins Street, Melbourne CBD - 3000, Victoria,
Australia.
Phone:+61 3 99342700
Tech Mahindra Ltd.

Level 5, 100 - Pacific Highway,
North Sydney - 2060, New South Wales, Australia.
Phone:+61 2 84848485
Tech Mahindra Ltd.

Level - 3, 267 - St. George Terrace, Perth – 6000, Western Australia.
Phone:+61 8 92116142 / +61 8 92116103
Tech Mahindra Ltd.
Level-6, Southern Cross Building, 59-67 High Street,
Auckland Central - 1010, New Zealand. Phone:+64 9 2814742
Australia and New Zealand
Australia
Brisbane, Queensland
Tech Mahindra Ltd.
Level 16, Office Suite No.1605, 200, Mary Street,
Brisbane – 4000, Queensland, Australia Phone:+61 7 30313612
Canberra, ACT
Tech Mahindra Ltd.
Office Suite No.551,
Regus Canberra City West – Tower-A, Level 5, 7 - London Circuit,
Canberra - 2600, Australian Capital Territory. Phone:+61 2 6169 4150
Chatswood, NSW
Tech Mahindra Ltd.
Level 7, 465 - Victoria Avenue,
Chatswood - 2067,
New South Wales, Australia. Phone:+61 2 84848469
Melbourne, Victoria
Tech Mahindra Ltd. Level 8, South Tower, 459 - Collins Street, Melbourne CBD - 3000, Victoria,
Australia.
Phone:+61 3 99342700
North Sydney, NSW

Tech Mahindra Ltd.
Level 5, 100 - Pacific Highway,
North Sydney - 2060, New South Wales, Australia.
Phone:+61 2 84848485
Perth, Western Australia

Tech Mahindra Ltd.
Level - 3, 267 - St. George Terrace, Perth – 6000, Western Australia.
Phone:+61 8 92116142 / +61 8 92116103
New Zealand
Auckland
Tech Mahindra Ltd.
Level-6, Southern Cross Building, 59-67 High Street,
Auckland Central - 1010, New Zealand. Phone:+64 9 2814742
Europe
Austria
Vienna
Tech Mahindra IT-Services GmbH
Albertgasse 35
1080 Vienna
Belgium
Brussels
Twin House B, 3rd Floor, Neerveld 107, Raketstraat 40, 1st Floor
1200 Brussels, Belgium. Evere - 1130 Brussels
Phone:+32 27732400 Belgium
Phone:+32 28919310
Charleroi
Tech Mahindra Ltd.
Zone Industrielle
4ieme Rue nr.33,6040 Jumet Belgium
Bulgaria
Sofia
Tech Mahindra Limited
3 Nikola Tesla Str., 8th floor, Sofia One, 1574, Sofia.
Czech Republic
MladaBoleslav
Tech Mahindra Ltd. StaromestskeNamesti No.84 MladaBoleslav, Czech Republic
Ostrava(Virtual Office)
Tech Mahindra Ltd.
28, rijna 3346/91, Moravska Ostrava 702 00, Czech Republic
Denmark
Copenhagen
Tech Mahindra Ltd. Lautrupvang 2, 1st floor 2750 Ballerup, Copenhagen Denmark
Phone:+45 44 78 30 37
Finland
Helsinki
Tech Mahindra Ltd, branch in Finland,
Lindström – House,
or
Lautatarhankatu 6 B 2 floor,
00550 Helsinki.
France
Paris
Tech Mahindra Ltd. 17 Avenue George V, 75008 Paris, France.
Phone:+33 01 44 43 47 20
Toulouse
Tech Mahindra Ltd.
Bâtiment Omega,
22 boulevard Déodat de Séverac, 31170 Colomiers.
Phone:+33 05 61 15 25 10
Germany
Berlin
Tech Mahindra GmbH NL Berlin
Grossbeerenstr. 2
12107 Berlin
Phone:+49 30 700 700 69
Dresden
Tech Mahindra GmbH WashintonStr, 16/16A dresden, Germany
Düsseldorf
Tech Mahindra GmbH
Fritz-Vomfelde-Strasse 8
40547 Duesseldorf
Phone:+49 211 205 408 18
Hamburg
Tech Mahindra GmbH Tech Mahindra GmbH
Channel 2, EG West Christoph-Probst-Weg 1
HarburgerSchlossstrasse 24 20251 Hamburg
21079 Hamburg Phone:+49 40 370251101
Phone:+49 40 743 60652
Phone:+49 40 743 60291
Muenchen
Tech Mahindra GmbH
88 North, Riesstrasse 20
80992 Muenchen
Phone:+49 89 5422540 06
Wiesbaden
Tech Mahindra GmbH
Borsigstr. 20
65205 Wiesbaden
Phone:+49 6122 50731-0
Wolfsburg
Tech Mahindra GmbH
Alessandro-Volta-Straße 20-26
1
38440 Wolfsburg
Phone:+49 536 189 8606 28
Hungary
Budapest
Capital Square Office Building, Capital Square Office Building
2nd Floor, Tower – V, 7th Floor, Tower – 6
76, Váci street, 76, VáciUt
HU-1133 Budapest (Hungary) HU-1133 Budapest (Hungary)
Tech Mahindra Ltd.
5th Floor, Cityzen Building – VáciUt 37 District 13 Budapest
Hungary
Ireland
Dublin
1st floor, Riverside two, 43/49 sir john rogerson's Quay Dublin 2
Northern Ireland
7th Floor, BT Riverside Tower, 5 Lanyon Place, BT1 3B (Belfast) Ireland
Phone +44-02890 446530 | Avaya: 450000
Waterford
Tech Mahindra Business Services Limited
Ground & 1st Floor, Block A
IDA Business & Technology Park Waterford, Ireland Phone:0035351599047
Italy
Milano
Tech Mahindra Ltd. Italian Branch Via A. Brocchi - LocalitàCastelletto, 20019 Settimo Milanese (MI).
Phone:+39 0284292002
Latvia
Riga
Tech Mahindra Ltd.
RIGA, Esplanade, 2nd and 7th floor Dzirnavuiela 57a, Riga, LV-1010
Luxembourg
Senningberg
Tech Mahindra Ltd
5, Rue Heienhaff, (2nd Floor, Wing E), L-1736 Senningerberg, Luxembourg.
Netherlands
ing
ry)
9 Settimo Milanese (MI).

The Hague
Tech Mahindra Limited Maanplein 20, Gebouw 8 [TP8] 2516 CK, Den Haag, Netherlands Phone:+ 31
70 3047700
Norway
Oslo
Tech Mahindra Norway AS
Campus TS
Martin Lingesvei 25,
1364, Fornebu
Phone:+47 67 82 72 72
Romania
Bucharest
Tech Mahindra Ltd.
Sector 1, str general c, Budisteanunr c, 2nd district, etaj,- 3 camera 10, 010775 Bucharesti
17, C.A Rosetti,
C I F RO 23555450 Bucharest SECTOR 2, Romania
,Romania
Phone:+44 07918714701
Phone:+ 91 9866129769
Spain
Madrid
Tech Mahindra- LCC Wireless Communication Services
Espana Juan de Mariana, No. 178 Plant 3rd 28045 Madrid
Spain
Sweden
Gothenburg
Tech Mahindra Ltd.
Sörredsbacken 20,
Göteborg – 41878. Phone:+463159687
Stockholm
Tech Mahindra Ltd. Waterfront Building Klarabergsviadukten 63
SE-111 64 Stockholm, Sweden Phone:+46 708304334
Switzerland
Basel
Tech Mahindra Ltd.
Aeschenvorstadt 71,
4051 Basel
Phone:+41 (0)612254246
Fax:+41 61 225 42 49
Geneva
Tech Mahindra Ltd.
Chemin Chateau-Bloch 11, 1219 Le Lignon
Geneva, Switzerland
aag, Netherlands Phone:+ 31
10, 010775 Bucharesti
nia
Phone:+41 (0) 022 879 9570
Fax:+41 (0)22 879 9579
Tech Mahindra Ltd. World Trade Centre, Leutschenbachstrasse 95

8050 Zurich.
Phone:+44 (0)44 308 37 20/21/35
Fax:+41 44 308 3500
Tech Mahindra Ltd.

Aztec West 2430/2440 The Quadrant Aztec west Almondsbury Bristol-BS32 4AQ
Tech Mahindra Ltd.

Metasi House, DSP House
west street Crewe Cheshire CW1 3PA
Tech Mahindra Ltd.

LAB, BT PLC, Room W1-06
Columba house, Adastral Park Ipswich, IP5 3 RE
Tech Mahindra Ltd.

63, Queen Victoria Street, EC4N 4UA (London) United Kingdom
Phone:+44 (0)1908 553400
Tech Mahindra Ltd. 1st Floor Laser House Waterfront Quay Salford, M50 3XW Manchester, UK
Phone:+44 (0)161873 8001, +44(0)161873 7029
Tech Mahindra Ltd.

401 Grafton Gate East, Milton Keynes MK9 1AT United Kingdom
Phone:+44 (0)1908 553400
Tech Mahindra Ltd.
Office 8, HethelEngeneering Centre ChapmanwayHethel
Norfolk-NR14 8FB
Phone:+41 (0) 022 879 9570
Fax:+41 (0)22 879 9579
Zurich
Tech Mahindra Ltd. World Trade Centre, Leutschenbachstrasse 95
8050 Zurich.
Phone:+44 (0)44 308 37 20/21/35
Fax:+41 44 308 3500
United Kingdom (UK)
Bristol
Tech Mahindra Ltd.
Aztec West 2430/2440 The Quadrant Aztec west Almondsbury Bristol-BS32 4AQ
Crewe
Tech Mahindra Ltd.
Metasi House, DSP House
west street Crewe Cheshire CW1 3PA
Ipswich
Tech Mahindra Ltd.
LAB, BT PLC, Room W1-06
Columba house, Adastral Park Ipswich, IP5 3 RE
London
Tech Mahindra Ltd.
63, Queen Victoria Street, EC4N 4UA (London) United Kingdom
Phone:+44 (0)1908 553400
Manchester
Tech Mahindra Ltd. 1st Floor Laser House Waterfront Quay Salford, M50 3XW Manchester, UK
Phone:+44 (0)161873 8001, +44(0)161873 7029
Milton Keynes
Tech Mahindra Ltd.
401 Grafton Gate East, Milton Keynes MK9 1AT United Kingdom
Phone:+44 (0)1908 553400
Norfolk
Tech Mahindra Ltd.
Office 8, HethelEngeneering Centre ChapmanwayHethel
Norfolk-NR14 8FB
Middle East
Bahrain
Manama
Tech Mahindra Ltd.
Al Salaam Tower, 11th Floor, Diplomatic Area, Manama Bahrain
Phone:+973 17534057
Qatar
Doha
Tech Mahindra Ltd.
Palm Tower – B
Level 43, Suite No.4306 Majlis Al Taawon Street, West Bay, Doha, Qatar. PO Box. No:13279.
Saudi Arabia
Al-Khobar
Tech Mahindra Ltd. Tech Mahindra Arabia Limited,
Al Bandareyah Trading Centre, Al Hugayet Skyline Tower, Office No. 501
12th Floor, Al Khobar 31952, Prince Faisal Bin Fahad Street, Al- Po Box No.31671,
Khobar 31952 Kingdom Of Saudi Arabia.
Kingdom of Saudi Arabia Phone:+966 505894866 Phone:+966138824076
United Arab Emirates
Abu Dhabi
Tech Mahindra Limited Office No.1001, 10th Floor, Al Faraá Corporate Tower, 13 Delma Street,
Behind trans ad & commercial court, Abu Dhabi, UAE
Phone:+971 2 4414420
Fax:+971 2 4414421
Dubai
Tech Mahindra Ltd. Tech Mahindra Limited
Dubai Airport Free Zone - 6 B, Office No-1401-1408-1409, 14th Floor,
West Wing, Office No.832 Shatha Tower, Dubai Media City
Dubai P.O.Box-30810, Dubai, UAE
Phone:+971 4 3911700 Phone:+97143911700 (Reception)
Fax:+971 4 3911713 Fax:+97143911713
Africa
Chad Ndjamena
Tech Mahindra Ltd

Quartier Béguinage, Rue 1029, BP 324, Ndjamena, Tchad.
Phone:+235 600-100-10
Congo(B)
Pointe-Noire
Marcel Vincent Gomes, BP 542,
Building Ex-Bata Pointe-Noire, Republic of Congo.
Democratic Republic of Congo
Kinshasa
Tech Mahindra Ltd.
Avenue Tombalbay, Immeuble, “Le Prestige” 1er Niveau Kinshasa Congo (DRC)
Phone:+243999967394
Ethiopia
Tech Mahindra Ltd. Millinium building, Bole Addis Ababa, Ethiopia Phone:+260 9766
Gabon
Libreville
Tech Mahindra Ltd.
1st Floor CFAO Building, Libreville Gabon
Phone:+241 04064697
Ghana
Accra
Tech Mahindra Ltd. 83, Spintex Road Accra
Phone:+ 233 561166161
Kenya
Nairobi
Tech Mahindra Ltd
Block B, 6th Floor, Reliable Towers, Mogotia Road, Westlands,
Nairobi, Kenya
Malawi
Lilongwe
Tech Mahindra Ltd.
City Mall Shops 1 – 7
Michinji Round about, P.O. Box - 1666 Lilongwe
Phone:+265 994205222
Nigeria
Abeokuta
3279.
o.31671,
076
ma Street,
nshasa Congo (DRC)
Ethiopia Phone:+260 976620894

nds,
Tech Mahindra Ltd.
3rd to 6th Floor, Opic Towers, Oke–Ilewo Abeokuta - Ogun State
Phone:+234 8066792757
Lagos
Tech Mahindra Nigeria Ltd.
Coscharis Plaza
3rd Floor, 68A, AdeolaOdeku Victoria Island, Lagos.
Phone:+234 8066792757
Rwanda
Kigali
Tech Mahindra Ltd
Boulevard de l’Umuganda - Aurore Building – Kacyiru,
P.O. Box 1902 - Kigali – Rwanda Phone:+250726635298
South Africa
Cape Town
Tech Mahindra Ltd.
Unit 3, 2nd Floor, Rostra House, The forum North Bank Lane Century City 7441, Cape
South Africa Phone:+27 764006133
Johannesburg
10th Floor, Office Towers, 5th Street, 676 on Gallagher Cnr Old Pretoria Road and
Cnr&Rivonia James Cresent
Sandton - 2196, Johannesburg South Africa Midrand, Johannesburg-2196
Phone:+27 11 6762800
Uganda
Kampala
Tech Mahindra Ltd.
1st Floor, NIC Building 3, Pilkington Road, Kampala, Uganda.
Phone:+256(0)782111318
Zambia
Lusaka
Petroda House, Great North Road, P.O. Box – 2nd floor, (Middle block) Petroda Towers North
30770 Great Drive Road, Lusaka Zambia
Lusaka, Zambia Phone:+260 976620894
*Information as provided by Tech Mahindra Limited on 20th July 2018

Ba
ate
Century City 7441, Cape Town
Back
M/s Talakunchi Networks Pvt. Ltd.
Talakunchi Networks Pvt. Ltd. ,
Mumbai

 Network security audit (Y/N) :
 Web-application security audit (Y/N) :
 Wireless security audit (Y/N) :
 Mobile Security audit (Y/N) :
 IoT Security Assessment (Y/N) :
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) :

Govt. :
PSU :
Private :
them)
Mobile Security audit :
CISSPs : NA
BS7799 / ISO27001 LAs : 1
CISAs : 2
DISAs / ISAs : NA
Any other information security qualification : 4 CEH,
2 OSCP,
5 ECIH,
3 ECSA,
1 ECSP .net
S Name of Duration with Experience in Qualifications
. Employee <organization> Information related to
N Security Information
o. security
1 Rahul Gala 2.2 Years 10.0 Years BE, OSCP, CISA,
CEH, ECSA,
ECSP,GCIH, CEI
2 Vishal Shah 2.2 Years 10.0 Years BE, OSCP, CISA,

CEH,GCIH,
FireEye
3 Pranjali Shah 2.2 Years 5.0 Years BE
4 Sujal Shah 2.2 Years 5.0 Years BE
5 Jay Shah 2.2 Years 4.0 Years BSc IT, ECIH
6 VidulaTendolkar 2.2 Years 2.2 Years BSc, ECSA
7 Harshil Shah 2.0 Years 2.0 Years BE, CEH
Burp Suite Professional SQLMAP
Wireshark ZAP
Netsparker Nikto
Web Inspect CSRF Tester Wapiti Fiddler
SQL Ninja W3af WinHex WebScarab IDAPro Drozer MobSF Nessus Kali Linux Metasploit Nmap Aircra
Cain & Able JohnTheRipper IronWasp Nagios
Social Engineer Toolkit
9. Outsourcing of Project to External Information Security Auditors / Experts : No ( If yes, ki

11. Whether organization is a subsidiary of any foreign based organization? : No If yes, giv

*Information as provided by Talakunchi Networks Pvt. Ltd. on 18-Jul-2018
Ba
ion :
: 2016
: Yes
: Yes
: Yes
: Yes
: Yes
(Y/N) : Yes
: NA
: NA
: 25+
udits done : 25+
20+
20+
3
10+
2
NA
1
2
NA
4 CEH,
20
Qualifications
related to
Information
security
BE, OSCP, CISA,
CEH, ECSA,
ECSP,GCIH, CEI
BE, OSCP, CISA,

CEH,GCIH,
FireEye
BE
BE
BSc IT, ECIH
BSc, ECSA
BE, CEH
etary):
Linux Metasploit Nmap Aircrack-ng
: No ( If yes, kindly provide
: No
: No
Back
M/s Trusted Info Systems Private Ltd.
Trusted Info Systems Private Ltd.
 Network security / Data Centre audit (Y/N) - incl VA-PT : Yes
 Web-application security audit / Mobile App - incl VA-PT : Yes
 Wireless security audit (Y/N) - incl VA-PT : Yes
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) - incl VA-PT : Yes
 SAP - GRC Implementation, Post implementation
review & support / Audit : Yes
 ERP / SAP security audit : Yes
 Telecom Security audit : Yes
 ICS / SCADA Audit : Yes
 Security Operations Centre Review / Audit / optimisation : Yes
 Payment Gateway security audit : Yes
 Incident Life cycle management / review : Yes
 PCI / DSS review / compliance / audit : Yes
 Source Code Review / SDLC Review : Yes
 Cyber Security / Information Security - related trainings : Yes
Govt. :
PSU :
Private :
them)
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
S. No. Name of Duration with Experience in Information Qualifications related to
Employee <organization> Security Information security
1 Piyush Jain May 2002 15+ yrs CISA, ISMS-LA
2 SP Shah Singh May 2002 20+ yrs CISA, M Tech
3 Vijender Kaushik Dec 2016 15+ yrs CISA, ISMS-LA, MS
4 Virender Maini Jan 2004 14+ yrs CISA, CEH
5 Sanjay Gupta Feb 2005 11+ yrs ISA
6 Naveen Dham Dec 2016 10+ yrs ISMS-LA, PCI-DSS
7 Shiv Kumar Dec 2016 4+ yrs CCNA, B Tech
value.
- NW Security audit / Web App Security audit / ERP - SAP security audit - One of the top Indian MN
manufacturing plants in India and abroad - worldwide spread computer network with data centre an
India - Multiple user domains - about 15000 employees.
- SAP - GRC Access Controls Review / Audit - top Indian MNC - Pharmaceutical mfg. industry - N/W
complexity - 100+ servers, 600+ nodes
Commercial :
- Nessus
- Burp
- Acunetix
- AppScan
- Core Impact
- Net Sparker
- Web Inspect
- Nipper
- EnCase Forensics from Guidance Software
- IDEA data analytics
- Check Marx
- Immunity Canvas
Open Source / Free-ware :

- Kali Linux suite of tools
- Parrot Security suite of tools
- Black Arch suite of tools
- N-map
- Zap
- Metasploit
- Nikto
- Sqlmap
- Netcat
- OpenVas
- w3af
- Tamper data, etc. etc.
Proprietary :
- SAP-GRC SoD conflict resolution tool
10. Outsourcing of Project to External Information Security Auditors / Experts : No ( If yes, kin
12. Whether organization is a subsidiary of any foreign based organization? : No If yes, giv

*Information as provided by <organization> on <date>
Bac
ion :
: 2002
: 1
: 2
: 42
udits done : 45
9
31
5
2
-
3
4
1
3
7
lifications related to
rmation security
A, ISMS-LA
A, M Tech
A, ISMS-LA, MS
A, CEH
S-LA, PCI-DSS
NA, B Tech
plexity, locations etc.) along with project
dit - One of the top Indian MNC - multiple

r network with data centre and DRS sites in
aceutical mfg. industry - N/W size &
etary):
: No ( If yes, kindly provide
: No
: No
Back
M/s Briskinfosec Technology and Consulting Pvt Ltd
Briskinfosec Technology and Consulting Pvt Ltd
No.21,2nd Floor, Krishnamachari Rd, Tirumurthy Nagar, Nungambakkam, Chennai, Tami

▪ Network security audit (Y/N) - Yes
▪ Web-application security audit (Y/N) - Yes
▪ Wireless security audit (Y/N) - Yes
▪ Compliance audits (ISO 27001, PCI, etc.) (Y/N) - Yes

Govt. :
PSU :
Private :
them)
Sl No Description Count
1 Network Security Audit 7
2 Web Application Security Assessment 4
3 Website Security Assessment 7
4 Secure Source Code Review 1
5 Compliance Audit( ISO 27001, PCI etc.,) 2
6 Wireless Security Audit 1
7 Mobile Security Assessment 1

Sl No Description Count
1 CISSP 1
2 CISA 2
3 DISA/ISA'S 1
4 Any other Information Security Qualification
5 - Certified Ethical Hacker 7
6 - Certified Security Analyst 1
7 Total No Employees 15
ion:
ngambakkam, Chennai, Tamil Nadu 600034
: 2015
es
es
es
s
5
1
12
23

Sl. Name of Duration with Experience in Information Qualifications related
No. Employee <organizati on> Security to Information security
1 DawoodAnsar 2 years & 5 3 years & 5 months CEH & ECSA

months
2 Jerry Louis 1 Year & 2 Months 1 Year & 8 Months CEH
3 Alex Daniel Raj 1 Year & 7 Months 1 Year & 7 Months CEH
4 Dinesh C 2 Years & 10 3 years & 5 months ----

months
value.
• Client Name : Methode Electronics
• Information Security Audit : RF Security Assessment
• Complexity of the Application:
To assess the Internal RADIO Security of Hetronic against an unauthorized attack and detect v
that may pose a threat to its devices and the application. Complete security assessment has b
real-time black hat security perspective.
• Project Value:INR 13,97,106.00

• NESSUS
• BURPSUITE
• NEXPOSE
• KALI LINUX TOOLS
• ACUNETIX
• OWASP ZAP
• POSTMAN
• WEMAP
10. Outsourcing of Project to External Information Security Auditors / Experts : NIL


*Information as provided by Briskinfosec Technology and Consulting Private Limited as on Dec 20
Ba
ity, locations etc.) along with project
tronics
Assessment
orized attack and detect vulnerabilities

ecurity assessment has been executed by
y):
: NIL
: NO
: NO
: NO
te Limited as on Dec 20, 2019
Back
M/s Crossbow Labs LLP
Crossbow Labs LLP
146, 5th Floor, Gopal Towers, Ramaiah Street,
H.A.L II Stage, Bangalore – 560008
2. Carrying out Information Security Audits since : Nov 2014

Govt. :
PSU :
Private :
handled by them)
CISSPs : 2
BS7799 / ISO27001 LAs : 5
CISAs : 2
DISAs / ISAs : 0
C.E.H -
PCI 4–
PA 5-
1
ECSA -
Total Nos. of Technical Personnel : 1 15
No. Crossbow Labs LLP Security Information security
1 Rosan Thomas 3 Years 7 years CISSP, CISA, ISO 27001 LA

& PCI QSA
2 Deepak Umapathy 3 Years 8 years ISO LA 27001 PCI QSA
3 M.K. Prasad 2 Years 5 Years C.E.H
4 Kirubakaran Parkunan 1.5 years 5.5 years LA ISO 27001
5 Nithiyanandam 3years 4.5 C.E.H ISO 27001 LA

6 Arpit Rohela 1.7 Years 1.7 Years C.E.H, E.C.S.A
7 Sardar Salim Shaikh 1.8 1.8 C.E.H SECURITY +
project value.
Lulu International Group, U.A.E
13 Server Locations, 300 + IP addresses that includes DC, Network devices and POS locations
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary): Nessus, Meta
Exploitpack, Burpsuite, Bolt (Data finder tool), Compliance management tool.
10. Outsourcing of Project to External Information Security Auditors / Experts : No ( If ye

*Information as provided by Crossbow Labs LLP on 06th FEB 2019
Bac
-In empanelled Information Security
anization:
aiah Street,
: Nov 2014
: 0
: 0
: 100
ts done : 100
an add categories based on project
30
15
15
40
2
5
2
0
15
s in Government and Critical sector
, complexity, locations etc.) along with

devices and POS locations.
proprietary): Nessus, Metasploit,
ool.
perts : No ( If yes, kindly
: No
? : No If yes, give details
: No
Back
M/s CyRAAC Services Private Limited
CYRAAC SERVICES PRIVATE LIMITED BANGALORE

Govt. :
PSU :
Private :
(Etyacol, Fincare, Samasta, ITC Infotech, Zeotap, Firstsour
Mphasis, Marlabs, Market Xpander, Axis Cades, Rang De, B
Nos. of Information Security Audits done:
handled by them)
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
CEH
CISM
CBCP
PCI DSS QSA
project value.
Allcargo Logistics – Rs 13 Lakhs ECU Worldwide - Rs 13 Lakhs Ernst & Young – Rs 18 Lakhs

Organization:
: 2017
Y
Y
Y
Y
: 0
: 1
:
Infotech, Zeotap, Firstsource, DTDC,
er, Axis Cades, Rang De, BeMore) Total
done:
3
30
2
9
1
1
(2),
(1),
(1),
(1)
14
ons related to
on security
rnst & Young – Rs 18 Lakhs
e/proprietary):
Network Security, Web Application Security, Wireless Security Audit
Tool Detail
Nessus Professional Infrastructure Scanning
Qualys Web Application Scanning
Fortify Web Inspect Web Application Scanning
Burp Suite Penetration Testing
Metasploit Penetration Testing
NMAP Infrastructure Scanning
Wireshark Infrastructure Scanning
Charles Infrastructure Scanning
Nikto Penetration Testing
SQLmap Penetration Testing
Compliance Audits
LogicGate
12. Whether organization is a subsidiary of any foreign based organization : No If yes,

*Information as provided by CYRAAC SERVICES PRIVATE LIMITED on 7th Feb 2019
Ba
ication Security, Wireless Security Audit
rnal Information Security Auditors / Experts : No

ight arrangement (MoU, contract etc.))
Foreign Tie-Ups? If yes, give details : No
sidiary of any foreign based organization : No If yes, give details
arters/Offices, if any : No
AAC SERVICES PRIVATE LIMITED on 7th Feb 2019
Back
M/s Netrika Consulting India Pvt. Ltd.
Netrika Consulting India Pvt. Ltd.
Govt. : None
PSU : None
Private :
Delhivery Pvt Ltd , Audio Magick, Fairfax , Risq Group
handled by them)

Cyber Forensics : 3
Mobile Forensics : 1
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
EC Council Certified Ethical Hacker( CEH), ISO20000 , ISO
<organization> Security
1 Nikit Jain 6 Month 3
2 Mohnish Gehlot 1.5 Years 3
2 Vaibhav Pulekar 1.8 Years 7
3 Harshwardhan Rawat 1.8 Years 7

4 Deepak Singhal 1 Month 10
project value – Delhivery Private Ltd (Implemented ISO 27001 : 2013 for their organization, Carried
audit) , Annual Review of ISMS & Implementation of controls for ISO 27017 (Security controls for cl
Project Scope was their corporate office in Gurgaon. Total Project value Approx – 5.5 L

Commercial - Burpsuite , Netsparker
Freeware -Zed Attack Proxy (ZAP), Vega, SQLMap Burpsuite OWASP SQLi
Dubai
SAIF ZONE , Q1-06-141/C PO Box – 124932
Sharjah Airport Free Zone
Singapore
Regus Vision Exchange 2 Venture Drive
Level #24-01 - #24-32
Singapore 608526
+65 87308006
Sri Lanka
32 Uswatte Road, EtulKotte,Kotte, Sri Lanka
*Information as provided by Netrika Consulting India Pvt. Ltd. on 07-02-2019

Ba
ompetence of CERT-In empanelled Information Security
Security Auditing Organization :

ing India Pvt. Ltd.
: 2015
required)
: (Y)
: (Y)
: (Y)
: (Y)
2 Months :
: None
: None
:
Group
: 5
wise (Organization can add categories based on project
: 7
: 6
: 6
: 3
: 1
: 3
ecurity audits :
: none
01 LAs : 3
: none
: none
ation security qualification :
fied Ethical Hacker( CEH), ISO20000 , ISO 9001 2000 LA
hnical Personnel : 7
rmation security audits in Government and Critical sector
CEH
CEH
CEH , ISO 27001: 2013 LA
CEH , ISO 27001 : 2013 LA

ISO:270001 LA, ISO:20000
e (in terms of volume, complexity, locations etc.) along with

ISO 27001 : 2013 for their organization, Carried our surveillance
f controls for ISO 27017 (Security controls for cloud services) .
Total Project value Approx – 5.5 L
arker
SQLMap Burpsuite OWASP SQLi
ecurity Auditors / Experts : No
, contract etc.))
gn based organization? : No
ny : Yes
a Pvt. Ltd. on 07-02-2019

Back
M/s NSEIT Ltd.
NSEIT Ltd, Trade Globe,
Ground Floor, Andheri-Kurla Road,
Andheri (E), Mumbai - 400 059.PIN 400059.

 Mobile-application security audit (Y/N) : Y
Govt. :
PSU :
Private :
handled by them)
Network security audit : 10 plus
Web-application security audit : 40 plus
Information security policy review : 4 plus
6.
Technical manpower deployed for informationsecurity audits :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
CEH :
ECSA :
Giriraj Jadhav 0.9 yrs 12 yrs Cambridge Certified Linux
Associate Cambridge Certified
Security Associate Cambridge
Certified Internet Associate
Microsoft Certified
Professional (MCP)
Khushboo Sharma 0.7 yrs 11 yrs

Mittal Amrutbhai Patel 2.3 yrs 3 yrs
Sagar Karan 2.9 yrs 16 yrs Cambridge Certified Security

Associate
Cambridge Certified Internet
Associate International
Associate
– Association Of Certified
Fraud Examiners
CEH – Certified Ethical
Hacker
CIW Security Analyst
International Associate
– Association Of Certified
Fraud
Examiners.
Vidula Tendolkar 0.5 yrs 3.2 yrs ECSA

Sayed Abbas Raza 0.4 yrs 1.10 yrs CEH
Sneha Kawadgave 1.1 yrs 1.1 yrs CEH
Bhavesh Patil 0.3 yrs 3 yrs CEH, ISO 27001 LA
Organization :
400059.
: 2016
Y
Y
Y
Y
Y
: 3
: 3
: 8
udits done : 100 plus
10 plus
40 plus
2
5
4 plus
4
1
8
ons related to
on security
e Certified Linux
Cambridge Certified
Associate Cambridge
Internet Associate
Certified
nal (MCP)
e Certified Security
e Certified Internet
International
tion Of Certified
aminers
rtified Ethical
rity Analyst
nal Associate
tion Of Certified
s.
27001 LA
project value. Cyber Security Architecture and Configuration review for a payment gateway in India.

Sr Testing Environment Tool Name Commercial/
No Freeware/Proprietary
1 Web Appsec Burp Suite Professional Commercial
2 SQLmap Freeware
3 Dirbuster Freeware
4 Wireshark Freeware
5 Winhex Freeware
9 Mobile Appsec Android SDK Freeware
10 GenyMotion Freeware
11 ApkTool Freeware
12 Dex2Jar Freeware
13 JD-Gui Freeware
16 Burp Proxy Commercial
17 iOS Simulator Freeware
18 Cydia Freeware
20 iTools Freeware
22 iNalyzer Freeware
23 Androbugs Freeware
24 Network VAPT NMap Freeware
25 Nessus Commercial
27 TestSSLScan Freeware
28 SSLScan Freeware

*Information as provided by NSEIT Ltd. on 08/02/2019
Ba
e, complexity, locations etc.) along with
payment gateway in India. 55 lacs
/proprietary):
xperts : No ( If yes, kindly
: No
on? : No If yes, give details
: No
Back
M/s Pyramid Cyber Security & Forensic Pvt. Ltd.
Pyramid Cyber Security & Forensic Pvt Ltd,
FB-05, NSIC Software Technology Park Extension, Okhla In
Estate,
New Delhi-110020, India
2. Carrying out Information Security Audits since : 5+ Years
 Network security audit–(Y/N) : Yes
 Web-application security audit–(Y/N) : Yes
 Wireless security audit–(Y/N) : Yes
 Compliance audits (ISO 27001, GDPR, ISNP, HIPAA) : Yes
 IT Risk Assessment – (Y/N) : Yes
 Mobile Application Security Testing – (Y/N) : Yes
 Compliance audit as per Government of India
Guidelines (RBI, SEBI etc.) (Y/N) : Yes
 Incident Response (Y/N) : Yes
 Forensics Analysis (Y/N) : Yes
 Source Code Review (Y/N) : Yes
 Red Team Assessment (Y/N) : Yes
 Threat Hunting and Analysis (Y/N) : Yes
Govt. : 1
PSU : 0
Private : 2
handled by them)
Mobile Application Testing :
Compliance audits (ISO 27001, ISNP :
RBI Security Compliance Audits :
Forensic Analysis :
Incident Response :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security
qualification: OSCP
OSWP:
CISM :
ITIL :
:
CEH
Total Nos. of Technical Personnel ::
y Auditing Organization:
y & Forensic Pvt Ltd,
Technology Park Extension, Okhla Industrial
dia
: 5+ Years
)
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
Yes
: Yes
: Yes
: Yes
: Yes
: Yes
s:
: 1
: 0
: 20+
Security Audits done : 21+
5
10
2
3
5
1
3
15
2
udits:
0
2
2
1
2
1
1
2
2
20
S. Name of Employee Duration with Experience in Information
No. <organization> Security
1 Dinesh Bareja 8 Years 18+ Year
2 Sunil Yadav 10 Years 20+ Years
3 Harpreet Singh 6 Months 6+ Years
4 Deepankar Arora 1.5+ Years 3 Years
5 Praveen Sahu 4+ Years
6 UmmelMeel 2+ Years 3+Years
7 Ravi Kant 9 Months 2+ Years
8 Salman Mehboob Khan 5+ Years 6+ Years
9 Rahul Kumar 2.5 Years 5 Years
project value.
1. Conducted Network Security & Web Security Audit for complete internet facing infras
Oil and Energy Company in Africa.
2. Conducted Malware Incident Response along with Network Security Audit and Netwo
for M/s MFI, Kenya
9. List of Information Security Audit Tools used( commercial/ freeware/proprietary): Freeware
1. Nmap - Port Scanner
2. Maltego - Recon
3. OWASP ZAP - Proxy
4. Nikto – Vulnerability Scanner
5. Xsser – Vulnerability Scanner
6. Dirb/Dirbuster – File/Directory Enumeration tool
7. Empire – Post Exploitation Framework
8. Koadic – Command & Control (C2)
9. DNSscan – DNS Recon
10. Metasploit Framework – Exploitation
11. OpenVAS – Vulnerability Scanner
12. BurpSuite Community Edition – Vulnerability Scanner
13. Dirsearch
14. Veil-Evasion
15. Shellter
16. Immunity Debugger
17. WinDBG
18. MobSF Mobile Security Framework
19. Hping – TCP ping utility
20. Wireshark – Network Packet Capture
21. SQLMAP – SQL Injection Exploitation tool
22. John (Johnny) – Password cracking tool
23. Hashcat – Password cracking tool
24. NetCat – Network Swiss Army Knife
25. WafW00f – WAF Evasion tool
26. SET – Social Engineering Toolkit
27. CredSniper – Phishing Exploitation tool
28. Aircrack-ng – Wireless Exploitation Toolkit
29. Fiddler – Man-In-The-Middle Proxy
30. Sys-Internal Toolkit – Windows System Analysis & Malware Detection
Commercial
31. Metasploit Pro
32. Nessus Professional
33. BurpSuite
34. Shellter Pro

35. IDA Pro
36. Nipper
37. Accessdata FTK
38. VoundIntella
39. NetSparker
Propriety
 Custom Python Exploitation Scripts
 Siege Exploit Builder

*Information as provided by Pyramid Cyber Security & Forensic Pvt Ltd on 08-02-2019
Bac
CISA,CISM, ITIL
BE, ACE
B.Tech, OSCP, OSWP
OSCP
MS- Cyber Law & Information
Security, ISO27001 & HIPAA
B.Tech, CEH, Diploma in

Cyber Law
CISA, DISA, SIX
SIGMA Green Belt, CEH v8,
ISO27001LA, ITIL, COBIT-5
M.Tech, ACE, ISO 27001 LA
B.Tech, ACE, ISO27001LA
cope (in terms of volume, complexity, locations etc.) along with
eb Security Audit for complete internet facing infrastructure of an
onse along with Network Security Audit and Network Sanitization

commercial/ freeware/proprietary): Freeware
ool
Scanner
sis & Malware Detection
n Security Auditors / Experts : No ( If yes, kindly

c.))
s? If yes, give details : No
oreign based organization? : No If yes, give details
f any : No
rity & Forensic Pvt Ltd on 08-02-2019
Back
M/s Wings2i IT Solutions Pvt. Ltd.
Wings2i IT Solutions Private Limited, No 80, 3rd Floor, BOS
1st Cross, 2nd Main, BTM 2nd Stage Bangalore, Karnataka, IN

 Compliance audits (ISO 27001, PCI, SOC2, HIPAA,etc.)(Y/N) : Y
 Cloud Platform Configuration audit : Y
 Medical device Security audit : Y
 Mobile Application Testing : Y
 PII / Data Privacy Audits : Y
Govt. :
PSU :
Private :
handled by them)
Compliance audits (ISO 27001, PCI, SOC2, HIPAA,etc.) :
Cloud Platform configuration Audit :
Medical device Security audit :
Mobile Application Testing :
PII / Data Privacy Audits (GDPR/Canada/US/Australia) :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
(CEH , DSCI LA , CPISI etc.) :
rganization:
ited, No 80, 3rd Floor, BOSS SQUARE,
Bangalore, Karnataka, INDIA 560076
: 2010
Y
Y
Y
Y
Y
Y
Y
Y
: 0
: 0
: 180+
udits done : 180+
50+
47
11
50+
3
1
9
8
1
12
2
0
17
17
No. Wings2i Security Information security
1 Vinod Kumar Agrasala 10years 20+ Years Certified Lead Auditor

- ISO 27001,22301,
20000, DSCI Certified Lead
Assessor for Data Privacy,
ITIL V3 Expert, ITIL4
Foundation,
2 Praveen Kumar Reddy 10 years 20+ Years Certified Lead Auditor

- ISO 27001, 22301,CISSP,
CISA, CCNA, MCSE and
CCA,
DSCI Certified Lead
Assessor for Data
Privacy,ITIL V3 Foundation.
3 Reena Ramachandran 9.5 Years 20+ Years Certified Lead Auditor

- ISO 27001, 22301,ITIL V3
Foundation.
4 Rajesh V Nair 6years 12 Years CISA, CCEP, CPISI,

– ISO 27001, 22301.
5 Gokul C Gopinath 1.5 Years 8 years Jncia-Junos,CE|H Certified

Lead Auditor
- ISO 27001, 22301, CCNA
CCVP .
6 A Sai Jitendra 2.5 Years 2.5 years Certified Lead Auditor
27001,22301, CDAC-
DITISS.
7 Harsh Jalan 2 Years 8+ years Certified Lead Auditor
27001, 22301, ITIL V3
Certified
8 Varun Sankaran 1 Year 6 Years Certified Lead Auditor
ISO/IEC 27001,
22301, ITIL
Foundation (V3)
9 Sumesh V .5 Years 7 Years CCVP/ CCNP,CCNA, AFCEH.
10 Puneeth S 4 Years 4 years Certified Lead AuditorISO

27001,22301, AWS
Solution Architect –
Associate,ITIL V3
Foundation Certified.
11 Azenio Prakash C 3 year 4 years Advanced Google

Analytics,Certified Lead
Auditor ISO 27001, 22301,
ITIL V3
Foundation Certified.
12 Susmita Rani Kha 1 year 3 Years Lead Auditor 27001.
13 Gourab Sahoo 2 Years 3 Years BTech.
14 AmitrajGurram 2 Years 2 Years CCNA.
15 Ragith KR 1 Year 2 Years BTech.
16 Penjuri Nagavardhan 1 Year 1 Year BTech.
17 Shashank Awadhut 1 Year 2 Years 2 Months CEH, CertifiedLead
AuditorISO 27001,Network
Security Professional,
Certified in Advance Java
in Government and Critical sector
project value.
Sl no Organization &Domain Activity Locations Project Value
1 Major telecom ISMS Implementation, Algeria ~ 10000000

provider Maintenance, Compliance,
Network & Application Audits
2 Major Healthcare Cyber Security (Network, Hospitals ~ 2000000

Service Provider in Application, Wireless and Medical across Multiple
India device Security Audits) and Risk Location in
assessment India
3 Major Mobile VAS ISMS compliance maintenance Bangalore ~ 4000000

Platform provider and audits, Network, Application
Since 2010 and wireless security Audit
4 Major BI product/ ISMS Compliance Implementation Bangalore, ~3200000

Platform provider and Audit, Product Security Audit Pune, Mumbai,
UK, Japan, US
5 Major Data Analytics ISMS Compliance maintenance Bangalore, ~ 4000000

service Provider and audits, Data analytics Austin
Platform (web, Mobile), Network
and wireless security Audits, Data
privacy and SOC2 Compliance
Audits, HIPAA trainings
6 Financial printing Network, Applications, Wireless Multiple ~1000000

service provider for and Device security Audits location across
Banks India

1. Commercial
1. Nessus Pro –Network security Audit
2. Burp Suit Professional – Web Application Security Audits
3. Nipper Studio
2. Freeware
1. Nmap
2. Nikto
3. Netcat
4. Wireshark
5. Kali
6. Metasploit
7. Mozilla Firefox security Addons
8. Firewalk
9. HPing
10. HTTrack
11. OWASP ZAP
12. OWASP Mantra
13. Xenotix
14. John The Ripper
15. Paros
16. Wikto
17. Ethereal
18. Brutus
19. Rips
20. IronWasp
21. Fiddler
22. Tamper Data
23. OpenVas
24. W3af
25. Exploit Database
26. SQL Map
27. Hydra
28. Android Debug Bridge
29. AndroBugs Framework
30. Apktool
31. ByteCode Viewer
32. Drozer
33. Dex2Jar
34. Jd-Gui
35. SQLite Database Monitor
36. Pidcat
3. Proprietary
1. Own developed Scripts for XSS, OS, AWS, and Database Security Audits
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes Outs
compliance audits to certified compliance auditing organizations.
Control Mechanisms:Contracts, NDA with the organization and auditing personalReview of the audit
submission.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes Accre
like PECB, PeopleCERT, Gaming Works and
partnership with multiple organization in Middle East

*Information as provided by Wings2i IT Solutions Pvt Ltd on 18-Feb-2019
Ba
e/proprietary):
ts
se Security Audits
Experts : Yes Outsourcing of
g personalReview of the audit report before

: Yes Accreditation bodies
: No
019
Back
M/s Zulon Consulting
Zulon Consulting, 2/203,Vahatuk Nagar, Amboli, Andheri(W) Mum

 Network security audit :

 Web-application security audit :
 Compliance audits (ISO 27001, PCI, etc.) :

Govt. :
PSU :
Private :
handled by them)
Brief Description of Work Details of Contact Person at Auditee
Organization (Name, email, website URL,
Mobile, telephone)
Sr. Category
Name: Priti Shah
Email ID: PritiShah@pmcbank.com
Organisation: PMCB
Audit as per RBI
1 Pvt.
requirements
Website: www.pmcbank.com
Phone number: (022) 6780 4174

Extn: 4174
Name: Ravindra Pathar
Audit as per RBI

### Pvt. Email ID: rspathar514@gpparsikbank.net
requirements
Organisation: GPP Bank

iting Organization:
tuk Nagar, Amboli, Andheri(W) Mumbai- 400058.
: 2016
: 10+
it : 15+
: 5+
01, PCI, etc.) : 4
: 2+
: 2+
: 30+
urity Audits done : 40+
zation can add categories based on project
Additional Info
PMCB
GPPJSB
Website:www.gpparsikbank.com
Phone Number: 022-25456524
Name: DK Gosavi
Email ID:
dkgosavi@kalyanjanata.in
Audit as per RBI Organisation: KJSB

### Pvt.
requirements
Website: www.kalyanjanata.in/
Phone Number: 9322705900
Name: Pankaj Khandelwal
Email ID: pankajk@insolutionsglobal.com
Audit as per PCI

### Pvt.
requirements Organisation: ISG
Website: www.insolutionsglobal.com
Name: Vikram Idnani
Email ID: Vikram.Idnani@trent- tata.com
Organisation: TATA Trent

Audit as per RBI
### Pvt.
requirements
Website: www.tata.com/company/profile/Trent

Name: Sreeram GC
Email ID: sgomadam@tatatrusts.org
Audit as per ISO27001
### Pvt.
requirements
Organisation: TATA Trust

KJSB
ISG
Tata – Trent
TATA TRUST
Website: www.tatatrusts.org
Phone Number:9962589935
Name: Rajendra Bhalerao
Organisation: National Payments Corporation

of India (NPCI)
Section 8 Audit as per PCI

7 NPCI
Company requirements
Website: https://www.npci.org.in/
Phone: 7045958873

CISSPs
DISAs / ISAs
PCI QSA, CRISC, CEH, OSCP
:
:
:
:
No. Zulon Consulting Information Information security
Name of Employee
Security
1 Anshuman Dubey 16-Aug 7 ISO27001LA, ITIL.

2 Hamza Qureshi 16-May 4 ISO 27001 LA, ITIL
Foundation
3 Sharon Saldanha 16-Sep 4 CEH, CND, ESCA, CHFI
CCNA, Advance Diploma in Computer
Hardware & Web Technology
4 Niraj Yewlekar 16-Jan 8
5 Devdutta Gawade 16-Feb 8 ISMS LA

ISO 27001 LA, ITIL, MCSE,
6 Xavier M.S 16-Jan 18 CISSP, GDPR Foundation
7 Murali Krishnan 17-Jan 4 ISO27001LA, ITIL.

8 Bhagyashree Mulgund 16-Aug 6 ISO27001
9 Narendra Sahoo 16-Jan 25 CISSP, CISA, ISMS LA, CRISC
10 Sayed Asad 16-Dec 4 CEH
CEH, Post Graduate Diploma in IT
Infrastructure, Sys-tem and Security
11 Sneha Desai 16-Feb 4
(PD-DITISS)
NPCI
fication
2
6
2
1
15
related to
ecurity
IL.
TIL
A, CHFI
Diploma in Computer
b Technology
TIL, MCSE,
oundation
IL.
MS LA, CRISC
duate Diploma in IT
Sys-tem and Security
project value.
Projects Volume Complexity
InSolutions Global – Into card printing, card processing, Payment processor to some
Compliance Management payment application development of the largest banks and
– We support end to end merchants in India
compliance
PMCB – Compliance End to end compliance One of the largest Co—

Management operative bank
GPPJSB – Compliance End to end compliance One of the largest Co-
Management operative bank
1. Rapid7 NeXpose
2. IBM Rational AppScan.
3. NESSUS.
4. GFI Languard.
5. Acunetix WVS.
6. QualysGuard.
7. BurpSuite.
8. MetaPacktPublishingoit.
9. Nikto.
10. Wikto.
11. BackTrack Security Distro.
12. Paros Proxy.
13. Nmap.
14. Exploits DB from “astalavista”, “packetstormsecurity”, “exploitdb” etc.
15. Google Hack DataBase.
16. Inhouse customized Scripts.
17. Zero Day Scripts / Exploits.
18. Other Tools (As when required by the type of work).


*Information as provided by Zulon Consulting on 18th February 2019.
Ba
Locations
Mumbai, Pune, Delhi and
Bangalore
100 locations across

Maharashtra
75 locations across
Maharashtra
y”, “exploitdb” etc.
).
uditors / Experts : No ( If yes, kindly provide
ve details : No
d organization? : No If yes, give details
: No
ruary 2019.
Back
M/s AQM Technologies Pvt Ltd
AQM Technologies Pvt Ltd.
Mumbai, India
2. Carrying out Information Security Audits since: 2001
(erstwhile AUDITime Information Systems Ltd.)
Network security audit (Y/N): Y
Web-application security audit (Y/N): Y
Wireless security audit (Y/N): Y
Compliance audits (ISO 27001, PCI, etc.) (Y/N): Y
Cyber Security & CSOC Audits Y
Cloud & DC, DR, BCM (ISO 22301) Audits Y
Source Code Reviews Y
IT Application / ERP Audits Y
IT Security & Infrastructure Audits Y
Vulnerability Assessments & Pen Testing (Mobile/WebApps) Y
Third Party / Outsourcing / Vendor Audits Y
Functional Audits (BFSI/CBS/ Treasury / GL/ Recon) Audits Y
SWIFT / ATMs/ Switch/ API/ Payment Gateway Audits Y
Data Migration & Pre / Post Implementation Audits Y
IT M&A / Due Diligence Audits Y
Concurrent / Continuous Audits – DC, Application, Privileged Access Audits Y
Assurance of IT Audits Y
Govt.:<number of>: 33
PSU:<number of>: 23
Private:<number of>: 48
Total Nos. of Information Security Audits done: 104
handled by them)
Network security audit: 14
Web-application security audit: 57
Wireless security audit: 01
Compliance audits (ISO 27001, PCI, etc.): 16
Mobile/API PT: 06
Data Migration Audit: 03
Cloud Security Audit 01
AUA KUA Audit 02
ITCR AUDIT 09
Software Licensing 01
Source Code Reviews 02
Special / other Audits 07
Concurrent Audit 18
TOTAL 137
y Auditing Organization:
2001
hs:

CISSPs: 0
BS7799 / ISO27001 LAs: 5
CISAs: 6
DISAs / ISAs: 0

CISM,CISE, CCNA,CND CISC, CDAC (PG-DITISS),MSC
forensic science, Diploma in Cyber Law, CEH,CDAC (ITSS),Networking, W
Linux, CHFI, ECSA,Internet crime investigation.
Total Nos. of Technical Personnel: 23

Sr. Duration with Experience in Qualifications related to
no. Name of Employee AQM Information Security Information security
1 Madhav Bhadra 18 Years 18 Years CA,CISA, CISM

2 Ritesh Kotecha 12.5 Years 12.5 Years CA, CISA
3 Dhruti Patel 15 Years 15 Years CISA, ISO 2000
Rasika Manoj Patil 3 Years 3 Years CISA, CISM, ISO 27001 LA
4
Sanjay Jitendra Parikh 2.5Years 18 Years CISA, PG DCM, ITIL, ISO 27001
5 LA
Pravin Kumar Singh 2 Years 4.5Years CISE, CCNA, CEH, CYVECTOR
6
7 Pratik M Chotaliya 2 Years 2.6 Years ECSA, CEH, CND CISC

8 Shekhar Bhatnagar 2 Years 15+ Years MCSE, CCNA, CEH
9 Ruchika Agrawal 2 Years 2 Years CDAC (PG-DITISS)
Gaurav Kumar Naradmuni 1 Year 2.9 Years ISO 27001 LA
10 Pandey
MSC forensic science, ISO
27001 LA, CCNA, CEH, LINUX
Kiran Prakash Joshi 1 Year 1 Year
Administration
11
Nimesh S Kacha 1 Year 1 Year CEH v9, Cyber Law, ISO 27001
12 LA
Mahesh Vaman Harkulkar 1 Year 1 Year CDAC (ITSS)
13
Akash Bharat Chavan 1 Year 1 Year CDAC (ITSS)

14
Chaitanya Santosh Anant 1 Year 1 Year CDAC (ITSS)

15
16 Ashish Kumar Saini 3 Years 3 Years CDAC (ITSS)

17 Smita Sharma 1 Year 1 Year CDAC (ITSS), CEH v10
Vrushali P. Shirke 1 Year < 2Years CEH, Internet Crime
18 investigation
CDAC (ITSS),
19 Sanjay Kumar Verma 2 Years < 3Years Networking, Win Ad & Linux
Admin
Ankit Sunil Sharma < 1 Year < 1 Year CEH, CHFI, ECSA, ISO 27001
20 LA
21 Devender Tinwal < 1 Year < 1 Year CISA
Durgesh < 1 Year < 1 Year CDAC (ITSS), CEH v10
22 PratapraoBadgujar
23 KajolMogra < 1 Year < 1 Year MSC forensic science
project value.
1. State level APEX &DCCBs (Single Tender)
1. Apex Bank – 1 No.
2. DCC Banks – 19 Nos.
2. Total Branches : 620 Branches
3. Scope of audits:
),MSC
DAC (ITSS),Networking, Win Ad &
.
ts in Government and Critical sector
ations related to
mation security
SM
000
, ISO 27001 LA
CM, ITIL, ISO 27001
, CEH, CYVECTOR
CND CISC
A, CEH
DITISS)
LA
c science, ISO
CCNA, CEH, LINUX
on
ber Law, ISO 27001
)
), CEH v10
et Crime
n
),
Win Ad & Linux
ECSA, ISO 27001

), CEH v10
c science
e, complexity, locations etc.) along with
1. Application Audits (HO level)
2. Application Audits (Branches)
3. IT Control Review Audits
4. Network & Security Audits
5. Data Migration Audits
6. Risk Assessments
4. Project Value: ~ INR 17.7 million

Tool Name Purpose
Acunetix Web Application VA
Burpsuite Web App, Mobile App, API VAPT,
SoapUI API VAPT
IBM Appscan Source Code Review & Web App PT
Nessus Server VA, Network VA, Cloud VA
Python scripts (proprietary) Server/Network/Web application VAPT
Logcat Mobile Application VAPT
Other Tools
Kali Linux Mobile application VAPT, Web Application VAPT, Server VAPT, Network +
WiFI VAPT.
JD-GUI / DEX2JAR/ Mobile Application VAPT
APKTOOL/ Drozer/ MOBSF
POSTMAN Web services and API Testing automated tool
WireShark Network protocol analyzer
Ettercap network sniffing / intercepting / logger for ethernet LANs
OWASP Zed Attack Proxy/ Web application security scanning

SQLMap/ Iron Wasp/ Nikto
SSL Qualys server lab SSL Scanner
Internet security services checks/ assessment (eg: anti-fraud and anti-
NetCraft / NMAP phishing services and PCI scanning, Port scanning)
Metasploit Framework / Netcat Exploit code development framework for Pentesting
EchoMirage Thick Client VA & PT

10. Outsourcing of Project to External Information Security Auditors / Experts: No If yes
11. Whether organization has any Foreign Tie-Ups? If yes, give details: No
12. Whether organization is a subsidiary of any foreign based organization? No If yes,
13. Locations of Overseas Headquarters/Offices, if any: No

*Information as provided by AQM Technologies Pvt Ltd.On31st July 2019.
Ba
M/s Bharat Electronics Limited
BHARAT ELECTRONICS LIMITED
Registered &Corporate Office Outer Ring Road, Nagavara
Bengaluru – 560045, Karnataka
Representing all its 9 units at Bengaluru, Ghaziabad, Pune, Machlipatnam, Chennai,

Navi Mumbai, Kotdwara, Hyderabad and 2 Central Research Laboratories at Bangalore and
2. Carrying out Information Security Audits since : August 2015

 Wireless security audit (Y/N) : No
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes Gap analysis w
27001
 Secure SDLC Review (Y/N) : Yes
 Secure Code Review (Y/N) : Yes

Govt. : <number of> - Nil-
PSU : <number of>Infrastructure VAPT for BEL Units – 4; Application VAPT for the defe
customers – 11,
ISO 27001 Compliance audits for BEL Units 2
Private : <number of> -Nil-
Total Nos. of Information Security Audits done: -17-
5. Number of audits in last 12 months, category-wise (Organization can add categories based on p
by them)
Network security audit: <number of> -4-
Web-application security audit: <number of> -11- Thick-client application security
<number of> -5- Wireless security audit:<number of> -Nil- Co
(ISO 27001, PCI, etc.,):<number of> -2-
CISSPs : <number of> -Nil-
BS7799 / ISO27001 LAs : <number of> -10-
CISAs : <number of> -Nil-
DISAs / ISAs : <number of> -Nil-
M.Tech (Information Security) :<number of> -2-
M.Tech (Cyber Security) : <number of> -2- M.Tech (Cyber Law & Informatio
<number of> -1- NPT :<number of> -2-
CEH:<number of> -4-
CCNSP :<number of> -2-
CHFI :<number of> -1-
ACE :<number of> -1-
prietary):
rts: No If yes, kindly provide
No
No If yes, give details
No
Back
In empanelled Information Security
nization :
achlipatnam, Chennai, Panchkula,
tories at Bangalore and Ghaziabad.
August 2015
Yes
Yes
No
Yes Gap analysis w.r.t ISO
Yes
Yes
ation VAPT for the defence
dd categories based on project handled
client application security audit :

-Nil- Compliance audits
(Cyber Law & Information Security) :

-2-
nment and Critical sector organizations

Sl. Duration with Experience in Qualifications related to
No. <BEL> in Information Security Information security
Name of Employee
Years (in Years)
1 Kunal Mohan Sadalkar 8 7 M.Tech (Information Security)
2 Neeraj Kumar 5 7 M.Tech (Information Security),

CHFI V8, ACE
3 Jagan Mohan Rao B 20 8 PMP, Trained on CISSP
4 Shylaja K 20 15 PMP, ISMS LA, CCNSP,
Trained on CCISO & CISSP
M.Tech (Software Systems),
5 Bhagya Lakshmi A N 15 4 PMP, ISMS LA, NPT, Trained on
CISSP
6 Poornima M 10 2 M.Tech (Cyber Security), CEH
7 Swathi M D 9 4 CEH
8 Antony Benedict Raja G 9 5 CEH
9 Tarun Jain 9 5 Trained on CISSP
10 Deepak D 7 3 NPT, CEH
11 AnushreePriyadarshini 4 1 M.Tech (Software Engineering),
CEH
12 Akshatha S 0.7 0.7 -
13 SandeepGadhvi 0.7 1 M.Tech (Cyber Security), ISMS
LA
14 Viplav 0.7 0.5 M.Tech (Cyber Law &
Information Security)
15 Vaman A Naik 33 5 ISMS LA
16 Praveen Kumar H T 18 13 ISMS LA, CCNSP
17 Madhavi M 15 2 PMP, ISMS LA
18 Mrityunjaya P Hegde 9 3 PMP, ISMS LA
19 Srinivas T 26 8 ISMS LA
20 DeeprajShukla 10 4 ISMS LA
21 Padmapriya T 8 1 PMP, ISMS LA
value.
Information Systems Infrastructure Audit of BEL-IS Ghaziabad comprising of Antivirus Server, DC, ADC, R
Nagios, BEL_Sampark-Intranet Mail server,Web applications, Switches/Routers and Firewall for both In
Internetwork.
Freeware Commercial
Wireshark/ TCPDump Ettercap Dsniff Nessus

Kali Linux Ferret Lynis Nexpose
Nmap/ Zenmap Hamster NSLookup Metasploit Pro
Sqlmap IP scanner Netcat Burpsuite
Nikto Yersinia OmegaDB Acunetix
Hydra Ethereal OpenZap HP WebInspect
John the Ripper Echo Mirage OpenVAS HP Fortify
Putty WebScarab Hping IBM Appscan
Whois Tor’s Hammer Fiddler Maxpatrol
Scapy W3af SSLTest Codenomicon
Pyloris Sparta HTTPMaster beSTORM
LOIC Directory Buster Curl IDAPro
CSRF Tester SMTP Ping WireEdit
Ollydbg Hash-Identifier Process Hacker
MBSA Cisco Auditor Armitage
TestSSLServer SysInternals Suite Open SSL
Python / Powershell Scripts Cain and Abel Browser Plugins

ualifications related to
formation security
Tech (Information Security)
Tech (Information Security),

HFI V8, ACE
MP, Trained on CISSP
MP, ISMS LA, CCNSP,
ained on CCISO & CISSP
Tech (Software Systems),
MP, ISMS LA, NPT, Trained on
SSP
Tech (Cyber Security), CEH
EH
EH
ained on CISSP
PT, CEH
Tech (Software Engineering),
EH
Tech (Cyber Security), ISMS
Tech (Cyber Law &

formation Security)
MS LA
MS LA, CCNSP
MP, ISMS LA
MP, ISMS LA
MS LA
MS LA
MP, ISMS LA
olume, complexity, locations etc.) along with project
rising of Antivirus Server, DC, ADC, Radius, WSUS,

Switches/Routers and Firewall for both Intranet and
ware/proprietary):
Proprietary
NSAT
Scripts
10. Outsourcing of Project to External Information Security Auditors / Experts :
Yes/No ( If yes, kindly provide oversight arrangement (MoU, contract etc.)
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No
New York Singapore

Bharat Electronics Limited 53, Hilton Bharat Electronics Limited 06-01,
Avenue PSL Industrial Building
Garden City 156, Maopherson Road
New York – 11530, USA Singapore – 348 528
Oman Myanmar
Bharat Electronics Limited No. Bharat Electronics Limited No. 53,
0402Z214, 2nd Floor Building No.4 The Strand Square Level 2, Unit #.
Knowledge Oasis Muscat (KOM) PO 209, Strand Road
Box 200, Postal Code 123, AI Rusayl, PabedanTsp, Yangaon, Myanmar
Sultanate of Oman
*Information as provided by <BHARAT ELECTRONICS LIMITED> on <08.08.2019>

Ba
ormation Security Auditors / Experts :
arrangement (MoU, contract etc.)
n Tie-Ups? If yes, give details : Yes/No
of any foreign based organization? : Yes/ No
Offices, if any : Yes/No
Srilanka
Bharat Electronics Limited No. 385,
1st Floor Landmark Building, Galle
Road
Colombo – 03, Srilanka
Vietnam
Bharat Electronics Limited 10th Floor,
TNR Power Hanoi
Vietnam
AT ELECTRONICS LIMITED> on <08.08.2019>

Back
M/s HKIT Security Solutions
HKIT Security Solutions

Govt. :
PSU :
Private :
handled by them)
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
PhD (info Sec), GDPR, CSA-STAR, Certified Forensic Detect
1 Dr. Harsha HKIT Security 12 Years PhD (Info Sec), GDPR, LA,
Solutions CSA-STAR, PIMS,
2 Ms. Gayathri HKIT Security 8 Years ISO LA, Certified Cyber
Solutions Security Expert, Certified
Forensic Detective
3 Mr. Snehil HKIT Security 8 years CCNA, Certified SANS Cyber

Solutions Security , PET
project value.
 Sify Pan India Cyber Security Audit
 Hathway Cyber Security Audit Pan India
 Bosch (APAC) Cyber Security Audit (VAPT)
 Delhi Indira Gandhi International Airports (T1, T2, T3)
 Mumbai International Airports (T1, T2,T3)

 SIT (5000 Nodes Infra) Cyber Security and Network Security Assessments
 Aadhaar Enrollment Application (KA)
 MRPL Mangalore (Oil & Gas)
Scanners: Qualysguard, Nmap, Nessus, Acunetix , Burpsuite Pro Sniffers: W
Ettercap, Win Dump, Tcpdump, dsniff, network-miner. Packet crafting: Nemes
Password Crackers: Ophcrack, Brutus, Cain n Abel, L0pht crack, Hydra
Others: Burp, Paros, Achilles, Firewalk, Fragroute, httptunnel, snmpwalk, Netca
WebGoat, BinText, PmDump, PwDump, HTTPrint, WinHTTrack, Sam Spade, WEP
Reverse Engineering: gdb, Ollydbg, Filemon, Regmon, TCPmon, BinText, Jav
flare, flasm.
Exploitation: Metasploit Framework, custom exploits
Methodologies: OSSTMM, OWASP, NSA Security guidelines, OCTAVE.

*Information as provided by HKIT Security Solutions on 29th July 2019
Bac
Organization :
: 2012
(Y)
(Y)
(Y)
(Y)
: 5
: 25
: 20
udits done : 50
20
<25
5
5
4
10
5
5
R, Certified Forensic Detectives, PIMS

: 24
ons related to
on security
Sec), GDPR, LA,
R, PIMS,
ertified Cyber
Expert, Certified
Detective
rtified SANS Cyber

PET
2, T3)
ork Security Assessments

e/proprietary):
x , Burpsuite Pro Sniffers: Wireshark,
ner. Packet crafting: Nemesis, Scapy
bel, L0pht crack, Hydra
, httptunnel, snmpwalk, Netcat, Fport,
WinHTTrack, Sam Spade, WEPCrack, Kismet,
egmon, TCPmon, BinText, Java Decompiler,
oits
es, OCTAVE.
Experts : No
: No
tion? : No
: No
Back
M/s IBM India Private Limited
IBM India Pvt. Ltd
No.12, Subramanya Arcade, Bannerghatta Road, Bangalore, Karnataka - 560029, India

 Network security audit (Y/N) - Yes
 Web-application security audit (Y/N) - Yes
 Wireless security audit (Y/N) - Yes

Govt. :
PSU :
Private :
* We have some more projects, as we are under NDA, we cannot
moment
handled by them)
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
and Global 8000+
No. Name of Employee <organization> Information Security Information security
1 Mreetyunjaya Daas 3 Years 9 Months 10 + Years CEH

2 DevdattaMulgund 1 Year 10 Months 7+ Years CISSP
3 Ravindra Singh Rathore 1 Year 8 Months 5+ Years CEH
4 SanketBhogale 1 Year 9 Months 10+ Years CISSP
5 Ankit Tripathi 1 Year 8 Months 4+ Years
1. CEH
2. ISO 27001-2013
6 Mohit Jain 4 Months 10 + Years
3. ECSA
7 Saurabh Kumar 1 Year 8 Months 5+ Years CEH

g Organization:
aka - 560029, India
: 2000
)
Yes
Yes
Yes
Yes
hs:
: 0
: 0
: 3*
rojects, as we are under NDA, we cannot furnish at this
n Security Audits done : 15+

10
udits:
6
6
0
0
350+
India 500+
and Global 8000+
security audits in Government and Critical sector
CEH
CISSP
CEH
CISSP
1. CEH
2. ISO 27001-2013
3. ECSA
CEH
project value.
Vulnerability Management for one of the largest Telco Network Operator in India
Project:
Vulnerability management for one of the largest Telco network operator (Client) in India with a
160 million customers.IBM as an IT security service provider manages the security Asse
Vulnerability management lifecycle for Client Applications and Network infrastructure compone
Service Offerings:
1. External Penetration Testing: 150 IP's, Frequency: Half Yearly
2. Internal Penetration Testing: 1500 IP's, Frequency: Half Yearly
3. Application Penetration Testing : 48 URL's, Frequency: Half Yearly
4. Internal Vulnerability Assessment: 11000 IP's, Frequency: Half Yearly
Key Activities:
1. Perform bi-annual Application Security Assessment on all client applications
2. Perform application security assessment of new applications before pro
deployment
3. Perform Network Penetration testing and Vulnerability assessment of d
assets
4. Track and govern the closure of issues within defined timeframe. Gui
development and network team for closure
Highlights:
1. Project team performed review of current set-up and validated the sc
Security Assessment activities. It included Applications and network infrast
2. Defined the periodicity or recurring activities and scope of non-period
activities
3. Performed security assessment of applications and network assets in scope.
4. Delivered the report to relevant recipients including development team
security team
5. Document and track the status of issues. Govern the application team for cl
in defined timeframe. Conducted meetings and knowledge transfer sessions with
team to guide them for issue closure
6. Re-test the closure of issues and certify them for go ahead
Free
ware
:
1. Metasploit: Penetration Testing Framework
2. NMAP : Port scanner
3. RAT : Router and firewall benchmarking
4. Wireshark - Protocol analyzer
5. MBSA : Windows security assessment
6. Nikto : Web Applications security
7. SNMPWalk : Router and network management
8. CAIN &Able : Traffic sniffing and Password cracking
9. Brutus : Password cracking
10. JohntheRipper : Password cracking
11. W3AF: Application auditing framework
12. Maltego: Intelligence and forensics application.
13. Unicornscan: Port Scanner and Information gathering.
14. Aircrack
Commercial:
1. Nessus : Network Vulnerability Assessment
2. IBM Appscan : Web Systems & Applications security
3. BurpsuiteProfessional : Web Systems & Applications security
4. Nipper Studio : Network Device Configuration Review
Proprietary Tools:
1. Windows server Security assessment scripts
2. Unix/Linux/AIX server security assessment scripts
3. Oracle security assessment scripts
4. MSSQL security assessment scripts
5. ASP and Java Scripts : Web application assessment

12. Whether organization is a subsidiary of any foreign based organization? : Yes If yes
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York 1050
States
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York 1050
States
*Information as provided by IBM India Pvt. Ltd on 2-August-2019
Ba
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.) along with
project value.
Vulnerability Management for one of the largest Telco Network Operator in India
Project:
Vulnerability management for one of the largest Telco network operator (Client) in India with approximately
160 million customers.IBM as an IT security service provider manages the security Assessment and
Vulnerability management lifecycle for Client Applications and Network infrastructure components.
Service Offerings:
1. External Penetration Testing: 150 IP's, Frequency: Half Yearly
2. Internal Penetration Testing: 1500 IP's, Frequency: Half Yearly
3. Application Penetration Testing : 48 URL's, Frequency: Half Yearly
4. Internal Vulnerability Assessment: 11000 IP's, Frequency: Half Yearly
Key Activities:
1. Perform bi-annual Application Security Assessment on all client applications
2. Perform application security assessment of new applications before production
deployment
3. Perform Network Penetration testing and Vulnerability assessment of defined network
assets
4. Track and govern the closure of issues within defined timeframe. Guide the
development and network team for closure
Highlights:
1. Project team performed review of current set-up and validated the scope for
Security Assessment activities. It included Applications and network infrastructure assets
2. Defined the periodicity or recurring activities and scope of non-periodic ad-hoc
activities
3. Performed security assessment of applications and network assets in scope.
4. Delivered the report to relevant recipients including development team and client
security team
5. Document and track the status of issues. Govern the application team for closure of issues
in defined timeframe. Conducted meetings and knowledge transfer sessions with development
team to guide them for issue closure
6. Re-test the closure of issues and certify them for go ahead

Freeware : 14
Commercial : 4
Proprietary : 5
Total Nos. of Audit Tools : 23
1. Metasploit: Penetration Testing Framework
2. NMAP : Port scanner
3. RAT : Router and firewall benchmarking
4. Wireshark - Protocol analyzer
5. MBSA : Windows security assessment
6. Nikto : Web Applications security
7. SNMPWalk : Router and network management
8. CAIN &Able : Traffic sniffing and Password cracking
9. Brutus : Password cracking
10. JohntheRipper : Password cracking
11. W3AF: Application auditing framework
12. Maltego: Intelligence and forensics application.
13. Unicornscan: Port Scanner and Information gathering.
14. Aircrack
Commercial:
1. Nessus : Network Vulnerability Assessment
2. IBM Appscan : Web Systems & Applications security
3. BurpsuiteProfessional : Web Systems & Applications security
4. Nipper Studio : Network Device Configuration Review
Proprietary Tools:
1. Windows server Security assessment scripts
2. Unix/Linux/AIX server security assessment scripts
3. Oracle security assessment scripts
4. MSSQL security assessment scripts
5. ASP and Java Scripts : Web application assessment
10. Outsourcing of Project to External Information Security Auditors / Experts : No ( If yes, kindly provide
12. Whether organization is a subsidiary of any foreign based organization? : Yes If yes, give details
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York 10504-1722, United
States
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York 10504-1722, United
States
*Information as provided by IBM India Pvt. Ltd on 2-August-2019
Back
M/s ProgIST Solutions LLP
M/s ProgIST Solutions LLP,
102, B3 Wing, Rosa Gardenia, Kasarvadavli, Ghodbunder Road, B
Thane – West, 400615
2. Carrying out Information Security Audits since : May 2017
 Information security policy revi=ew and assessment against best security practices
 Information Security Testing
 Process Security Testing
 Internet Technology Security Testing
 Communications Security Testing
 Application security testing
 Wireless Security Testing
 Physical Access Controls & Security Testing
 Network Security Testing
 Software Vulnerability Assessment
 Penetration Testing

Govt. : 0
PSU : 0
Private : 20+
handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 3
CISAs : 1
CEH : 8
CISE :
CHFI : 1
CIPR : 1
C-CTIA : 2
C-ATPA : 2
ECSA : 1
curity Auditing Organization :

tions LLP,
Gardenia, Kasarvadavli, Ghodbunder Road, Behind HyperCity,
15
: May 2017
quired)
nt against best security practices
Months :
: 0
: 0
: 20+
ation Security Audits done : 20+
4+
50+
1
3
ity audits :
Ashlesha Bhagat CCNA, Certified Cyber

Threat Intelligence Analyst,
Certified APT Analyst
Dec 2017 3.2 years
Suman Sinha July 2018 2.5 years CEH, CND
BinalKathiriya Feb 2017 1.6 years CEH, CND
Deepak Bhatt Sept 2017 1.10 years CEH
Suraj Mulik Sept 2017 7.5 years CISE
Jagdish Sahu
CISP, ISMS – Lead

Implementer Professional
Sept 2018 6 years

BharadwajaMaringanti Feb 2018 6+ years CEH, CCNA
Gurpreet Sandhu Jun 2018 3+ years CHFI, CIPR, CEH
Chaithanya Rao May 2017 11+ years CEH, CISSP
Bhavin Bhansali July 2017 21 years CISA
Mohit Kalmetar CISEH, BSI PCI DSS
Sept 2017 3.5 years Implementation Training
SadichhaSapkal Certified Cyber Threat

July 2017 6.5 years Intelligence Analyst,
Certified APT Analyst.
Savio Fernandes Oct 2017 10.8 years ECSA, CEH
Ronak Bhojani Jan 2018 1.5 years CEH, CISC, CPFA
SiddheshRane July 2018 0.5+ years ISMS Lead Auditor
project value.
Project Volume Complexity Location Project Value
Banking Application Core Channel Banking Critical internet facing Mumbai XX,XX,XXX
application
DDOS Simulation Drill 1 GBPS Critical network Mumbai XX,XX,XXX
HR portal VAPT review 6 roles and 20 Critical HR application Mumbai X,XX,XXX

modules
Vendor Risk assessment 50 Critical vendors India XX,XX,XXX

servicing customer data

NMAP, BURSUITE, NESSUS, RAPID7 NEXPOSE, METASPLOIT, SQLMAP, KALI LINUX, SIFT WOR
ENCASE, FTK, W3AF, ACUNETIX, NETSPARKER, WIRESHARK, RAINBOW TABLES, AIRCRACK-N
SCUBA DB VA SCANNER, ELK, ONAPSIS, REDLINE, IDA, SNORT, CAIN & ABLE, ZAP, TCPDUMP
KIT, SQLNINJA, BeEF, SYSINTERNALS, OPENVAS, NAGIOS, ETTERCAP, MALTEGO.


*Information as provided by ProgIST Solutions LLP on 06/August/2019
Bac
ns related to
security
fied Cyber
ligence Analyst,
T Analyst
– Lead
r Professional
CEH
PCI DSS
tion Training
ber Threat
Analyst,
T Analyst.
CPFA
Auditor
, complexity, locations etc.) along with
proprietary):
AP, KALI LINUX, SIFT WORKSTATTION,
BOW TABLES, AIRCRACK-NG, NETCAT,
IN & ABLE, ZAP, TCPDUMP, CANVAS, SET
AP, MALTEGO.
erts : No ( If yes, kindly
: No
n? : No If yes, give details
: No
19
Back
M/s XYSec Labs Private Limited
Xysec Labs Private Limited (Appknox), Location - Bangalor

 Wireless security audit : (N)
 Compliance audits (ISO 27001, PCI, etc.) : (N)
4. Information Security Audits carried out in the last 12 Months:

Govt. :
PSU :
Private :
5. Number of audits in the last 12 months, category-wise (Organization can add categories bas
handled by them)
Network security audit : NA
Wireless security audit : NA
Compliance audits (ISO 27001, PCI, etc.) : NA

CISSPs : 2
BS7799 / ISO27001 LAs :
0
CISAs : 2
0
DISAs / ISAs :
Any other information security qualification : -
9
organizations (attach Annexure if required) - NOT APPLICABLE FOR US.
No. <organizatio n> Security Information security
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations, etc
project value.
Unilever Mobile Application Security Testing 550 Mobile Applications VAPT.
Project Value - 1.5 Crore INR.
Location - Unilever Industries. Tower A. The Business Precinct. Prestige Shantiniketan, Bangalore, I
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary): Appknox (pro
Suite(commercial), Open-source Tools: nmap, radamsa, metasploit, ILspy, Dnspy, Frida

12. Whether organization is a subsidiary of any foreign based organization? : Yes If yes
Subsidiary of Singapore Registered company - Xysec Labs Pte Ltd. Complete Management Team sits
of Bangalore, India.
13. Locations of Overseas Headquarters/Offices, if any : Yes, Singa

Headquarter.
*Information as provided by Xysec Labs Private Limited on 29th July 2019
Bac
ation :
, Location - Bangalore, India
: 2014
Y)
)
)
)
: 10
: 45
: 320
one : 260
an add categories based on project
2
0
2
0
-
9
mplexity, locations, etc.) along with
ntiniketan, Bangalore, India.
prietary): Appknox (proprietary), Burp

nspy, Frida
s : No ( If yes, kindly
: Yes
: Yes If yes, give details
Management Team sits and works out
: Yes, Singapore is
Back
M/s Recon Business Advisory Pvt. Ltd.
Recon Business Advisory Pvt. Ltd.
4. Information Security Audits carried out in the last 12 Months:

Govt. :
PSU :
5. Number of audits in the last 12 months, category-wise (Organization can add categories bas
handled by them)
CISSPs : 2
BS7799 / ISO27001 LAs : 3
CISAs : 2
DISAs / ISAs : 0
Any other information security CEH -
qualification
: 16
S. No. Name of Duration with Experience in Qualifications related
Employee <organization> Information Security toInformation security
Ankush Batra
1 6 years 6 years CEH
Navdeep Singh
2 2 years 2 years CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations, etc
project value.
SHARECHAT – VAPT, N/W Audit, ISO Certification, Bangalore – 36 Lakh.

Burp Suite, Nessus, Kali, Shortname scanner, DIRBuster, SQLMap, M/S Office etc.,
*Information as provided by < Recon Business Advisory Pvt. Ltd.> on <23/12/2019>
Bac
-Top-
-In empanelled Information Security
anization :
: 2011
(Y)
(Y)
(Y)
(Y)
: 85
: 34
ts done : 199
3
85
1
2
2
3
2
0
-
16
, complexity, locations, etc.) along with
Lakh.
proprietary):
, M/S Office etc.,
erts : No
: No
n? : No
: No
<23/12/2019>
Back

Empanel Org

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Empanel Org

Загружено:

Авторское право:

Доступные форматы

EMPANELLED INFORMATION SECURITY AUDITING ORGANISATIONS by CERT-In

1. M/s AAA Technologies Pvt Ltd

2. M/s AUDITime Information Systems (I) Ltd.

3. M/s AKS Information Technology Services Pvt Ltd

4. M/s Aujas Networks Pvt Ltd

5. M/s AGC Networks

6. M/s ANB Solutions Pvt. Ltd

7. M/s ALLIED BOSTON CONSULTANTS INDIA PVT. LTD.

8. M/s AQM Technologies PvtLtd.

9. M/s BDO India LLP

10. M/s Briskinfosec Technology and Consulting Pvt. Ltd.

11. M/s BHARAT ELECTRONICS LIMITED

12. M/s CMS IT Services Pvt. Ltd.

13. M/s Cyber Q Consulting Pvt Ltd.

14. M/s Control Case International Pvt Ltd

15. M/s Centre for Development of Advance Computing (C-DAC),

16. M/s Cyber Security Works Pvt. Ltd.

17. M/s Cigital Asia Pvt Ltd

18. M/s CyberRoot Risk Advisory Pvt. Ltd.

19. M/s Code Decode Labs Pvt. Ltd.

20. M/s Crossbow Labs LLP

21. M/s CyRAAC Services Private Limited

22. M/s Deccan Infotech Pvt. Ltd.

23. M/s Digital Age Strategies Pvt. Ltd.

24. M/s Deloitte Touche Tohmatsu India Limited Liability Partnership*

25. M/s Ernst & Young Pvt Ltd

26. M/s Esec Forte Technologies Pvt Ltd

27. M/s e.com Infotech I Ltd

28. M/s Finest Minds Infotech Pvt Ltd

29. M/s Grant Thornton India LLP

30. M/s HCL Comnet Ltd

31. M/s Haribhakti & Company LLP, Chartered Accountants

32. M/s HKIT Security Solutions

33. M/s isec Services Pvt. Ltd

34. M/s Indusface Pvt. Ltd

35. M/s Imperium Solutions

37. M/s Kochar Consultants Private Limited

38. M/s KPMG

39. M/s LTI (A Larsen & Toubro Group Company)

40. M/s Lucideus Tech Private Limited

41. M/s Locuz Enterprise Solutions Ltd

42. M/s Mahindra Special Services Group

44. M/s Maverick Quality Advisory Services Private Limited

45. M/s Mirox Cyber Security & Technology Pvt Ltd

46. M/s Netmagic IT Services Pvt. Ltd

47. M/s Network Intelligence India Pvt Ltd

48. M/s Net-Square Solutions Pvt. Ltd.

49. M/s Netrika Consulting Pvt Ltd.

50. M/s NSEIT Ltd.

51. M/s Paladion Networks

52. M/s PricewaterhouseCoopers Pvt Ltd

53. M/s Payatu Technologies Pvt. Ltd.

54. M/s Panacea InfoSec Pvt Ltd.

55. M/s Protiviti India Member Private Limited

56. M/s Pyramid Cyber Security & Forensic Pvt. Ltd.

57. M/s ProgIST Solutions LLP

58. M/s Qadit Systems & Solutions (P) Ltd.

59. M/s Qseap InfoTech Pvt Ltd

61. M/s Recon Business Advisory Pvt. Ltd.

64. M/s Sysman Computers Pvt Ltd

65. M/s SISA Information Security Pvt Ltd

66. M/s STQC Directorate

67. M/s Suma Soft Pvt. Ltd.